Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.Patched.24562.10289.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win32.Patched.24562.10289.exe
Analysis ID:	1505139
MD5:	d430fb367b17fdd8a5f7fd72c16e0477
SHA1:	bd832259a3dd2e8d0c4e421bdf92c0a7b06f9049
SHA256:	3710df97f996f8f6390fa8b23bbafea03f2e7568bf00297f737324f380f06675
Tags:	exe
Infos:

Detection

Score:	45
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Generic Python Ransomware

Found Tor onion address

Found pyInstaller with non standard icon

Tries to steal Crypto Currency Wallets

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Win32.Patched.24562.10289.exe (PID: 7652 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe" MD5: D430FB367B17FDD8A5F7FD72C16E0477)

SecuriteInfo.com.Win32.Patched.24562.10289.exe (PID: 7948 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe" MD5: D430FB367B17FDD8A5F7FD72C16E0477)

cmd.exe (PID: 8100 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 8160 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7268 cmdline: C:\Windows\system32\cmd.exe /c fsutil sparse setflag "C:\Users\user\AppData\Roaming\Electrum\blockchain_headers" 1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

fsutil.exe (PID: 5392 cmdline: fsutil sparse setflag "C:\Users\user\AppData\Roaming\Electrum\blockchain_headers" 1 MD5: 452CA7574A1B2550CD9FF83DDBE87463)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: SecuriteInfo.com.Win32.Patched.24562.10289.exe PID: 7948	JoeSecurity_GenericPythonRansomware	Yara detected Generic Python Ransomware	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A69AA40 ?connectToHostEncrypted@QSslSocket@@QAEXABVQString@@G0V?$QFlags@W4OpenModeFlag@QIODevice@@@@W4NetworkLayerProtocol@QAbstractSocket@@@Z,?isWarningEnabled@QLoggingCategory@@QBE_NXZ,??0QMessageLogger@@QAE@PBDH00@Z,?warning@QMessageLogger@@QBAXPBDZZ,?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z,??1QString@@QAE@XZ,??4QString@@QAEAAV0@ABV0@@Z,?isWarningEnabled@QLoggingCategory@@QBE_NXZ,??0QMessageLogger@@QAE@PBDH00@Z,?warning@QMessageLogger@@QBAXPBDZZ,	6_2_6A69AA40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A69EA90 ??0GeneratorParameters@QDtlsClientVerifier@@QAE@W4Algorithm@QCryptographicHash@@ABVQByteArray@@@Z,??0QByteArray@@QAE@ABV0@@Z,	6_2_6A69EA90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A69AB60 ?connectToHostEncrypted@QSslSocket@@QAEXABVQString@@GV?$QFlags@W4OpenModeFlag@QIODevice@@@@W4NetworkLayerProtocol@QAbstractSocket@@@Z,?isWarningEnabled@QLoggingCategory@@QBE_NXZ,??0QMessageLogger@@QAE@PBDH00@Z,?warning@QMessageLogger@@QBAXPBDZZ,?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z,??1QString@@QAE@XZ,?isWarningEnabled@QLoggingCategory@@QBE_NXZ,??0QMessageLogger@@QAE@PBDH00@Z,?warning@QMessageLogger@@QBAXPBDZZ,	6_2_6A69AB60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6B8920 ?deriveKeyPbkdf2@QPasswordDigestor@@YA?AVQByteArray@@W4Algorithm@QCryptographicHash@@ABV2@1H_K@Z,?hashLength@QCryptographicHash@@SAHW4Algorithm@1@@Z,??0QMessageLogger@@QAE@PBDH0@Z,?warning@QMessageLogger@@QBE?AVQDebug@@XZ,??6QDebug@@QAEAAV0@PBD@Z,?qt_QMetaEnum_debugOperator@@YA?AVQDebug@@AAV1@HPBUQMetaObject@@PBD@Z,??1QDebug@@QAE@XZ,??1QDebug@@QAE@XZ,??6QDebug@@QAEAAV0@PBD@Z,??6QDebug@@QAEAAV0@_K@Z,??6QDebug@@QAEAAV0@PBD@Z,??6QDebug@@QAEAAV0@_K@Z,??6QDebug@@QAEAAV0@PBD@Z,??1QDebug@@QAE@XZ,??1QDebug@@QAE@XZ,??0QString@@QAE@XZ,??0QString@@QAE@XZ,??0QMessageAuthenticationCode@@QAE@W4Algorithm@QCryptographicHash@@ABVQByteArray@@@Z,??0QByteArray@@QAE@HW4Initialization@Qt@@@Z,?addData@QMessageAuthenticationCode@@QAEXABVQByteArray@@@Z,?result@QMessageAuthenticationCode@@QBE?AVQByteArray@@XZ,?reset@QMessageAuthenticationCode@@QAEXXZ,?addData@QMessageAuthenticationCode@@QAEXABVQByteArray@@@Z,?begin