Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.Patched.29806.7109.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win32.Patched.29806.7109.exe
Analysis ID:	1409007
MD5:	cf15ed86315ab1a94996fb69ef157005
SHA1:	92dfe7452e0a21e6b5da69f386603080eca9d7eb
SHA256:	175eb4505659184198a6dacaf5c52bf80c9b10f168b081a07e3457058cc51e89
Tags:	exe
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Generic Python Ransomware

Found many strings related to Crypto-Wallets (likely being stolen)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Win32.Patched.29806.7109.exe (PID: 6876 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe MD5: CF15ED86315AB1A94996FB69EF157005)

SecuriteInfo.com.Win32.Patched.29806.7109.exe (PID: 6896 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe MD5: CF15ED86315AB1A94996FB69EF157005)

cmd.exe (PID: 5812 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 1188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 3616 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 2500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 5804 cmdline: C:\Windows\system32\cmd.exe /c fsutil sparse setflag "C:\Users\user\Desktop\electrum_data\blockchain_headers" 1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

fsutil.exe (PID: 3140 cmdline: fsutil sparse setflag "C:\Users\user\Desktop\electrum_data\blockchain_headers" 1 MD5: 452CA7574A1B2550CD9FF83DDBE87463)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: SecuriteInfo.com.Win32.Patched.29806.7109.exe PID: 6896	JoeSecurity_GenericPythonRansomware	Yara detected Generic Python Ransomware	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3555808606.000000006A670000.00000004.00000001.01000000.0000002A.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_437c4112-0

Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DEBUG_STRIPPED

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\electrum\plugins\payserver\www\vendor\jquery-ui-themes-1.12.1\LICENSE.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\electrum\plugins\revealer\LICENSE_DEJAVU.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\electrum\plugins\revealer\SIL Open Font License.txt	Jump to behavior

Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe

Static PE information: certificate valid

Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbDD source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699116063.0000000000C86000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698737621.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3552206505.00000000694A3000.00000002.00000001.01000000.00000035.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697709722.0000000000C88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\x86ret\bin\i386\\msvcp140_1.i386.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1672155859.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3559581415.000000006BAA1000.00000020.00000001.01000000.00000022.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697443975.0000000000C88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_wasapi.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696552484.0000000000C88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_wasapi.pdb++" source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696552484.0000000000C88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3560059190.000000006BF24000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_decimal.pdb%% source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3565095672.000000006E3C2000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699116063.0000000000C86000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698317093.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3552751498.0000000069514000.00000002.00000001.01000000.00000033.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697909092.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3553194207.0000000069535000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7mupx30s\src\rust\target\i686-pc-windows-msvc\release\deps\cryptography_rust.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3563103148.000000006C7A4000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_queue.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3566802453.000000006F833000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698889410.0000000000C88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\python310.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3564515928.000000006CF34000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\bearer\qgenericbearer.pdb"" source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697199492.0000000000C88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_overlapped.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3566422653.000000006F815000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\sqlite3.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3561745530.000000006C341000.00000002.00000001.01000000.0000001E.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698162870.0000000000C88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb!! source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697909092.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3553194207.0000000069535000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_sqlite3.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3562034683.000000006C379000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3563103148.000000006C7A4000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699519349.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3551072342.00000000693B7000.00000002.00000001.01000000.0000003A.sdmp
Source:	Binary string: &}lalgorpublic_keyX509_PUBKEYcrypto\x509\x_pubkey.cx509_pubkey_ex_new_exx509_pubkey_ex_d2i_exDERX509_PUBKEY_setx509_pubkey_decodeX509_PUBKEY_get0X509_PUBKEY_getPrivateKeyInfodo_pk8pkeycrypto\pem\pem_pk8.cd2i_PKCS8PrivateKey_bioENCRYPTED PRIVATE KEYPRIVATE KEYpem_read_bio_key_decodercrypto\pem\pem_pkey.cANY PRIVATE KEYPARAMETERSpem_read_bio_key_legacyPEM_write_bio_PrivateKey_traditional%s PRIVATE KEYtype-specificcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.2.1built on: Fri Feb 16 00:14:00 2024 UTCplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "C:\Program Files (x86)\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files (x86)\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3563103148.000000006C7A4000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\pyexpat.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3567006629.000000006F85F000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: lblobi2d_providedcrypto\asn1\i2d_evp.ci2d_PrivateKeycrypto\passphrase.cossl_pw_set_passphraseossl_pw_set_pem_password_cbossl_pw_set_ossl_passphrase_cbossl_pw_set_ui_methoddo_ui_passphrasepass phraseossl_pw_get_passphrasePrompt info data type incorrectNo password method specifiedPVKcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllcrypto\initthread.cOPENSSL_ia32capp? source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3563103148.000000006C7A4000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb"" source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698317093.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3552751498.0000000069514000.00000002.00000001.01000000.00000033.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\python3.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3550916655.0000000010000000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_windows.pdb(( source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696877063.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696823107.0000000000C88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3564030118.000000006CB54000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\select.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3567231236.000000006F873000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\bearer\qgenericbearer.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697199492.0000000000C88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb"" source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697443975.0000000000C88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbU source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3560059190.000000006BF24000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_asyncio.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3566609369.000000006F827000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_decimal.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3565095672.000000006E3C2000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdbTT source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698495365.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3552434786.0000000069506000.00000002.00000001.01000000.00000034.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\unicodedata.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3563457421.000000006C9CC000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_windows.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696877063.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696823107.0000000000C88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698495365.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3552434786.0000000069506000.00000002.00000001.01000000.00000034.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699312188.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3551301360.00000000693D3000.00000002.00000001.01000000.00000039.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_socket.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3567447950.000000006F888000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libEGL.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1688256246.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3554291265.0000000069FB3000.00000002.00000001.01000000.0000002E.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 1.1.1t 7 Feb 2023built on: Thu Feb 9 15:27:35 2023 UTCplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "C:\Program Files (x86)\OpenSSL\lib\engines-1_1"not available source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3564030118.000000006CB54000.00000002.00000001.01000000.00000011.sdmp

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 0_2_00408F20 FindFirstFileExW,FindClose,		0_2_00408F20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_00408F20 FindFirstFileExW,FindClose,		2_2_00408F20

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\audio\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\bearer\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\	Jump to behavior

Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543678133.0000000003CF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.../back.jpeg
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1821392119.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1769676147.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1796126447.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1799437386.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1780063226.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1773045537.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1749986367.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1767754138.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1805050969.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1763692486.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1792408282.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1796103622.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1786718277.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1804999359.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1751347454.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1814590663.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1773065571.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1753795626.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1751363749.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1758186181.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1761141855.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.jqueryui.com/category/theming/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542697776.00000000036E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://bugs.python.org/issue1230540
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1685146112.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiC
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702946052.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1674032284.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679412385.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1683508323.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702301378.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1688314579.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697250264.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697199492.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698933269.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679362249.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1701792452.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1683435047.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1675169264.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698889410.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1688256246.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698162870.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702716593.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696877063.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1675169264.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1674032284.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679412385.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697199492.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679362249.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698889410.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698162870.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696877063.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1675169264.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697963952.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1676214335.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698351299.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702946052.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698784942.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1701344824.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702480711.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699312188.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698737621.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1678777556.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697709722.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702946052.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1674032284.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702301378.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1688314579.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697250264.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697199492.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698933269.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679362249.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1701792452.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1675169264.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1688256246.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702716593.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696877063.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1676214335.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699360304.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698351299.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702946052.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1701344824.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1682000206.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1674032284.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1878428289.00000000031F2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1879559468.0000000002F14000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1878559946.0000000002F14000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1879410565.0000000002F3D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577916/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1748343252.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1748326006.0000000000C87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://creativecommons.org/publicdomain/zero/1.0/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822600547.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697250264.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697199492.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679362249.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698889410.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1675169264.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697963952.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1676214335.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698351299.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702946052.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698784942.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702480711.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699312188.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698737621.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697709722.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1677826712.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699519349.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1677865981.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698495365.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699543285.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702946052.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1674032284.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679412385.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1683508323.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702301378.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1688314579.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697250264.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697199492.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698933269.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679362249.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1701792452.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1683435047.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1675169264.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1688256246.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698162870.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702716593.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696877063.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1675169264.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696877063.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697963952.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1682000206.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1681949738.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-a
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702946052.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1674032284.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679412385.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1683508323.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697199492.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679362249.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1683435047.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698889410.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698162870.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696877063.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1675169264.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697963952.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1676214335.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698351299.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702946052.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698784942.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1701344824.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702480711.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699312188.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702946052.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1674032284.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702301378.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1688314579.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697250264.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697199492.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698933269.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679362249.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1701792452.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1675169264.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1688256246.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702716593.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696877063.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1676214335.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699360304.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698351299.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702946052.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1701344824.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1682000206.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1674032284.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702946052.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1674032284.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679412385.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1683508323.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702301378.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1688314579.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697250264.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697199492.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698933269.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679362249.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1701792452.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1683435047.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1675169264.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698889410.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1688256246.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698162870.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702716593.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696877063.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1675169264.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702946052.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1674032284.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679412385.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1683508323.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697199492.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679362249.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1683435047.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698889410.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698162870.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696877063.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1675169264.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697963952.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1676214335.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698351299.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702946052.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698784942.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1701344824.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702480711.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699312188.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702946052.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1674032284.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702301378.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1688314579.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697250264.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697199492.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698933269.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679362249.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1701792452.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1675169264.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1688256246.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702716593.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696877063.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1676214335.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699360304.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698351299.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702946052.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1701344824.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1682000206.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1674032284.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1895376844.000000000331D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf);
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3541627817.0000000002FF0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822030201.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dejavu.sourceforge.net/wiki/index.php/License
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822030201.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dejavu.sourceforge.net/wiki/index.php/Licensehttp://dejavu.sourceforge.net/wiki/index.php/Lic
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1921471224.0000000003E9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.electrum.org/r
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542607867.0000000003640000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542213988.00000000033E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/library/itertools.html#recipes
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543851792.0000000003FD3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://en.wikipede
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542213988.00000000033E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/ActiveState/appdirs
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891003827.0000000003378000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.0000000003375000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1892334211.0000000003378000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891003827.0000000003378000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/mail
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1892334211.000000000335C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/mail/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.0000000003375000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1892334211.0000000003378000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891003827.0000000003378000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.0000000003375000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3540967311.0000000000879000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1892334211.0000000003378000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891003827.0000000003378000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://httpbin.org/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.000000000331D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891579280.000000000331D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1895376844.000000000331D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://httpbin.org/post
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1748197226.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1748213876.0000000000C87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jacek.jedrzejewski.name)
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1821392119.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1769676147.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1796126447.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1799437386.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1780063226.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1773045537.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1749986367.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1767754138.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1805050969.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1763692486.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1792408282.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1796103622.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1786718277.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1804999359.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1751347454.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1814590663.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1773065571.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1753795626.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1751363749.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1758186181.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1761141855.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jquery.org/license
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1821392119.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1749721154.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1769676147.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1767561669.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1782407679.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1796126447.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1799437386.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1780063226.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1775184828.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1821152843.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1765432851.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1773045537.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1751192021.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1749986367.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1750185245.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1769494179.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1767754138.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1805050969.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1795911835.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1763692486.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1792408282.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1748197226.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1748213876.0000000000C87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/about
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1749986367.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1749309140.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1749290929.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1749939373.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?bgShadowXPos=&bgOverlayXPos=&bgErrorXPos=&bgHighlightXPos=&bgConten
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1751192021.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1751347454.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1751363749.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1751174399.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Arial%2CHelvetica%2Csans-serif&fsDefault=1em&fwDefault=no
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1755343234.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1755614063.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Arial%2Csans-serif&fwDefault=bold&fsDefault=1.1em&cornerR
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1763692486.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1763451882.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1763673008.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1763431788.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Arial%2Csans-serif&fwDefault=bold&fsDefault=1.3em&cornerR
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1805050969.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1804999359.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1804704266.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1804730472.0000000000C87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Georgia%2CVerdana%2CArial%2Csans-serif&fwDefault=bold&fsD
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1773045537.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1772246536.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1773065571.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1772197886.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Gill%20Sans%2CArial%2Csans-serif&fwDefault=bold&fsDefault
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1769676147.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1769494179.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Helvetica%2CArial%2Csans-serif&fwDefault=bold&fsDefault=1
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1821392119.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1775184828.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1821152843.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1775371549.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Helvetica%2CArial%2Csans-serif&fwDefault=normal&fsDefault
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1765432851.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1789115226.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1758005243.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1758186181.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1789410273.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1777644554.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1765797630.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1757983294.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1758167117.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1777474778.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1765453669.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1765774631.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Lucida%20Grande%2CLucida%20Sans%2CArial%2Csans-serif&fwDe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1802104747.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1802329035.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1810270232.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1810048169.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1802129205.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1802352514.0000000000C87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Segoe%20UI%2CArial%2Csans-serif&fwDefault=bold&fsDefault=
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1780063226.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1779714584.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1807548191.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1807754519.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1779658379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1780114222.0000000000C87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Segoe%20UI%2CHelvetica%2CArial%2Csans-serif&fwDefault=bol
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1782407679.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1782733524.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Trebuchet%20MS%2CHelvetica%2CArial%2Csans-serif&fwDefault
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1786718277.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1814590663.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1786428429.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1786455433.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1786694345.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1814250095.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Trebuchet%20MS%2CTahoma%2CVerdana%2CArial%2Csans-serif&fw
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1799437386.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1792408282.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1753795626.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1760813864.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1761141855.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1799413081.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1753773406.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1799174464.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1799150347.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1753588012.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1792127183.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1753564833.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Verdana%2CArial%2Csans-serif&fwDefault=normal&fsDefault=1
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1767561669.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1796126447.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1767754138.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1795911835.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1796103622.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1767537923.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1767775056.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1795890367.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=segoe%20ui%2CArial%2Csans-serif&fwDefault=bold&fsDefault=
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mynode.local:3002/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702946052.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1674032284.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679412385.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1683508323.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702301378.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1688314579.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697250264.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697199492.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698933269.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679362249.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1701792452.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1683435047.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1675169264.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698889410.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1688256246.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698162870.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702716593.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696877063.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1675169264.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1674032284.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679412385.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697199492.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679362249.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698889410.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698162870.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696877063.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1675169264.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697963952.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1676214335.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698351299.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702946052.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698784942.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1701344824.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702480711.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699312188.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698737621.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1678777556.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697709722.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702946052.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1674032284.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702301378.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1688314579.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697250264.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697199492.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698933269.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679362249.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1701792452.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1675169264.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1688256246.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702716593.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696877063.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1676214335.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699360304.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698351299.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702946052.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1701344824.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1682000206.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1674032284.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822600547.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3541718331.0000000003090000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://python.org/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822550374.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822798706.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822600547.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822600547.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sc.symcb.com/sc.crl0W
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822550374.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822798706.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822600547.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822600547.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sc.symcb.com/sc.crt0
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822550374.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822798706.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822600547.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822600547.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sc.symcd.com0&
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1821823243.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/questi
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1821823243.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/questi---
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1821823243.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1821879495.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/questions/18729405/how-to-convert-utf8-string-to-byte-array
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1747616779.0000000000C90000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1747674346.0000000000C90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/questions/29186154/chrome-clicking-mailto-links-closes-websocket-connection
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3546927688.0000000004730000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/questions/5176691/argparse-how-to-specify-a-default-subcommand
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3541718331.0000000003090000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822600547.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822600547.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822600547.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1870663174.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1871139889.0000000002EE6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543851792.0000000003DB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comhttp://www.fontbureau.com/designersNormalNormaaliNormalNorm
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1870663174.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1871139889.0000000002EE6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543851792.0000000003FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3540967311.0000000000879000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/Microsoft
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542697776.00000000036E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.lincolnloop.com
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1830890449.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696316170.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.openssl.org/V
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1870663174.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1871139889.0000000002EE6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822550374.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822600547.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/cps0(
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822550374.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822600547.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/rpa04
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.0000000003375000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1892334211.0000000003378000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wwwsearch.sf.net/):
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1893873907.0000000003DD1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xmr.link
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.0000000003375000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1892334211.0000000003378000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891003827.0000000003378000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://yahoo.com/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://3xpl.com/bitcoin/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1746876620.0000000000C87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://EditorConfig.org
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3546846006.00000000046F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.trustedcoin.com/#/electrum-help
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1840141986.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3550361040.0000000005A60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.trustedcoin.com/2/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blockchain.com/btc/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blockchair.com/bitcoin/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blockstream.info/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blockstream.info/testnet/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://btc.bitaps.com/r
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://btc.com/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542882830.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891579280.000000000330E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bugs.python.org/issue37179
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542697776.00000000036E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.python.org/issue42130
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3562441441.000000006C3BA000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chainflyer.bitflyer.jp/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3563103148.000000006C7A4000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1893873907.0000000003DD1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cryptoname.co/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822550374.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822600547.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822550374.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822600547.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543678133.0000000003CF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.1.4.1
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1740588098.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1740623655.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://digitalbitbox.com/smartverification/index.php
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542882830.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891579280.000000000330E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.aiohttp.org/en/stable/client_advanced.html#proxy-support
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1880110113.0000000003202000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542213988.00000000033E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1881565761.000000000322D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/re.html
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1880110113.0000000003202000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/re.html#re.sub
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891579280.000000000330E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543243136.0000000003A10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/ssl.html#ssl.OP_NO_COMPRESSION
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1921471224.0000000003E9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://electrum.org
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ex.signet.bublina.eu.org/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://explorer.bc-2.jp/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542165002.00000000033A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543147586.0000000003980000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1742907613.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1742888863.0000000000C87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Blockstream/Jade)
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1742907613.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1742888863.0000000000C87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Blockstream/Jade/releases/tag/0.1.37).
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3550304032.0000000005A20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ColinDuquesnoy/QDarkStyleSheet/issues/200
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1746345465.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1746383785.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/LedgerHQ/ledgercomm/blob/bc5ada865980cb63c2b9b71a916e01f2f8e53716/ledgercomm/inte
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.0000000003375000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1892334211.0000000003378000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891003827.0000000003378000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3540967311.0000000000879000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1863040306.0000000000914000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1862588931.0000000000914000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1863349120.0000000000914000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542882830.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891579280.000000000330E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/aio-libs/aiohttp/discussions/6044
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1836788366.0000000000C89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/archos-safe-t/python-safet
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543632767.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/bitcoin-core/HWI/blob/5f300d3dee7b317a6194680ad293eaa0962a3cc7/hwilib/key.py
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543678133.0000000003CF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/bitcoin/bitcoin/blob/8cbc5c4be4be22aca228074f087a374a7ec38be8/src/script/script.h
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3545225242.00000000041B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/btcsuite/btcd/blob/fdc2bc867bda6b351191b5872d2da8270df00d13/txscript/scriptbuilde
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1748343252.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1748326006.0000000000C87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/jquery-ui
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1744748979.0000000000C89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/keepkey/python-keepkey
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543802712.0000000003D70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/keis/base58
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3545225242.00000000041B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pyca/cryptography/issues
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3563103148.000000006C7A4000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://github.com/pyca/cryptography/issues/8996
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3563103148.000000006C7A4000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://github.com/pyca/cryptography/issues/9253
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542213988.00000000033E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/packaging
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1895376844.00000000031C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pyparsing/pyparsing/wiki
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.000000000331D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891579280.000000000331D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1895376844.000000000331D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python-attrs/attrs/issues/136
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.000000000331D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891579280.000000000331D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1895376844.000000000331D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python-attrs/attrs/issues/428
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1863349120.0000000000914000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3540967311.0000000000879000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1863040306.0000000000914000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1862588931.0000000000914000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1863349120.0000000000914000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542697776.00000000036E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/issues/86296
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542882830.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891579280.000000000330E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/pull/28073
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543147586.0000000003980000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/romis2012/aiohttp-socks/issues/27
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543243136.0000000003A10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/romis2012/python-socks
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3546846006.00000000046F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1919458192.0000000003E9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/satoshilabs/slips/blob/master/slip-0039.md.
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/scott-griffiths/bitstring
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3545225242.00000000041B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/spesmilo/electrum
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543802712.0000000003D70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/spesmilo/electrum/issues
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1841824249.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/spesmilo/electrum/issues/6971)).
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1744484749.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1744411578.0000000000C89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/spesmilo/electrum/issues/7779
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3540967311.0000000000879000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1863040306.0000000000914000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1862588931.0000000000914000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1863349120.0000000000914000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1836184924.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/trezor/trezor-common/blob/44dfb07cfaafffada4b2ce0d15ba1d90d17cf35e/protob/types.p
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1837852595.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/trezor/trezor-firmware/issues/1167
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1838485058.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1836872184.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1836788366.0000000000C89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/trezor/trezor-mcu/pull/306
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.000000000331D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891003827.000000000335C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1895376844.000000000331D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1892334211.000000000335C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.0000000003375000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3540967311.0000000000879000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1892334211.0000000003378000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891003827.0000000003378000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543102136.0000000003940000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/get
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.0000000003375000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1890033485.0000000003378000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1892334211.0000000003378000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891003827.0000000003378000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/post
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://insight.bitpay.com/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1748343252.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1748326006.0000000000C87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jquery.org/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3540967311.0000000000879000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://json.org
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://live.blockcypher.com/btc-testnet/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://live.blockcypher.com/btc/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mahler:8092/site-updates.py
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mempool.emzy.de/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mempool.space/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mempool.space/signet/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mempool.space/testnet/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1893873907.0000000003DD1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://openalias.org
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://oxt.me/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1838400649.0000000000C89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/trezor/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3564515928.000000006CF34000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542165002.00000000033A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543678133.0000000003CF0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.0000000003375000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1890033485.0000000003378000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1892334211.0000000003378000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891003827.0000000003378000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://requests.readthedocs.io
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1823080241.0000000000C89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://revealer.cc/revealer-warning-and-upgrade/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1836788366.0000000000C89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://safe-t.io
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1873488031.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884412932.0000000002EDA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1868464266.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1872260409.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1870663174.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1874125303.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1875641378.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1871186479.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1880226656.0000000002EDB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1876688827.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1869198809.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1740588098.0000000000C89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shiftcrypto.ch/start
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://signet-explorer.wakiyamap.dev/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://signet.bitcoinexplorer.org/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542697776.00000000036E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/a/13624858
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1880110113.0000000003202000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1881565761.000000000322D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1893873907.0000000003DD1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://swaps.electrum.org/api
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1893873907.0000000003DD1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://swaps.electrum.org/testnet
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tbtc.bitaps.com/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://testnet.smartbit.com.au/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.000000000331D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891003827.000000000335C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1895376844.000000000331D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1892334211.000000000335C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.0000000003375000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3540967311.0000000000879000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1892334211.0000000003378000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891003827.0000000003378000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1890390070.000000000338A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1890033485.0000000003378000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1890033485.0000000003378000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3541627817.0000000002FF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/stable/v2-migration-guide.html
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.000000000331D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891003827.000000000335C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1895376844.000000000331D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1892334211.000000000335C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/html/sec-forms.html#multipart-form-data
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1838400649.0000000000C89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wallet.trezor.io
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884412932.0000000002EDA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1880226656.0000000002EDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wiki.debian.org/XDGBaseDirectorySpecification#state
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.000000000331D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891579280.000000000331D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1895376844.000000000331D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wiki.python.org/moin/DunderAlias
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543102136.0000000003940000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.attrs.org/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.blockchain.com/btc-testnet/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.blockonomics.co/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.chain.so/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689399656.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.6T6X6
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702946052.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1674032284.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679412385.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1689458044.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1683508323.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702301378.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1688314579.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697250264.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697199492.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698933269.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1679362249.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1701792452.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1683435047.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1675169264.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698889410.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1688256246.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698162870.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702716593.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696877063.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1675169264.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1744748979.0000000000C89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.keepkey.com
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.0000000003375000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1890033485.0000000003378000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1892334211.0000000003378000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891003827.0000000003378000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3541323690.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1860146769.00000000008D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542787700.0000000003770000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/dev/peps/pep-0506/
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1859499963.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1859740884.000000000090C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1859629428.0000000000909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://zopeinterface.readthedocs.io/en/latest/

Spam, unwanted Advertisements and Ransom Demands

Yara detected Generic Python Ransomware

Source: Yara match

File source: Process Memory Space: SecuriteInfo.com.Win32.Patched.29806.7109.exe PID: 6896, type: MEMORYSTR

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 0_2_00409949	0_2_00409949
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 0_2_004131C0	0_2_004131C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 0_2_00410A20	0_2_00410A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 0_2_00414570	0_2_00414570
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 0_2_004095E6	0_2_004095E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 0_2_004095E6	0_2_004095E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 0_2_0040A670	0_2_0040A670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 0_2_0040AF90	0_2_0040AF90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_00409949	2_2_00409949
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_004131C0	2_2_004131C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_00410A20	2_2_00410A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_00414570	2_2_00414570
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_004095E6	2_2_004095E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_004095E6	2_2_004095E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_0040A670	2_2_0040A670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_0040AF90	2_2_0040AF90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_0506C300	2_2_0506C300
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_050D9570	2_2_050D9570
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_04FFD440	2_2_04FFD440
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_050675C0	2_2_050675C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_050674EB	2_2_050674EB

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: String function: 00402ED0 appears 132 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: String function: 00402F90 appears 214 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: String function: 050DB1AD appears 75 times

Source: _overlapped.pyd.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: libzbar-0.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: libusb-1.0.dll.0.dr	Static PE information: Number of sections : 11 > 10

Source: python3.dll.0.dr

Static PE information: No import functions for PE file found

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: libffi-7.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: libcrypto-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: libssl-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: hid.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: sqlite3.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: msvcp140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: qt5gui.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: qt5widgets.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: qt5multimedia.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: qt5network.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: qt5network.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: opengl32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: glu32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: libegl.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: libglesv2.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: qt5svg.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Section loaded: wintypes.dll	Jump to behavior

Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DEBUG_STRIPPED

Source: Qt5Core.dll.0.dr	Static PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
Source: libsecp256k1-2.dll.0.dr	Static PE information: Section: .rdata ZLIB complexity 0.998304429945055

Source: classification engine

Classification label: mal52.rans.spyw.winEXE@14/875@0/1

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe

Code function: 0_2_004086F0 FormatMessageW,WideCharToMultiByte,GetLastError,

0_2_004086F0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe

Code function: 2_2_04FF6DF0 ?loadResource@QTextDocument@@MAE?AVQVariant@@HABVQUrl@@@Z,??0QVariant@@QAE@$$QAV0@@Z,??0QVariant@@QAE@$$QAV0@@Z,??1QVariant@@QAE@XZ,

2_2_04FF6DF0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe

File created: C:\Users\user\Desktop\electrum_data

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2500:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1188:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5572:120:WilError_03