@QByteArray@@QAEPADXZ,?addData@QMessageAuthenticationCode@@QAEXABVQByteArray@@@Z,?result@QMessageAuthenticationCode@@QBE?AVQByteArray@@XZ,?reset@QMessageAuthenticationCode@@QAEXXZ,??0QByteArray@@QAE@ABV0@@Z,?addData@QMessageAuthenticationCode@@QAEXABVQByteArray@@@Z,?result@QMessageAuthenticationCode@@QBE?AVQByteArray@@XZ,??4QDateTime@@QAEAAV0@$$QAV0@@Z,??1QByteArray@@QAE@XZ,?reset@QMessageAuthenticationCode@@QAEXXZ,?begin@QByteArray@@QAEPADXZ,?data@QString@@QBEPBVQChar@@XZ,?cend@QByteArray@@QBEPBDXZ,?data@QString@@QBEPBVQChar@@XZ,?addData@QMessageAuthenticationCode@@QAEXABVQByteArray@@@Z,?result@QMessageAuthenticationCode@@QBE?AVQByteArray@@XZ,?reset@QMessageAuthenticationCode@@QAEXXZ,?append@QByteArray@@QAEAAV1@ABV1@@Z,??1QByteArray@@QAE@XZ,??1QByteArray@@QAE@XZ,?left@QByteArray@@QBE?AV1@H@Z,??1QByteArray@@QAE@XZ,??1QMessageAuthenticationCode@@QAE@XZ,??1QByteArray@@QAE@XZ,	6_2_6A6B8920
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A69EED0 ?decryptDatagram@QDtls@@QAE?AVQByteArray@@PAVQUdpSocket@@ABV2@@Z,?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z,??4QString@@QAEAAV0@ABV0@@Z,??1QString@@QAE@XZ,??0QString@@QAE@XZ,?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z,	6_2_6A69EED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A634E90 ??0QUrl@@QAE@ABV0@@Z,??0QString@@QAE@XZ,?setPassword@QUrl@@QAEXABVQString@@W4ParsingMode@1@@Z,??1QString@@QAE@XZ,??0QString@@QAE@XZ,?setFragment@QUrl@@QAEXABVQString@@W4ParsingMode@1@@Z,??1QString@@QAE@XZ,??0QCryptographicHash@@QAE@W4Algorithm@0@@Z,?toEncoded@QUrl@@QBE?AVQByteArray@@V?$QUrlTwoFlags@W4UrlFormattingOption@QUrl@@W4ComponentFormattingOption@2@@@@Z,?addData@QCryptographicHash@@QAEXABVQByteArray@@@Z,??1QByteArray@@QAE@XZ,?result@QCryptographicHash@@QBE?AVQByteArray@@XZ,?data@QString@@QBEPBVQChar@@XZ,?number@QByteArray@@SA?AV1@_JH@Z,?left@QByteArray@@QBE?AV1@H@Z,??1QByteArray@@QAE@XZ,??1QByteArray@@QAE@XZ,?at@QByteArray@@QBEDH@Z,?data@QString@@QBEPBVQChar@@XZ,?data@QString@@QBEPBVQChar@@XZ,?number@QString@@SA?AV1@IH@Z,??0QString@@QAE@HW4Initialization@Qt@@@Z,?data@QString@@QBEPBVQChar@@XZ,?data@QString@@QBEPBVQChar@@XZ,memmove,??0QChar@@QAE@UQLatin1Char@@@Z,?appendLatin1To@QAbstractConcatenable@@KAXPBDHPAVQChar@@@Z,?appendLatin1To@QAbstractConcatenable@@KAXPBDHPAVQChar@@@Z,??1QString@@QAE@XZ,??1QByteArray@@QAE@XZ,??1QCryptographicHash@@QAE@XZ,??1QUrl@@QAE@XZ,	6_2_6A634E90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A666C40 ?detach@QAuthenticator@@QAEXXZ,??0QString@@QAE@XZ,??0QString@@QAE@XZ,??0QString@@QAE@XZ,?shared_null@QHashData@@2U1@B,??0QString@@QAE@XZ,??0QString@@QAE@XZ,??0QString@@QAE@XZ,??0QString@@QAE@XZ,??0QString@@QAE@XZ,?system@QRandomGenerator64@@SAPAV1@XZ,?_fillRange@QRandomGenerator@@AAEXPAX0@Z,?number@QByteArray@@SA?AV1@_KH@Z,?hash@QCryptographicHash@@SA?AVQByteArray@@ABV2@W4Algorithm@1@@Z,?toHex@QByteArray@@QBE?AV1@XZ,??4QDateTime@@QAEAAV0@$$QAV0@@Z,??1QByteArray@@QAE@XZ,??1QByteArray@@QAE@XZ,??1QByteArray@@QAE@XZ,	6_2_6A666C40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A69E240 ?waitForReadyRead@QSslSocket@@UAE_NH@Z,?start@QElapsedTimer@@QAEXXZ,?waitForEncrypted@QSslSocket@@QAE_NH@Z,?elapsed@QElapsedTimer@@QBE_JXZ,?qt_subtract_from_timeout@@YAHHH@Z,	6_2_6A69E240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A616370 ?encrypted@QNetworkAccessManager@@QAEXPAVQNetworkReply@@@Z,?staticMetaObject@QNetworkAccessManager@@2UQMetaObject@@B,?activate@QMetaObject@@SAXPAVQObject@@PBU1@HPAPAX@Z,	6_2_6A616370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A69E130 ?waitForEncrypted@QSslSocket@@QAE_NH@Z,?start@QElapsedTimer@@QAEXXZ,?state@QAbstractSocket@@QBE?AW4SocketState@1@XZ,?startClientEncryption@QSslSocket@@QAEXXZ,?elapsed@QElapsedTimer@@QBE_JXZ,?qt_subtract_from_timeout@@YAHHH@Z,	6_2_6A69E130