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI68762

Jump to behavior

Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3561745530.000000006C341000.00000002.00000001.01000000.0000001E.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3561745530.000000006C341000.00000002.00000001.01000000.0000001E.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3561745530.000000006C341000.00000002.00000001.01000000.0000001E.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3561745530.000000006C341000.00000002.00000001.01000000.0000001E.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3561745530.000000006C341000.00000002.00000001.01000000.0000001E.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3561745530.000000006C341000.00000002.00000001.01000000.0000001E.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3561745530.000000006C341000.00000002.00000001.01000000.0000001E.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c fsutil sparse setflag "C:\Users\user\Desktop\electrum_data\blockchain_headers" 1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\fsutil.exe fsutil sparse setflag "C:\Users\user\Desktop\electrum_data\blockchain_headers" 1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c fsutil sparse setflag "C:\Users\user\Desktop\electrum_data\blockchain_headers" 1	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\fsutil.exe fsutil sparse setflag "C:\Users\user\Desktop\electrum_data\blockchain_headers" 1	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe

File opened: C:\Users\user\Desktop\pyvenv.cfg

Jump to behavior

Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe

Static file information: File size 47825152 > 1048576

Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbDD source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699116063.0000000000C86000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698737621.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3552206505.00000000694A3000.00000002.00000001.01000000.00000035.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697709722.0000000000C88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\x86ret\bin\i386\\msvcp140_1.i386.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1672155859.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3559581415.000000006BAA1000.00000020.00000001.01000000.00000022.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697443975.0000000000C88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_wasapi.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696552484.0000000000C88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_wasapi.pdb++" source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696552484.0000000000C88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3560059190.000000006BF24000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_decimal.pdb%% source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3565095672.000000006E3C2000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699116063.0000000000C86000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698317093.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3552751498.0000000069514000.00000002.00000001.01000000.00000033.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697909092.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3553194207.0000000069535000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7mupx30s\src\rust\target\i686-pc-windows-msvc\release\deps\cryptography_rust.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3563103148.000000006C7A4000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_queue.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3566802453.000000006F833000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698889410.0000000000C88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\python310.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3564515928.000000006CF34000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\bearer\qgenericbearer.pdb"" source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697199492.0000000000C88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_overlapped.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3566422653.000000006F815000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\sqlite3.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3561745530.000000006C341000.00000002.00000001.01000000.0000001E.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698162870.0000000000C88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb!! source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697909092.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3553194207.0000000069535000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_sqlite3.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3562034683.000000006C379000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3563103148.000000006C7A4000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699519349.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3551072342.00000000693B7000.00000002.00000001.01000000.0000003A.sdmp
Source:	Binary string: &}lalgorpublic_keyX509_PUBKEYcrypto\x509\x_pubkey.cx509_pubkey_ex_new_exx509_pubkey_ex_d2i_exDERX509_PUBKEY_setx509_pubkey_decodeX509_PUBKEY_get0X509_PUBKEY_getPrivateKeyInfodo_pk8pkeycrypto\pem\pem_pk8.cd2i_PKCS8PrivateKey_bioENCRYPTED PRIVATE KEYPRIVATE KEYpem_read_bio_key_decodercrypto\pem\pem_pkey.cANY PRIVATE KEYPARAMETERSpem_read_bio_key_legacyPEM_write_bio_PrivateKey_traditional%s PRIVATE KEYtype-specificcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.2.1built on: Fri Feb 16 00:14:00 2024 UTCplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "C:\Program Files (x86)\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files (x86)\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3563103148.000000006C7A4000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\pyexpat.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3567006629.000000006F85F000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: lblobi2d_providedcrypto\asn1\i2d_evp.ci2d_PrivateKeycrypto\passphrase.cossl_pw_set_passphraseossl_pw_set_pem_password_cbossl_pw_set_ossl_passphrase_cbossl_pw_set_ui_methoddo_ui_passphrasepass phraseossl_pw_get_passphrasePrompt info data type incorrectNo password method specifiedPVKcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllcrypto\initthread.cOPENSSL_ia32capp? source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3563103148.000000006C7A4000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb"" source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698317093.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3552751498.0000000069514000.00000002.00000001.01000000.00000033.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\python3.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3550916655.0000000010000000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_windows.pdb(( source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696877063.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696823107.0000000000C88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3564030118.000000006CB54000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\select.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3567231236.000000006F873000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\bearer\qgenericbearer.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697199492.0000000000C88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb"" source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697443975.0000000000C88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbU source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3560059190.000000006BF24000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_asyncio.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3566609369.000000006F827000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_decimal.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3565095672.000000006E3C2000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdbTT source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698495365.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3552434786.0000000069506000.00000002.00000001.01000000.00000034.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\unicodedata.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3563457421.000000006C9CC000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_windows.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696877063.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696823107.0000000000C88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698495365.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3552434786.0000000069506000.00000002.00000001.01000000.00000034.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699312188.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3551301360.00000000693D3000.00000002.00000001.01000000.00000039.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_socket.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3567447950.000000006F888000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libEGL.pdb source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1688256246.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3554291265.0000000069FB3000.00000002.00000001.01000000.0000002E.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 1.1.1t 7 Feb 2023built on: Thu Feb 9 15:27:35 2023 UTCplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "C:\Program Files (x86)\OpenSSL\lib\engines-1_1"not available source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3564030118.000000006CB54000.00000002.00000001.01000000.00000011.sdmp

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe

Code function: 0_2_004014F0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_004014F0

Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe	Static PE information: section name: /4
Source: MSVCP140.dll.0.dr	Static PE information: section name: .didat
Source: Qt5Core.dll.0.dr	Static PE information: section name: .qtmimed
Source: opengl32sw.dll.0.dr	Static PE information: section name: _RDATA
Source: qtaudio_wasapi.dll.0.dr	Static PE information: section name: .qtmetad
Source: qtaudio_windows.dll.0.dr	Static PE information: section name: .qtmetad
Source: qgenericbearer.dll.0.dr	Static PE information: section name: .qtmetad
Source: qtuiotouchplugin.dll.0.dr	Static PE information: section name: .qtmetad
Source: qsvgicon.dll.0.dr	Static PE information: section name: .qtmetad
Source: qgif.dll.0.dr	Static PE information: section name: .qtmetad
Source: qicns.dll.0.dr	Static PE information: section name: .qtmetad
Source: qico.dll.0.dr	Static PE information: section name: .qtmetad
Source: qjpeg.dll.0.dr	Static PE information: section name: .qtmetad
Source: qsvg.dll.0.dr	Static PE information: section name: .qtmetad
Source: qtga.dll.0.dr	Static PE information: section name: .qtmetad
Source: qtiff.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwbmp.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwebp.dll.0.dr	Static PE information: section name: .qtmetad
Source: dsengine.dll.0.dr	Static PE information: section name: .qtmetad
Source: qtmedia_audioengine.dll.0.dr	Static PE information: section name: .qtmetad
Source: wmfengine.dll.0.dr	Static PE information: section name: .qtmetad
Source: qminimal.dll.0.dr	Static PE information: section name: .qtmetad
Source: qoffscreen.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwebgl.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwindows.dll.0.dr	Static PE information: section name: .qtmetad
Source: qxdgdesktopportal.dll.0.dr	Static PE information: section name: .qtmetad
Source: qtmultimedia_m3u.dll.0.dr	Static PE information: section name: .qtmetad
Source: windowsprintersupport.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwindowsvistastyle.dll.0.dr	Static PE information: section name: .qtmetad
Source: libcrypto-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: libsecp256k1-2.dll.0.dr	Static PE information: section name: /4
Source: libssl-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: libusb-1.0.dll.0.dr	Static PE information: section name: /4
Source: libzbar-0.dll.0.dr	Static PE information: section name: /4
Source: python310.dll.0.dr	Static PE information: section name: PyRuntim

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 0_2_0041B970 push ds; ret	0_2_0041B978
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 0_2_0041C3EB push ebx; iretd	0_2_0041C470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 0_2_0041C467 push ebx; iretd	0_2_0041C470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_0041B970 push ds; ret	2_2_0041B978
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_0041C3EB push ebx; iretd	2_2_0041C470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_0041C467 push ebx; iretd	2_2_0041C470

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\MSVCP140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\platforms\qminimal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\QtWidgets.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\QtCore.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\opengl32sw.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\audio\qtaudio_windows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\libsecp256k1-2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\QtNetwork.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Network.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\QtPrintSupport.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5DBus.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\platforms\qoffscreen.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5WebSockets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5PrintSupport.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\cryptography\hazmat\bindings\_rust.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Quick.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qgif.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\bearer\qgenericbearer.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\printsupport\windowsprintersupport.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5QmlModels.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\hid.cp310-win32.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\mediaservice\dsengine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\python310.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\_sqlite3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\libzbar-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\libusb-1.0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\QtMultimedia.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Widgets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\platforms\qwebgl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\QtGui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Qml.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Gui.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Multimedia.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\audio\qtaudio_wasapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\libffi-7.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Svg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\_cffi_backend.cp310-win32.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\playlistformats\qtmultimedia_m3u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\MSVCP140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\iconengines\qsvgicon.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\mediaservice\wmfengine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\libeay32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\mediaservice\qtmedia_audioengine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\ssleay32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\sip.cp310-win32.pyd	Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\electrum\plugins\payserver\www\vendor\jquery-ui-themes-1.12.1\LICENSE.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\electrum\plugins\revealer\LICENSE_DEJAVU.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68762\electrum\plugins\revealer\SIL Open Font License.txt	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe