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DEBUG_STRIPPED

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user~1\AppData\Local\Temp\_MEI76522\electrum\plugins\payserver\www\vendor\jquery-ui-themes-1.12.1\LICENSE.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user~1\AppData\Local\Temp\_MEI76522\electrum\plugins\revealer\LICENSE_DEJAVU.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user~1\AppData\Local\Temp\_MEI76522\electrum\plugins\revealer\SIL Open Font License.txt	Jump to behavior

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe

Static PE information: certificate valid

Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354565423.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355359672.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2589869938.00000000695B3000.00000002.00000001.01000000.00000035.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354396146.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_wasapi.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1353935513.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_wasapi.pdb++" source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1353935513.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\printsupport\windowsprintersupport.pdb"" source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358561580.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_decimal.pdb%% source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2598818140.000000006C9E2000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354975105.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2592034048.0000000069624000.00000002.00000001.01000000.00000033.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\platformthemes\qxdgdesktopportal.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358309816.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\qtmedia_audioengine.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356563460.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb''! source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2592425928.0000000069656000.00000002.00000001.01000000.00000030.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2595934639.000000006BA71000.00000020.00000001.01000000.00000022.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2588912454.0000000069587000.00000002.00000001.01000000.00000036.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb!! source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354700958.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2602297206.000000006FF65000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2592425928.0000000069656000.00000002.00000001.01000000.00000030.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356040749.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2586346848.00000000694C7000.00000002.00000001.01000000.0000003A.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\pyexpat.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2600737267.000000006CD4F000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_windows.pdb(( source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354117294.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2600125221.000000006CC34000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_bz2.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2601200333.000000006CDBC000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\bearer\qgenericbearer.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354257486.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_asyncio.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2599586764.000000006CA17000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2584872500.0000000005317000.00000002.00000001.01000000.00000025.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libGLESv2.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2592816487.000000006A00B000.00000002.00000001.01000000.0000002F.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_socket.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2600875298.000000006CD68000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 1.1.1t 7 Feb 2023built on: Thu Feb 9 15:27:35 2023 UTCplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "C:\Program Files (x86)\OpenSSL\lib\engines-1_1"not available source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2600125221.000000006CC34000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\qtmedia_audioengine.pdb-- source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356563460.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libGLESv2.pdb3 source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2592816487.000000006A00B000.00000002.00000001.01000000.0000002F.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\platformthemes\qxdgdesktopportal.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358309816.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\x86ret\bin\i386\\msvcp140_1.i386.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2595834503.000000006BA61000.00000020.00000001.01000000.00000021.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354700958.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2602297206.000000006FF65000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: d:\a01\_work\11\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2602514838.0000000073C61000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\printsupport\windowsprintersupport.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358561580.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_queue.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2600593933.000000006CD23000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355499153.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\playlistformats\qtmultimedia_m3u.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358443027.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\bearer\qgenericbearer.pdb"" source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354257486.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\sqlite3.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2597097623.000000006C301000.00000002.00000001.01000000.0000001E.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_sqlite3.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2597240669.000000006C339000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354837544.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\lib\Qt5Multimedia.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2593981924.000000006A76A000.00000002.00000001.01000000.00000029.sdmp
Source:	Binary string: D:\a\1\b\libssl-1_1.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2599790827.000000006CA82000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb"" source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354975105.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2592034048.0000000069624000.00000002.00000001.01000000.00000033.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\python3.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2586182529.0000000010000000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: D:\a\1\b\libssl-1_1.pdbAA source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2599790827.000000006CA82000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb"" source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354396146.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_decimal.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2598818140.000000006C9E2000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_hashlib.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2599065056.000000006C9F5000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdbTT source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355125664.00000000024EA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2590911263.0000000069616000.00000002.00000001.01000000.00000034.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb,, source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2588912454.0000000069587000.00000002.00000001.01000000.00000036.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2594610201.000000006AB31000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_windows.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354117294.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2593243825.000000006A526000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355125664.00000000024EA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2590911263.0000000069616000.00000002.00000001.01000000.00000034.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355850762.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2586624372.00000000694E3000.00000002.00000001.01000000.00000039.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libEGL.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1335239147.00000000024E6000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 1_2_00408F20 FindFirstFileExW,FindClose,		1_2_00408F20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_00408F20 FindFirstFileExW,FindClose,		6_2_00408F20

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user~1\AppData\Local\Temp\_MEI76522\electrum\plugins\payserver\www\vendor\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user~1\AppData\Local\Temp\_MEI76522\electrum\plugins\payserver\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user~1\AppData\Local\Temp\_MEI76522\electrum\plugins\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user~1\AppData\Local\Temp\_MEI76522\electrum\plugins\payserver\www\vendor\jquery-ui-themes-1.12.1\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user~1\AppData\Local\Temp\_MEI76522\electrum\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user~1\AppData\Local\Temp\_MEI76522\electrum\plugins\payserver\www\	Jump to behavior