Code function: 0_2_00406D50 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00406D50

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe

Window / User API: foregroundWindowGot 745

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\platforms\qminimal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\QtWidgets.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\QtCore.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\audio\qtaudio_windows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\opengl32sw.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\libsecp256k1-2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\QtNetwork.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\QtPrintSupport.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5DBus.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\platforms\qoffscreen.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5WebSockets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5PrintSupport.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\cryptography\hazmat\bindings\_rust.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Quick.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qgif.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\printsupport\windowsprintersupport.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\bearer\qgenericbearer.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5QmlModels.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\hid.cp310-win32.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\python310.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\mediaservice\dsengine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\_sqlite3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\libzbar-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\libusb-1.0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\QtMultimedia.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\platforms\qwebgl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\QtGui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Qml.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\audio\qtaudio_wasapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\_cffi_backend.cp310-win32.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\playlistformats\qtmultimedia_m3u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\iconengines\qsvgicon.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\mediaservice\wmfengine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\libeay32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\mediaservice\qtmedia_audioengine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\ssleay32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\sip.cp310-win32.pyd	Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_0-19748

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	API coverage: 8.6 %
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	API coverage: 0.9 %

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 0_2_00408F20 FindFirstFileExW,FindClose,		0_2_00408F20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_00408F20 FindFirstFileExW,FindClose,		2_2_00408F20

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\audio\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\bearer\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\	Jump to behavior

Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1742016137.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1741918397.0000000000C89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: # Maybe look for Jade Qemu simulator if the vars are set (experimental)
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1742016137.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1741918397.0000000000C89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: # For testing with qemu simulator (experimental)
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1742016137.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1741918397.0000000000C89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: id_='Jade Qemu Simulator',
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1878200365.000000000094F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1878870281.0000000000947000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1880966250.0000000000947000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1874041495.0000000000949000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllB
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3549525302.0000000005758000.00000008.00000001.01000000.00000025.sdmp	Binary or memory string: .?AVQEmulationPaintEngine@@

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe

Code function: 2_2_050DBD1B IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

2_2_050DBD1B

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe

Code function: 0_2_004014F0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_004014F0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 0_2_0040117C Sleep,Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv,_amsg_exit,_initterm,GetStartupInfoW,_cexit,_initterm,exit,	0_2_0040117C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 0_2_00401170 Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv,	0_2_00401170
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 0_2_004011B3 Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv,	0_2_004011B3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_0040117C Sleep,Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv,_amsg_exit,_initterm,GetStartupInfoW,_cexit,_initterm,exit,	2_2_0040117C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_00401170 Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv,	2_2_00401170
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_004011B3 Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv,	2_2_004011B3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_050DBD1B IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_050DBD1B

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c fsutil sparse setflag "C:\Users\user\Desktop\electrum_data\blockchain_headers" 1	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\fsutil.exe fsutil sparse setflag "C:\Users\user\Desktop\electrum_data\blockchain_headers" 1	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Found many strings related to Crypto-Wallets (likely being stolen)

Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe	String found in binary or memory: tagged by Electrum@99f6dd5d5d63bdb311bd401835cb20423728f889
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1840754626.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "btc.electroncash.dk": {
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1746345465.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: def get_singlesig_default_wallet_policy(self, addr_type: 'AddressType', account: int) -> 'WalletPolicy':
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3541413248.0000000002E20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: safetlib.messages.EthereumTxAck
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1831918607.0000000000C87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: registers_keystore = ('hardware', 'safe_t', _("Safe-T mini wallet"))

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_05084F50 ?bindAttributeLocation@QOpenGLShaderProgram@@QAEXABVQByteArray@@H@Z,?bindAttributeLocation@QOpenGLShaderProgram@@QAEXABVQString@@H@Z,_Py_NoneStruct,_Py_NoneStruct,	2_2_05084F50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_0509AF70 ?bind@QOpenGLBuffer@@QAE_NXZ,PyBool_FromLong,	2_2_0509AF70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_05096870 ?bind@QOpenGLVertexArrayObject@@QAEXXZ,_Py_NoneStruct,_Py_NoneStruct,	2_2_05096870
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe	Code function: 2_2_050848E0 ?bind@QOpenGLShaderProgram@@QAE_NXZ,PyBool_FromLong,	2_2_050848E0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Native API	1 DLL Side-Loading	11 Process Injection	1 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	11 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	11 Process Injection	LSASS Memory	1 Application Window Discovery	Remote Desktop Protocol	1 Data from Local System	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	12 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Win32.Patched.29806.7109.exe	3%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\MSVCP140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\MSVCP140_1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Core.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5DBus.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Gui.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Multimedia.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Network.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5PrintSupport.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Qml.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5QmlModels.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Quick.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Svg.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5WebSockets.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Widgets.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\d3dcompiler_47.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\libEGL.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\libGLESv2.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\libeay32.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\opengl32sw.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\ssleay32.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\audio\qtaudio_wasapi.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\audio\qtaudio_windows.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\bearer\qgenericbearer.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\iconengines\qsvgicon.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qgif.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qicns.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qico.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qjpeg.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qsvg.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qtga.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qtiff.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qwbmp.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\imageformats\qwebp.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\mediaservice\dsengine.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\mediaservice\qtmedia_audioengine.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\mediaservice\wmfengine.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\platforms\qminimal.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\platforms\qoffscreen.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\platforms\qwebgl.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\platforms\qwindows.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\playlistformats\qtmultimedia_m3u.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\printsupport\windowsprintersupport.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\QtCore.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\QtGui.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\QtMultimedia.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\QtNetwork.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\QtPrintSupport.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\QtWidgets.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\sip.cp310-win32.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\VCRUNTIME140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\_asyncio.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\_bz2.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\_cffi_backend.cp310-win32.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\_ctypes.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\_decimal.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\_hashlib.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\_lzma.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\_multiprocessing.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\_overlapped.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\_queue.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\_socket.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\_sqlite3.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\_ssl.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\_uuid.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\bitbox02\communication\generated\backup_commands_pb2.pyi	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\bitbox02\communication\generated\bitbox02_system_pb2.pyi	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\bitbox02\communication\generated\btc_pb2.pyi	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\bitbox02\communication\generated\common_pb2.pyi	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\bitbox02\communication\generated\eth_pb2.pyi	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\bitbox02\communication\generated\hww_pb2.pyi	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\bitbox02\communication\generated\keystore_pb2.pyi	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\bitbox02\communication\generated\mnemonic_pb2.pyi	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\bitbox02\communication\generated\perform_attestation_pb2.pyi	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\bitbox02\communication\generated\system_pb2.pyi	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68762\cryptography\hazmat\bindings\_rust.pyd	0%	ReversingLabs

Source	Detection	Scanner	Label
http://www.cl.cam.ac.uk/~mgk25/iso-time.html	0%	URL Reputation	safe
http://jacek.jedrzejewski.name)	0%	Avira URL Cloud	safe
http://en.wikipede	0%	Avira URL Cloud	safe
https://testnet.smartbit.com.au/	0%	Avira URL Cloud	safe
https://api.trustedcoin.com/2/	0%	Avira URL Cloud	safe
http://xmr.link	0%	Avira URL Cloud	safe
http://www.fontbureau.comhttp://www.fontbureau.com/designersNormalNormaaliNormalNorm	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/Microsoft	0%	Avira URL Cloud	safe
https://mempool.space/testnet/	0%	Avira URL Cloud	safe
https://oxt.me/	0%	Avira URL Cloud	safe
https://mempool.emzy.de/	0%	Avira URL Cloud	safe
https://mahler:8092/site-updates.py	0%	Avira URL Cloud	safe
https://mempool.space/signet/	0%	Avira URL Cloud	safe
https://mempool.space/	0%	Avira URL Cloud	safe
https://blockstream.info/	0%	Avira URL Cloud	safe
http://.../back.jpeg	0%	Avira URL Cloud	safe