Networking

Found Tor onion address

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583816893.0000000004500000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: This lnurl callback_url looks unsafe. It must use 'https://' or '.onion' (found:
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583816893.0000000004500000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: This lnurl looks unsafe. It must use 'https://' or '.onion' (found:

Source: unknown

DNS traffic detected: query: 15.164.165.52.in-addr.arpa replaycode: Name error (3)

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Code function: 6_2_6A68EA90 WSARecvFrom,WSAGetLastError,?clear@QHostAddress@@QAEXXZ,?clear@QHostAddress@@QAEXXZ,?setAddress@QHostAddress@@QAEXPBE@Z,?number@QString@@SA?AV1@IH@Z,?setScopeId@QHostAddress@@QAEXABVQString@@@Z,??1QString@@QAE@XZ,WSANtohl,?setAddress@QHostAddress@@QAEXI@Z,

6_2_6A68EA90

Source: global traffic

DNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582930312.0000000003EC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.../back.jpeg
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe	String found in binary or memory: http://bugreports.qt.io/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581400054.00000000034B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://bugs.python.org/issue1230540
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1331062848.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1353935513.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1328851196.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354420059.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1323649307.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1357348485.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327288411.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354993131.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1329348310.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354117294.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355850762.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327269550.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358561580.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1330180278.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358309816.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1324867978.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1325816040.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358579533.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356582327.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355170283.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356378009.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1331062848.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1328851196.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354420059.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327288411.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354993131.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354117294.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355850762.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327269550.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358561580.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358309816.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1324867978.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1325816040.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358579533.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356582327.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355170283.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355896087.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356295590.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1330347814.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1357048693.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355535600.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358330012.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1331062848.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1353935513.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1328851196.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354420059.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1323649307.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1357348485.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327288411.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354993131.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1329348310.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354117294.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327269550.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358561580.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358309816.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1324867978.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1325816040.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358579533.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356582327.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355170283.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356378009.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1330364230.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355896087.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1331062848.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCj
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1331062848.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCjj
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1507845690.0000000002CE4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1517934638.0000000002CE4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1511578157.0000000002CE4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591851264.0000000002CE4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1506693280.0000000002D0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523574953.000000000087F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1506942500.0000000000880000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1506693280.0000000002D0B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1506778070.0000000002D17000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2578332810.00000000007C8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1506079847.0000000002C6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577916/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1328851196.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354420059.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327288411.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354993131.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354117294.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355850762.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327269550.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358561580.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358309816.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1324867978.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1325816040.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358579533.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356582327.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355170283.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356378009.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1330364230.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355896087.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1357048693.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355535600.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358330012.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358479839.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1331062848.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1353935513.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1328851196.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354420059.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1323649307.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1357348485.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327288411.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354993131.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1329348310.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354117294.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327269550.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358561580.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1330180278.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358309816.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1324867978.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1325816040.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358579533.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356582327.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355170283.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356378009.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1330364230.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1329348310.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-a
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1329367094.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-aj
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1329367094.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-ajj
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1331062848.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1328851196.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354420059.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327288411.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354993131.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354117294.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355850762.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327269550.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358561580.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1330180278.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358309816.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1324867978.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1325816040.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358579533.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356582327.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355170283.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355896087.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356295590.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1330347814.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1357048693.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355535600.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1331062848.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1353935513.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1328851196.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354420059.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1323649307.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1357348485.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327288411.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354993131.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1329348310.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354117294.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327269550.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358561580.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358309816.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1324867978.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1325816040.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358579533.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356582327.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355170283.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356378009.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1330364230.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355896087.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1331062848.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1353935513.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1328851196.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354420059.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1323649307.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1357348485.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327288411.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354993131.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1329348310.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354117294.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355850762.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327269550.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358561580.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1330180278.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358309816.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1324867978.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1325816040.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358579533.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356582327.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355170283.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356378009.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1331062848.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1328851196.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354420059.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327288411.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354993131.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354117294.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355850762.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327269550.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358561580.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1330180278.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358309816.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1324867978.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1325816040.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358579533.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356582327.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355170283.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355896087.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356295590.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1330347814.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1357048693.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355535600.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1331062848.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1353935513.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1328851196.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354420059.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1323649307.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1357348485.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327288411.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354993131.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1329348310.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354117294.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327269550.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358561580.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358309816.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1324867978.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1325816040.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358579533.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356582327.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355170283.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356378009.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1330364230.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355896087.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf);
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1462886230.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dejavu.sourceforge.net/wiki/index.php/License
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1462886230.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dejavu.sourceforge.net/wiki/index.php/Licensehttp://dejavu.sourceforge.net/wiki/index.php/Lic
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2585374931.0000000005920000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.electrum.org/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591510660.0000000003A78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.electrum.org/r
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580764662.0000000003200000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581260816.0000000003400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1507337416.0000000000888000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580714723.00000000031B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/library/itertools.html#recipes
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1508291858.0000000002D2E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580653016.0000000003170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/ActiveState/appdirs
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583962274.0000000004600000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2584035611.00000000046A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/romanz/amodem/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583962274.0000000004600000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/romanz/amodem/;
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000038F0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2578332810.00000000007C8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1528642852.000000000392A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/mail
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/mail/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000038F0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2578332810.00000000007C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://httpbin.org/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.0000000003132000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590734268.0000000003122000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1532252642.0000000003122000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.0000000003145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://httpbin.org/post
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1458408323.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1459591765.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1460708940.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1462243863.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1462243863.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Helvetica%2CArial%2Csans-serif&fwDefault=normal&fsDefault
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1459591765.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Segoe%20UI%2CArial%2Csans-serif&fwDefault=bold&fsDefault=
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1458408323.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Segoe%20UI%2CHelvetica%2CArial%2Csans-serif&fwDefault=bol
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1460708940.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Trebuchet%20MS%2CTahoma%2CVerdana%2CArial%2Csans-serif&fw
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mynode.local:3002/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1331062848.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1353935513.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1328851196.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354420059.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1323649307.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1357348485.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327288411.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354993131.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1329348310.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354117294.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355850762.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327269550.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358561580.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1330180278.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358309816.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1324867978.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1325816040.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358579533.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356582327.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355170283.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356378009.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1331062848.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1328851196.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354420059.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327288411.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354993131.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354117294.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355850762.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327269550.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358561580.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358309816.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1324867978.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1325816040.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358579533.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356582327.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355170283.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355896087.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356295590.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1330347814.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1357048693.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355535600.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358330012.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1331062848.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1353935513.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1328851196.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354420059.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1323649307.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1357348485.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327288411.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354993131.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1329348310.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354117294.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327269550.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358561580.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358309816.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1324867978.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1325816040.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358579533.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356582327.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355170283.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356378009.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1330364230.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355896087.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498473286.0000000002CFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498189548.0000000002CFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498239523.000000000081D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2579837855.0000000002E60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581716829.0000000003690000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://python.org
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.0000000003132000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590734268.0000000003122000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1532252642.0000000003122000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.0000000003145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://python.org/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581716829.0000000003690000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://python.org:80
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583816893.0000000004500000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/questions/5176691/argparse-how-to-specify-a-default-subcommand
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000039BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/questions/5176691/argparse-how-to-specify-a-default-subcommandFr
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2579837855.0000000002E60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.0000000003122000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.0000000003132000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590734268.0000000003122000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1532252642.0000000003122000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://unicode.org/reports/tr46/).
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2584872500.0000000005317000.00000002.00000001.01000000.00000025.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498473286.0000000002CFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498189548.0000000002CFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498239523.000000000081D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2579888959.0000000002EA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498473286.0000000002CEC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498473286.0000000002C6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2584872500.0000000005317000.00000002.00000001.01000000.00000025.sdmp	String found in binary or memory: http://www.color.org)
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.0000000002F89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comhttp://www.fontbureau.com/designersCursivaHigh
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.0000000003A18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comhttp://www.fontbureau.com/designersNormalNormaaliNormalNorm
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1524643453.00000000030C9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591376227.0000000003051000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591899706.0000000003051000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591612678.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590862643.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.000000000305D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498473286.0000000002CEC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2578332810.00000000007C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/Microsoft
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581400054.00000000034B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.lincolnloop.com
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582966655.0000000003F00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.nightmare.com/squirl/python-ext/misc/syslog.py
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1353714154.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.openssl.org/V
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498473286.0000000002CEC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498473286.0000000002C6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wwwsearch.sf.net/):
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://yahoo.com/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://3xpl.com/bitcoin/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583594237.0000000004360000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.trustedcoin.com/#/electrum-help
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2585521218.0000000005A20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.trustedcoin.com/2/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.0000000003AAE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.trustedcoin.com/2/c
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blockchain.com/btc/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blockchair.com/bitcoin/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blockstream.info/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581646325.0000000003600000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blockstream.info/testnet/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://btc.bitaps.com/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://btc.bitaps.com/r
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://btc.com/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.0000000002FC0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591612678.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590862643.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bugs.python.org/issue37179
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581400054.00000000034B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.python.org/issue42130
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2597512220.000000006C39A000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chainflyer.bitflyer.jp/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581827621.0000000003750000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cloud.google.com/appengine/docs/standard/runtimes
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2585411153.0000000005960000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashhub.electrum.org
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582930312.0000000003EC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.1.4.1
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.0000000002FC0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591612678.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590862643.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.aiohttp.org/en/stable/client_advanced.html#proxy-support
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583740593.0000000004480000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.aiohttp.org/en/stable/web_advanced.html#application-s-config
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583740593.0000000004480000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.aiohttp.org/en/stable/web_advanced.html#application-s-configG
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1532252642.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1528335797.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590734268.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581863026.00000000037A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/asyncio-eventloop.html
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2579405117.0000000002CB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/pprint.html
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2579405117.0000000002CB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/pprint.html#pprint.pprint
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1517242856.0000000002FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591612678.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590862643.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.000000000305D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1521036439.000000000305D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523647364.0000000002FC2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1524685226.000000000305D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/re.html
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2579950912.0000000002EE0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1517734718.0000000003022000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1517242856.0000000002FD3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/re.html#re.sub
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581898769.00000000037E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/ssl.html#ssl.OP_NO_COMPRESSION
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2585374931.0000000005920000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582966655.0000000003F00000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591510660.0000000003A78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://electrum.org
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000039BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://electrum.org/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2585484853.00000000059E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://electrum.org/#download
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2585484853.00000000059E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://electrum.org/version
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2585484853.00000000059E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://electrum.org/versionr
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581646325.0000000003600000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ex.signet.bublina.eu.org/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://explorer.bc-2.jp/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580653016.0000000003170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581827621.0000000003750000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581754093.00000000036D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2585484853.00000000059E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ColinDuquesnoy/QDarkStyleSheet/issues/200