Name	Source	Malicious	Antivirus Detection	Reputation
https://docs.python.org/3/library/ssl.html#ssl.OP_NO_COMPRESSION	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891579280.000000000330E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543243136.0000000003A10000.00000004.00001000.00020000.00000000.sdmp	false		high
https://EditorConfig.org	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1746876620.0000000000C87000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/pyca/cryptography/issues/8996	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3563103148.000000006C7A4000.00000002.00000001.01000000.00000019.sdmp	false		high
http://bugs.python.org/issue1230540	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542697776.00000000036E0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/keepkey/python-keepkey	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1744748979.0000000000C89000.00000004.00000020.00020000.00000000.sdmp	false		high
https://testnet.smartbit.com.au/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.python.org/dev/peps/pep-0506/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542787700.0000000003770000.00000004.00001000.00020000.00000000.sdmp	false		high
http://jqueryui.com	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1821392119.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1749721154.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1769676147.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1767561669.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1782407679.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1796126447.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1799437386.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1780063226.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1775184828.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1821152843.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1765432851.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1773045537.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1751192021.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1749986367.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1750185245.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1769494179.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1767754138.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1805050969.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1795911835.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1763692486.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1792408282.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	false		high
http://api.jqueryui.com/category/theming/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1821392119.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1769676147.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1796126447.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1799437386.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1780063226.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1773045537.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1749986367.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1767754138.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1805050969.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1763692486.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1792408282.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1796103622.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1786718277.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1804999359.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1751347454.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1814590663.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1773065571.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1753795626.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1751363749.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1758186181.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1761141855.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/aio-libs/aiohttp/discussions/6044	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542882830.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891579280.000000000330E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/romis2012/aiohttp-socks/issues/27	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543147586.0000000003980000.00000004.00001000.00020000.00000000.sdmp	false		high
http://jqueryui.com/themeroller/?ffDefault=Segoe%20UI%2CArial%2Csans-serif&fwDefault=bold&fsDefault=	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1802104747.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1802329035.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1810270232.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1810048169.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1802129205.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1802352514.0000000000C87000.00000004.00000020.00020000.00000000.sdmp	false		high
https://python.org/dev/peps/pep-0263/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3564515928.000000006CF34000.00000002.00000001.01000000.00000005.sdmp	false		high
http://jqueryui.com/themeroller/?ffDefault=Arial%2Csans-serif&fwDefault=bold&fsDefault=1.1em&cornerR	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1755343234.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1755614063.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3540967311.0000000000879000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1863040306.0000000000914000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1862588931.0000000000914000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1863349120.0000000000914000.00000004.00000020.00020000.00000000.sdmp	false		high
https://tools.ietf.org/html/rfc2388#section-4.4	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.000000000331D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891003827.000000000335C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1895376844.000000000331D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1892334211.000000000335C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/Blockstream/Jade)	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1742907613.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1742888863.0000000000C87000.00000004.00000020.00020000.00000000.sdmp	false		high
http://jqueryui.com/themeroller/?ffDefault=Verdana%2CArial%2Csans-serif&fwDefault=normal&fsDefault=1	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1799437386.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1792408282.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1753795626.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1760813864.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1761141855.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1799413081.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1753773406.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1799174464.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1799150347.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1753588012.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1792127183.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1753564833.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/pypa/packaging	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542213988.00000000033E0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/satoshilabs/slips/blob/master/slip-0039.md.	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3546846006.00000000046F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1919458192.0000000003E9C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.opensource.org/licenses/mit-license.php	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1830890449.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	false		high
https://refspecs.linuxfoundation.org/elf/gabi4	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542165002.00000000033A0000.00000004.00001000.00020000.00000000.sdmp	false		high
http://jqueryui.com/themeroller/?ffDefault=Segoe%20UI%2CHelvetica%2CArial%2Csans-serif&fwDefault=bol	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1780063226.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1779714584.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1807548191.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1807754519.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1779658379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1780114222.0000000000C87000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/scott-griffiths/bitstring	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.fontbureau.comhttp://www.fontbureau.com/designersNormalNormaaliNormalNorm	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543851792.0000000003DB0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/Microsoft	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543851792.0000000003FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3540967311.0000000000879000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/python-attrs/attrs/issues/136	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.000000000331D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891579280.000000000331D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1895376844.000000000331D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://jqueryui.com/themeroller/?ffDefault=Arial%2Csans-serif&fwDefault=bold&fsDefault=1.3em&cornerR	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1763692486.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1763451882.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1763673008.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1763431788.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	false		high
http://curl.haxx.se/rfc/cookie_spec.html	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3541627817.0000000002FF0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp	false		high
https://oxt.me/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542607867.0000000003640000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/spesmilo/electrum	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3545225242.00000000041B0000.00000004.00001000.00020000.00000000.sdmp	false		high
http://en.wikipede	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543851792.0000000003FD3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://jqueryui.com/themeroller/?ffDefault=segoe%20ui%2CArial%2Csans-serif&fwDefault=bold&fsDefault=	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1767561669.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1796126447.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1767754138.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1795911835.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1796103622.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1767537923.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1767775056.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1795890367.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/romis2012/python-socks	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543243136.0000000003A10000.00000004.00001000.00020000.00000000.sdmp	false		high
https://zopeinterface.readthedocs.io/en/latest/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp	false		high
https://httpbin.org/get	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543102136.0000000003940000.00000004.00001000.00020000.00000000.sdmp	false		high
http://httpbin.org/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.0000000003375000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3540967311.0000000000879000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1892334211.0000000003378000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891003827.0000000003378000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/spesmilo/electrum/issues/6971)).	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1841824249.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	false		high
http://docs.electrum.org/r	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1921471224.0000000003E9C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1873488031.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884412932.0000000002EDA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1868464266.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1872260409.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1870663174.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1874125303.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1875641378.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1871186479.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1880226656.0000000002EDB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1876688827.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1869198809.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.trustedcoin.com/2/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1840141986.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3550361040.0000000005A60000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://jacek.jedrzejewski.name)	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1748197226.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1748213876.0000000000C87000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://btc.com/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3540967311.0000000000879000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1863040306.0000000000914000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1862588931.0000000000914000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1863349120.0000000000914000.00000004.00000020.00020000.00000000.sdmp	false		high
https://mempool.space/testnet/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://httpbin.org/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.0000000003375000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3540967311.0000000000879000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1892334211.0000000003378000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891003827.0000000003378000.00000004.00000020.00020000.00000000.sdmp	false		high
http://xmr.link	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1893873907.0000000003DD1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3563103148.000000006C7A4000.00000002.00000001.01000000.00000019.sdmp	false		high
http://www.cl.cam.ac.uk/~mgk25/iso-time.html	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1870663174.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1871139889.0000000002EE6000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/keis/base58	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543802712.0000000003D70000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.iana.org/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.symauth.com/cps0(	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822550374.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822600547.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	false		high
http://jqueryui.com/themeroller/?ffDefault=Arial%2CHelvetica%2Csans-serif&fsDefault=1em&fwDefault=no	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1751192021.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1751347454.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1751363749.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1751174399.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	false		high
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.0000000003375000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1892334211.0000000003378000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891003827.0000000003378000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3540967311.0000000000879000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1863040306.0000000000914000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1862588931.0000000000914000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1863349120.0000000000914000.00000004.00000020.00020000.00000000.sdmp	false		high
https://docs.python.org/3/library/re.html	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1880110113.0000000003202000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542213988.00000000033E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1881565761.000000000322D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://jquery.org/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1748343252.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1748326006.0000000000C87000.00000004.00000020.00020000.00000000.sdmp	false		high
http://github.com/ActiveState/appdirs	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542213988.00000000033E0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://live.blockcypher.com/btc/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	false		high
https://mempool.emzy.de/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wiki.debian.org/XDGBaseDirectorySpecification#state	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884412932.0000000002EDA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1880226656.0000000002EDB000.00000004.00000020.00020000.00000000.sdmp	false		high
http://wwwsearch.sf.net/):	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.0000000003375000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1892334211.0000000003378000.00000004.00000020.00020000.00000000.sdmp	false		high
http://tools.ietf.org/html/rfc6125#section-6.4.3	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3541718331.0000000003090000.00000004.00001000.00020000.00000000.sdmp	false		high
https://btc.bitaps.com/r	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cffi.readthedocs.io/en/latest/using.html#callbacks	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3562441441.000000006C3BA000.00000002.00000001.01000000.0000001A.sdmp	false		high
http://jqueryui.com/themeroller/?ffDefault=Helvetica%2CArial%2Csans-serif&fwDefault=normal&fsDefault	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1821392119.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1775184828.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1821152843.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1775371549.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	false		high
https://wallet.trezor.io	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1838400649.0000000000C89000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/trezor/trezor-mcu/pull/306	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1838485058.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1836872184.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1836788366.0000000000C89000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bugs.python.org/issue37179	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3542882830.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891579280.000000000330E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blockchain.com/btc/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blockchair.com/bitcoin/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	false		high
http://stackoverflow.com/questi	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1821823243.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	false		high
https://mempool.space/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.symauth.com/rpa04	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822550374.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822600547.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1863349120.0000000000914000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1870663174.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1871139889.0000000002EE6000.00000004.00000020.00020000.00000000.sdmp	false		high
http://dejavu.sourceforge.net/wiki/index.php/License	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1822030201.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	false		high
http://stackoverflow.com/questions/18729405/how-to-convert-utf8-string-to-byte-array	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1821823243.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1821879495.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/pyca/cryptography/issues	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3545225242.00000000041B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.keepkey.com	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1744748979.0000000000C89000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1894277891.000000000331D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891003827.000000000335C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1895376844.000000000331D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1892334211.000000000335C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.attrs.org/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543102136.0000000003940000.00000004.00001000.00020000.00000000.sdmp	false		high
http://google.com/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1891003827.0000000003378000.00000004.00000020.00020000.00000000.sdmp	false		high
https://chainflyer.bitflyer.jp/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	false		high
https://mahler:8092/site-updates.py	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1896214508.0000000003222000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://blockstream.info/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/Blockstream/Jade/releases/tag/0.1.37).	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1742907613.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1742888863.0000000000C87000.00000004.00000020.00020000.00000000.sdmp	false		high
https://mempool.space/signet/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://urllib3.readthedocs.io/en/stable/v2-migration-guide.html	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3541627817.0000000002FF0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/trezor/trezor-common/blob/44dfb07cfaafffada4b2ce0d15ba1d90d17cf35e/protob/types.p	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1836184924.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	false		high
https://insight.bitpay.com/	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1884060012.0000000003305000.00000004.00000020.00020000.00000000.sdmp	false		high
http://jquery.org/license	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1821392119.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1769676147.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1796126447.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1799437386.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1780063226.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1773045537.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1749986367.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1767754138.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1805050969.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1763692486.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1792408282.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1796103622.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1786718277.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1804999359.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1751347454.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1814590663.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1773065571.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1753795626.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1751363749.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1758186181.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1761141855.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	false		high
https://digitalbitbox.com/smartverification/index.php	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1740588098.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1740623655.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	false		high
http://.../back.jpeg	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543678133.0000000003CF0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://www.openssl.org/V	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696316170.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.python.org/download/releases/2.3/mro/.	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1859499963.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1859740884.000000000090C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1859629428.0000000000909000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3543147586.0000000003980000.00000004.00001000.00020000.00000000.sdmp	false		high
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1890390070.000000000338A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000003.1890033485.0000000003378000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/jquery/jquery-ui	SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1748343252.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1748326006.0000000000C87000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1409007
Start date and time:	2024-03-14 15:37:51 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Win32.Patched.29806.7109.exe
Detection:	MAL
Classification:	mal52.rans.spyw.winEXE@14/875@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 98% Number of executed functions: 47 Number of non-executed functions: 487
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
VT rate limit hit for: SecuriteInfo.com.Win32.Patched.29806.7109.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Core.dll	electrum-4.5.3-setup.exe	Get hash	malicious	Unknown	Browse
	electrum-4.5.3.exe	Get hash	malicious	Unknown	Browse
	PPN Service Tool V2.10.00_20220923.msi	Get hash	malicious	Unknown	Browse
	PPN Service Tool V2.10.00_20220923.msi	Get hash	malicious	Unknown	Browse
	z4GObISliI.exe	Get hash	malicious	Unknown	Browse
	z4GObISliI.exe	Get hash	malicious	Unknown	Browse
	BEwkwcQFOA.exe	Get hash	malicious	Unknown	Browse
	CABPRansom.exe	Get hash	malicious	Unknown	Browse
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\MSVCP140.dll	electrum-4.5.3-setup.exe	Get hash	malicious	Unknown	Browse
	electrum-4.5.3.exe	Get hash	malicious	Unknown	Browse
	BEwkwcQFOA.exe	Get hash	malicious	Unknown	Browse
	https://files.jalinga.com/builds/releases/jalinga_studio.4.0.2040.0.exe	Get hash	malicious	Unknown	Browse
	MedMooc.exe	Get hash	malicious	Unknown	Browse
	FileZilla_3.52.2_win64_sponsored-setup.exe	Get hash	malicious	Unknown	Browse
	f_026dfd.exe	Get hash	malicious	Unknown	Browse
C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\MSVCP140_1.dll	electrum-4.5.3-setup.exe	Get hash	malicious	Unknown	Browse
	electrum-4.5.3.exe	Get hash	malicious	Unknown	Browse
	BEwkwcQFOA.exe	Get hash	malicious	Unknown	Browse
	https://files.jalinga.com/builds/releases/jalinga_studio.4.0.2040.0.exe	Get hash	malicious	Unknown	Browse
	CABPRansom.exe	Get hash	malicious	Unknown	Browse
	MedMooc.exe	Get hash	malicious	Unknown	Browse

Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1688314579.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibEGL.dll. vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697250264.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqgenericbe vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1671758696.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140.dllT vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1683435047.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Svg.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698889410.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtga.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696316170.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamessleay32.dllH vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698162870.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqicns.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1672155859.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140_1.dllT vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699312188.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqwbmp.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698194066.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqicns.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698737621.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqsvg.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697709722.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqsvgicon.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1678711183.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5PrintSupport.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699519349.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqwebp.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696552484.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtaudio_wasapi.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699817125.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedsengine.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698544459.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqjpeg.dll vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1702301378.0000000000C86000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqxdgdesktopportal.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1675128482.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5DBus.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1680601238.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5QmlModels.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1696823107.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtaudio_windows.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1698317093.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqico.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1688256246.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibEGL.dll. vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1680665226.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5QmlModels.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1699083379.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtiff.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697443975.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtuiotouchplugin.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1683810184.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5WebSockets.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000000.00000003.1697909092.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqgif.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe	Binary or memory string: OriginalFilename vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3567090532.000000006F867000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: OriginalFilenamepyexpat.pyd. vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3551624443.0000000069434000.00000002.00000001.01000000.00000038.sdmp	Binary or memory string: OriginalFilenameqtiff.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3553062551.0000000069529000.00000002.00000001.01000000.00000032.sdmp	Binary or memory string: OriginalFilenameqicns.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3552840308.0000000069518000.00000002.00000001.01000000.00000033.sdmp	Binary or memory string: OriginalFilenameqico.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3552292543.00000000694A7000.00000002.00000001.01000000.00000035.sdmp	Binary or memory string: OriginalFilenameqsvg.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3559781558.000000006BB1B000.00000002.00000001.01000000.00000021.sdmp	Binary or memory string: OriginalFilenamemsvcp140.dllT vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3567584103.000000006F88F000.00000002.00000001.01000000.0000000C.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3554931582.000000006A4E0000.00000002.00000001.01000000.0000002C.sdmp	Binary or memory string: OriginalFilenameqwindows.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3552073477.000000006948E000.00000002.00000001.01000000.00000036.sdmp	Binary or memory string: OriginalFilenameQt5Svg.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3549656178.0000000005763000.00000002.00000001.01000000.00000025.sdmp	Binary or memory string: OriginalFilenameQt5Gui.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3562149678.000000006C37F000.00000002.00000001.01000000.0000001D.sdmp	Binary or memory string: OriginalFilename_sqlite3.pyd. vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3554122244.0000000069F93000.00000002.00000001.01000000.0000002F.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dll4 vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3550916655.0000000010000000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamepython3.dll. vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3551385142.00000000693D6000.00000002.00000001.01000000.00000039.sdmp	Binary or memory string: OriginalFilenameqwbmp.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3566684063.000000006F82C000.00000002.00000001.01000000.00000013.sdmp	Binary or memory string: OriginalFilename_asyncio.pyd. vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3566881209.000000006F836000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3563745742.000000006C9CE000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3553503835.000000006955F000.00000002.00000001.01000000.00000030.sdmp	Binary or memory string: OriginalFilenameqwindowsvistastyle.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3566500395.000000006F819000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: OriginalFilename_overlapped.pyd. vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3567916478.000000006F8C2000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3558095724.000000006AC06000.00000002.00000001.01000000.00000027.sdmp	Binary or memory string: OriginalFilenameQt5Widgets.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3566040158.000000006E61A000.00000002.00000001.01000000.00000015.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3551840986.0000000069446000.00000002.00000001.01000000.00000037.sdmp	Binary or memory string: OriginalFilenameqtga.dll( vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3568651100.000000006F921000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs SecuriteInfo.com.Win32.Patched.29806.7109.exe
Source: SecuriteInfo.com.Win32.Patched.29806.7109.exe, 00000002.00000002.3564968083.000000006D00C000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: OriginalFilenamepython310.dll. vs SecuriteInfo.com.Win32.Patched.29806.7109.exe

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	454128
Entropy (8bit):	6.669498628019609
Encrypted:	false
SSDEEP:	12288:y9vcHNFaPZ2Jj/gMvpbUUtQgTCZuGre6gIo1hUgiW6QR7t5s03Ooc8dHkC2esrVx:ytcHNa2Jj/g4bUUtQgTn6g003Ooc8dHE
MD5:	ECEFF9C92E14B580EA84365F3D60F7DE
SHA1:	00699126456379FA48CB122E21B7F4731A72C57C
SHA-256:	265591A709A5DB413D73C95B538DA321EDEACB40059BDCEB142F997A3D458B49
SHA-512:	FD325D77EB2C30E1CD1B2D871986E057318C1BE911793521C7BF79FB2C5DC359CB7DB90C6D6C5711FEDD734B6B03117B8BAF241DFBD78585CF55A25983EC8727
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: electrum-4.5.3-setup.exe, Detection: malicious, Browse Filename: electrum-4.5.3.exe, Detection: malicious, Browse Filename: BEwkwcQFOA.exe, Detection: malicious, Browse Filename: , Detection: malicious, Browse Filename: MedMooc.exe, Detection: malicious, Browse Filename: FileZilla_3.52.2_win64_sponsored-setup.exe, Detection: malicious, Browse Filename: f_026dfd.exe, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mw`...3...3...3C..3...3.t.3...3...36..3<c.2...3<c.2...3<c.2...3<c.2g..3<c.2...3<c.3...3<c.2...3Rich...3........PE..L.....t^.........."!.....:...................P......................................_Y....@A.........................z...................................A.......;...z..8...........................Xy..@....................v..@....................text....9.......:.................. ..`.data...t(...P.......>..............@....idata...............V..............@..@.didat..4............j..............@....rsrc................l..............@..@.reloc...;.......<...p..............@..B................................................................................................................................................................................................................................................................................