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1493848215.0000000000827000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1493284127.00000000001FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1492241928.0000000000803000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1499177635.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1491385442.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498239523.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1490197089.0000000002456000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1490308483.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1491802301.0000000000803000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1490894645.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1491504814.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1497647994.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2578332810.00000000007C8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1492512320.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498042646.000000000081E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1494521580.000000000082E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.0000000002FC0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591612678.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590862643.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/aio-libs/aiohttp/discussions/6044
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582893667.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582966655.0000000003F00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/bitcoin-core/HWI/blob/5f300d3dee7b317a6194680ad293eaa0962a3cc7/hwilib/key.py
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582930312.0000000003EC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/bitcoin/bitcoin/blob/8cbc5c4be4be22aca228074f087a374a7ec38be8/src/script/script.h
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583112619.0000000004010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/bitcoin/bitcoin/blob/master/src/script/descriptor.cpp
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583002832.0000000003F40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/btcsuite/btcd/blob/fdc2bc867bda6b351191b5872d2da8270df00d13/txscript/scriptbuilde
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583999285.0000000004660000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/digitalbitbox/bitbox02-firmware/tree/master/py/bitbox02
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583703354.0000000004440000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fiatjaf/lnurl-rfc/blob/luds/16.md
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2579888959.0000000002EA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583039420.0000000003F80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/keis/base58
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583076129.0000000003FC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pyca/cryptography/issues
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580714723.00000000031B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/packaging
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1520553340.000000000300B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pyparsing/pyparsing/wiki
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.0000000003132000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1524269615.0000000003135000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590734268.0000000003122000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1532252642.0000000003122000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.0000000003145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python-attrs/attrs/issues/136
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.0000000003132000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1524269615.0000000003135000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590734268.0000000003122000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1532252642.0000000003122000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.0000000003145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python-attrs/attrs/issues/428
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1490197089.0000000002456000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1494521580.000000000082E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1493848215.0000000000827000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1493284127.00000000001FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1492241928.0000000000803000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1499177635.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1491385442.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498239523.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1490197089.0000000002456000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1490308483.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1491802301.0000000000803000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1490894645.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1491504814.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1497647994.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2578332810.00000000007C8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1492512320.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498042646.000000000081E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1494521580.000000000082E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581400054.00000000034B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/issues/86296
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.0000000002FC0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591612678.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590862643.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/pull/28073
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581827621.0000000003750000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581573254.0000000003580000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/romis2012/aiohttp-socks/issues/27
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581863026.00000000037A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/romis2012/python-socks
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583853520.0000000004540000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/satoshilabs/slips/blob/master/slip-0039.md.
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583039420.0000000003F80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/spesmilo/electrum
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583039420.0000000003F80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/spesmilo/electrum/issues
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583225136.00000000040D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/stefankoegl/python-json-patch
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583225136.00000000040D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/stefankoegl/python-json-patchng
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1493848215.0000000000827000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1493284127.00000000001FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1492241928.0000000000803000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1499177635.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1491385442.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498239523.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1490197089.0000000002456000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1490308483.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1491802301.0000000000803000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1490894645.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1491504814.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1497647994.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2578332810.00000000007C8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1492512320.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498042646.000000000081E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1494521580.000000000082E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.0000000003132000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590734268.0000000003122000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1532252642.0000000003122000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.0000000003145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582757109.0000000003D30000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1528642852.000000000392A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/497
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000038F0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2578332810.00000000007C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/get
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590734268.0000000003163000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.0000000003163000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/post
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://insight.bitpay.com/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.000000000305D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1524685226.000000000305D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://json.org
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://live.blockcypher.com/btc-testnet/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581646325.0000000003600000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://live.blockcypher.com/btc/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1532252642.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1528335797.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1492947254.0000000000800000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1524341335.00000000030E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590734268.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.00000000030F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mahler:8092/site-updates.py
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mempool.emzy.de/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mempool.space/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mempool.space/signet/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mempool.space/testnet/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mempool.space/x
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://oxt.me/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580653016.0000000003170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590734268.0000000003163000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.0000000003163000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582930312.0000000003EC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://requests.readthedocs.io
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1497759033.0000000002C94000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1497458279.0000000002C7D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581646325.0000000003600000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://signet-explorer.wakiyamap.dev/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581646325.0000000003600000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://signet.bitcoinexplorer.org/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1524341335.00000000030E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581573254.0000000003580000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581400054.00000000034B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/a/13624858
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.0000000002FC0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1517734718.000000000305D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523647364.000000000305D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591376227.0000000003051000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1517734718.0000000003022000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1521292676.000000000305D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591899706.0000000003051000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1517242856.0000000002FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591612678.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590862643.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.000000000305D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1521036439.000000000305D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523647364.0000000002FC2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1524685226.000000000305D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tbtc.bitaps.com/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581646325.0000000003600000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://testnet.smartbit.com.au/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590734268.0000000003163000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.0000000003163000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583002832.0000000003F40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc5155#section-5
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000038F0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2578332810.00000000007C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582757109.0000000003D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582757109.0000000003D30000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582720835.0000000003CF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/html/sec-forms.html#multipart-form-data
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1508291858.0000000002D2E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523574953.000000000087F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2578332810.00000000007C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wiki.debian.org/XDGBaseDirectorySpecification#state
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.0000000003132000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1524269615.0000000003135000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590734268.0000000003122000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1532252642.0000000003122000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.0000000003145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wiki.python.org/moin/DunderAlias
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581791806.0000000003710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.attrs.org/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581646325.0000000003600000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.blockchain.com/btc-testnet/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.blockonomics.co/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.chain.so/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1336737782.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.6T6X6
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1331062848.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1353935513.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1328851196.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354420059.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1323649307.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1357348485.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327288411.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354993131.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1329348310.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354117294.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355850762.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327269550.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358561580.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1330180278.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358309816.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1324867978.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1325816040.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358579533.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356582327.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355170283.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356378009.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1336782875.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.j
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1336782875.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.jj
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590734268.0000000003163000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.0000000003163000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1532252642.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1528335797.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1492947254.0000000000800000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1524341335.00000000030E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590734268.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.00000000030F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2578984098.0000000002B40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2578984098.0000000002B40000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1491719086.0000000000841000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591376227.0000000003051000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591899706.0000000003051000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591612678.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590862643.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.000000000305D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://zopeinterface.readthedocs.io/en/latest/

Spam, unwanted Advertisements and Ransom Demands

Yara detected Generic Python Ransomware

Source: Yara match

File source: Process Memory Space: SecuriteInfo.com.Win32.Patched.24562.10289.exe PID: 7948, type: MEMORYSTR

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 1_2_00409949	1_2_00409949
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 1_2_004131C0	1_2_004131C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 1_2_00410A20	1_2_00410A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 1_2_00414570	1_2_00414570
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 1_2_004095E6	1_2_004095E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 1_2_004095E6	1_2_004095E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 1_2_0040A670	1_2_0040A670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 1_2_0040AF90	1_2_0040AF90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_00409949	6_2_00409949
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_004131C0	6_2_004131C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_00410A20	6_2_00410A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_00414570	6_2_00414570
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_004095E6	6_2_004095E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_004095E6	6_2_004095E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_0040A670	6_2_0040A670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_0040AF90	6_2_0040AF90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_04FBB4F0	6_2_04FBB4F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_0505AC70	6_2_0505AC70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_04FBD1B0	6_2_04FBD1B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_05122890	6_2_05122890
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_0505AB20	6_2_0505AB20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_050D9390	6_2_050D9390
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_050283B0	6_2_050283B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_05024A80	6_2_05024A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_695D7930	6_2_695D7930
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_695E3820	6_2_695E3820
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_695ED090	6_2_695ED090
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_695D80A0	6_2_695D80A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_695C1560	6_2_695C1560
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_695C2D80	6_2_695C2D80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_695ED4C0	6_2_695ED4C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_695CCF36	6_2_695CCF36
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A638A50	6_2_6A638A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A66ABF0	6_2_6A66ABF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A64AC70	6_2_6A64AC70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A642D30	6_2_6A642D30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A636070	6_2_6A636070

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: String function: 00402F90 appears 214 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: String function: 00402ED0 appears 132 times

Source: _overlapped.pyd.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: libzbar-0.dll.1.dr	Static PE information: Number of sections : 11 > 10
Source: libusb-1.0.dll.1.dr	Static PE information: Number of sections : 11 > 10

Source: python3.dll.1.dr

Static PE information: No import functions for PE file found

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DEBUG_STRIPPED

Source: Qt5Core.dll.1.dr	Static PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
Source: libsecp256k1-2.dll.1.dr	Static PE information: Section: .rdata ZLIB complexity 0.9982626488095238

Source: classification engine

Classification label: mal45.rans.spyw.evad.winEXE@14/874@1/1

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Code function: 1_2_004086F0 FormatMessageW,WideCharToMultiByte,GetLastError,

1_2_004086F0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Code function: 6_2_6A6B23B0 ?shared_null@QListData@@2UData@1@B,CertOpenSystemStoreW,CertFindCertificateInStore,CertFindCertificateInStore,??0QByteArray@@QAE@PBDH@Z,??0QSslCertificate@@QAE@ABVQByteArray@@W4EncodingFormat@QSsl@@@Z,??0QSslCertificate@@QAE@ABV0@@Z,??0QSslCertificate@@QAE@ABV0@@Z,?append@QListData@@QAEPAPAXXZ,??1QSslCertificate@@QAE@XZ,??1QByteArray@@QAE@XZ,CertFindCertificateInStore,CertCloseStore,

6_2_6A6B23B0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

File created: C:\Users\user\AppData\Roaming\Electrum

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8108:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7284:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8168:120:WilError_03

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

File created: C:\Users\user~1\AppData\Local\Temp\_MEI76522

Jump to behavior

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2597097623.000000006C301000.00000002.00000001.01000000.0000001E.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2597097623.000000006C301000.00000002.00000001.01000000.0000001E.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2597097623.000000006C301000.00000002.00000001.01000000.0000001E.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2597097623.000000006C301000.00000002.00000001.01000000.0000001E.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2597097623.000000006C301000.00000002.00000001.01000000.0000001E.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2597097623.000000006C301000.00000002.00000001.01000000.0000001E.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2597097623.000000006C301000.00000002.00000001.01000000.0000001E.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c fsutil sparse setflag "C:\Users\user\AppData\Roaming\Electrum\blockchain_headers" 1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\fsutil.exe fsutil sparse setflag "C:\Users\user\AppData\Roaming\Electrum\blockchain_headers" 1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c fsutil sparse setflag "C:\Users\user\AppData\Roaming\Electrum\blockchain_headers" 1	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\fsutil.exe fsutil sparse setflag "C:\Users\user\AppData\Roaming\Electrum\blockchain_headers" 1	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: libffi-7.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: libcrypto-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: libssl-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: hid.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: sqlite3.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: msvcp140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: qt5gui.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: qt5widgets.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: qt5multimedia.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: qt5network.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: qt5network.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: opengl32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: glu32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: libegl.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: libglesv2.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: qt5svg.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

File opened: C:\Users\user\Desktop\pyvenv.cfg

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe

Static file information: File size 47764104 > 1048576

Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354565423.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355359672.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2589869938.00000000695B3000.00000002.00000001.01000000.00000035.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354396146.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_wasapi.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1353935513.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_wasapi.pdb++" source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1353935513.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\printsupport\windowsprintersupport.pdb"" source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358561580.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_decimal.pdb%% source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2598818140.000000006C9E2000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354975105.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2592034048.0000000069624000.00000002.00000001.01000000.00000033.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\platformthemes\qxdgdesktopportal.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358309816.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\qtmedia_audioengine.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356563460.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb''! source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2592425928.0000000069656000.00000002.00000001.01000000.00000030.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2595934639.000000006BA71000.00000020.00000001.01000000.00000022.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2588912454.0000000069587000.00000002.00000001.01000000.00000036.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb!! source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354700958.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2602297206.000000006FF65000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2592425928.0000000069656000.00000002.00000001.01000000.00000030.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356040749.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2586346848.00000000694C7000.00000002.00000001.01000000.0000003A.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\pyexpat.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2600737267.000000006CD4F000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_windows.pdb(( source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354117294.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2600125221.000000006CC34000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_bz2.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2601200333.000000006CDBC000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\bearer\qgenericbearer.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354257486.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_asyncio.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2599586764.000000006CA17000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2584872500.0000000005317000.00000002.00000001.01000000.00000025.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libGLESv2.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2592816487.000000006A00B000.00000002.00000001.01000000.0000002F.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_socket.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2600875298.000000006CD68000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 1.1.1t 7 Feb 2023built on: Thu Feb 9 15:27:35 2023 UTCplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "C:\Program Files (x86)\OpenSSL\lib\engines-1_1"not available source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2600125221.000000006CC34000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\qtmedia_audioengine.pdb-- source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356563460.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libGLESv2.pdb3 source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2592816487.000000006A00B000.00000002.00000001.01000000.0000002F.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\platformthemes\qxdgdesktopportal.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358309816.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\x86ret\bin\i386\\msvcp140_1.i386.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2595834503.000000006BA61000.00000020.00000001.01000000.00000021.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354700958.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2602297206.000000006FF65000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: d:\a01\_work\11\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2602514838.0000000073C61000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\printsupport\windowsprintersupport.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358561580.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_queue.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2600593933.000000006CD23000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355499153.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\playlistformats\qtmultimedia_m3u.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358443027.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\bearer\qgenericbearer.pdb"" source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354257486.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\sqlite3.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2597097623.000000006C301000.00000002.00000001.01000000.0000001E.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_sqlite3.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2597240669.000000006C339000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354837544.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\lib\Qt5Multimedia.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2593981924.000000006A76A000.00000002.00000001.01000000.00000029.sdmp
Source:	Binary string: D:\a\1\b\libssl-1_1.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2599790827.000000006CA82000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb"" source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354975105.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2592034048.0000000069624000.00000002.00000001.01000000.00000033.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\python3.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2586182529.0000000010000000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: D:\a\1\b\libssl-1_1.pdbAA source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2599790827.000000006CA82000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb"" source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354396146.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_decimal.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2598818140.000000006C9E2000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_hashlib.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2599065056.000000006C9F5000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdbTT source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355125664.00000000024EA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2590911263.0000000069616000.00000002.00000001.01000000.00000034.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb,, source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2588912454.0000000069587000.00000002.00000001.01000000.00000036.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2594610201.000000006AB31000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_windows.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354117294.00000000024E6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2593243825.000000006A526000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355125664.00000000024EA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2590911263.0000000069616000.00000002.00000001.01000000.00000034.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355850762.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2586624372.00000000694E3000.00000002.00000001.01000000.00000039.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libEGL.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1335239147.00000000024E6000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Code function: 1_2_004014F0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,

1_2_004014F0

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe	Static PE information: section name: /4
Source: MSVCP140.dll.1.dr	Static PE information: section name: .didat
Source: Qt5Core.dll.1.dr	Static PE information: section name: .qtmimed
Source: opengl32sw.dll.1.dr	Static PE information: section name: _RDATA
Source: qtaudio_wasapi.dll.1.dr	Static PE information: section name: .qtmetad