File type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Entropy (8bit):	7.998118698241338
TrID:	Win32 Executable (generic) a (10002005/4) 99.53% InstallShield setup (43055/19) 0.43% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Win32.Patched.29806.7109.exe
File size:	47'825'152 bytes
MD5:	cf15ed86315ab1a94996fb69ef157005
SHA1:	92dfe7452e0a21e6b5da69f386603080eca9d7eb
SHA256:	175eb4505659184198a6dacaf5c52bf80c9b10f168b081a07e3457058cc51e89
SHA512:	446616ddaf2b0c9635d0db45bbb9021589a8782fedab64c0dff910bf35d64fd8bf6a5b05014e608eafec9037470e8a5162002225d47000fb2854c2763125b27f
SSDEEP:	786432:fF8WWxUd9d1LRphkc3FphiWGlso5EYWAFPMUcgDB2hREoBQkMGIcmdK19diGgETh:fF8WWxU9ddRzFphiZd5EXUcgD4hzIzs3
TLSH:	CAA733C6CDB20473E421047BACD5FDF1873D52E89BB6842BDA39005766BBCE24A5162F
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n05[........../....#.j........................@..........................`.............................................

Entrypoint:	0x4014b0
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DEBUG_STRIPPED
DLL Characteristics:
Time Stamp:	0x5B35306E [Thu Jun 28 19:01:02 2018 UTC]
TLS Callbacks:	0x40d830, 0x40d7e0
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	e9d858bf5cc2b22933333fd98518c716

Signature Valid:	true
Signature Issuer:	CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	11/05/2022 01:00:00 11/05/2024 00:59:59
Subject Chain	CN=Electrum Technologies GmbH, O=Electrum Technologies GmbH, L=Berlin, C=DE
Version:	3
Thumbprint MD5:	C09ADC61D776FBF71D03B4C85A6966E8
Thumbprint SHA-1:	780404C800C6398FA80F11DA7F56BDDB94846E45
Thumbprint SHA-256:	A1DDA05EDB3433066E485DA74445EFEC685F6FDE13CB62BBE2B207A3758C1B1E
Serial:	0FD8543AF7A221C51CF906165B1CC0E4

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x31000	0x10dc	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x35000	0x10148	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x2d99898	0x2868
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x1d9e4	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x31304	0x278	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x16844	0x16a00	bfa94cc0c6fba6cfbec218f12bae7497	False	0.49559737569060774	data	6.147093437333147	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x18000	0x7c	0x200	5f248157483c9031b1f144a8f35a67cd	False	0.158203125	data	1.0951453424827384	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x19000	0x5ab8	0x5c00	56eab60172568da905cfe22d274d8173	False	0.4833984375	data	6.423591165273786	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
/4	0x1f000	0x282c	0x2a00	5ade56e21c5cc0870eed26c14dc73992	False	0.31156994047619047	data	4.885403344130252	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.bss	0x22000	0xecb4	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x31000	0x10dc	0x1200	1a0f376f0f1923d8b6ac09985cd92d62	False	0.3878038194444444	PGP symmetric key encrypted data - Plaintext or unencrypted data	5.130264530707902	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.CRT	0x33000	0x34	0x200	3d6d77b813b142a365114d8d26628b28	False	0.0703125	Matlab v4 mat-file (little endian) \220\327@, numeric, rows 4198704, columns 0	0.2709192282599745	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x34000	0x8	0x200	bf619eac0cdf3f68d496ea9344137e8b	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x35000	0x11000	0x10200	3b12c52c6e1917222adab677428556b6	False	0.6228197674418605	data	6.0401874871081915	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x35208	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	0.38853790613718414
RT_ICON	0x35ab0	0x6d06	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9946255822285919
RT_ICON	0x3c7b8	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 0	0.2696622579121398
RT_ICON	0x409e0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	0.34315352697095436
RT_ICON	0x42f88	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	0.38672607879924953
RT_ICON	0x44030	0x6b8	Device independent bitmap graphic, 20 x 40 x 32, image size 0	0.5866279069767442
RT_ICON	0x446e8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	0.5328014184397163
RT_GROUP_ICON	0x44b50	0x68	data	0.7596153846153846
RT_MANIFEST	0x44bb8	0x590	XML 1.0 document, ASCII text, with CRLF line terminators	0.44662921348314605

DLL	Import
ADVAPI32.dll	ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetTokenInformation, OpenProcessToken
COMCTL32.DLL	LoadIconMetric
GDI32.dll	CreateFontIndirectW, DeleteObject, SelectObject
KERNEL32.dll	CloseHandle, CreateDirectoryW, CreateProcessW, DeleteCriticalSection, EnterCriticalSection, ExpandEnvironmentStringsW, FindClose, FindFirstFileExW, FormatMessageW, FreeLibrary, GetCommandLineW, GetCurrentProcess, GetEnvironmentVariableW, GetExitCodeProcess, GetLastError, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleW, GetProcAddress, GetStartupInfoW, GetTempPathW, InitializeCriticalSection, IsDBCSLeadByteEx, LeaveCriticalSection, LoadLibraryA, LoadLibraryExW, LocalFree, MulDiv, MultiByteToWideChar, SetConsoleCtrlHandler, SetDllDirectoryW, SetEnvironmentVariableW, SetUnhandledExceptionFilter, Sleep, TlsGetValue, VirtualProtect, VirtualQuery, WaitForSingleObject, WideCharToMultiByte
msvcrt.dll	__argc, __lconv_init, __mb_cur_max, __p__commode, __p__fmode, __p__wcmdln, __set_app_type, __setusermatherr, __wargv, __wgetmainargs, __winitenv, _amsg_exit, _cexit, _errno, _filelengthi64, _fileno, _findclose, _get_osfhandle, _initterm, _iob, _lock, _onexit, _setmode, _snwprintf, fwprintf, _unlock, _wcsdup, _wfopen, _wfullpath, _wputenv_s, _wremove, _wrmdir, _wtempnam, abort, atoi, calloc, clearerr, exit, fclose, feof, ferror, fflush, fgetpos, fprintf, fputc, fputwc, fread, free, fsetpos, fwrite, iswctype, localeconv, malloc, mbstowcs, memcmp, memcpy, memset, perror, realloc, setbuf, setlocale, signal, strcat, strchr, strcmp, strcpy, strerror, strlen, strncat, strncmp, strncpy, strtok, vfprintf, wcscat, wcschr, wcscmp, wcscpy, wcslen, wcsncpy, wcstombs, _wstat, _wfindnext, _wfindfirst, _stat, _wcsdup, _strdup, _getpid, _fileno
USER32.dll	CreateWindowExW, DestroyIcon, DialogBoxIndirectParamW, DrawTextW, EndDialog, GetClientRect, GetDC, GetDialogBaseUnits, GetWindowLongW, InvalidateRect, MessageBoxA, MessageBoxW, MoveWindow, ReleaseDC, SendMessageW, SetWindowLongW, SystemParametersInfoW

Target ID:	0
Start time:	15:38:42
Start date:	14/03/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe
Imagebase:	0x400000
File size:	47'825'152 bytes
MD5 hash:	CF15ED86315AB1A94996FB69EF157005
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	15:39:00
Start date:	14/03/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.29806.7109.exe
Imagebase:	0x400000
File size:	47'825'152 bytes
MD5 hash:	CF15ED86315AB1A94996FB69EF157005
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	15:39:03
Start date:	14/03/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c "ver"
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	5
Start time:	15:39:04
Start date:	14/03/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c "ver"
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	10
Start time:	15:39:06
Start date:	14/03/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c fsutil sparse setflag "C:\Users\user\Desktop\electrum_data\blockchain_headers" 1
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Execution Coverage:	1.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	9.4%
Total number of Nodes:	1393
Total number of Limit Nodes:	36

Execution Coverage:	0.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	308
Total number of Limit Nodes:	25

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Win32.Patched.29806.7109.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Cryptography

Compliance

Spreading

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\MSVCP140.dll

C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\MSVCP140_1.dll

C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Core.dll

C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5DBus.dll

C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Gui.dll

C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Multimedia.dll

C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Network.dll

C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5PrintSupport.dll

C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Qml.dll

C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5QmlModels.dll

C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Quick.dll

C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Svg.dll

C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5WebSockets.dll

C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\Qt5Widgets.dll

C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\d3dcompiler_47.dll

C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\libEGL.dll

C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\libGLESv2.dll

C:\Users\user\AppData\Local\Temp\_MEI68762\PyQt5\Qt5\bin\libeay32.dll

Windows Analysis Report
SecuriteInfo.com.Win32.Patched.29806.7109.exe

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre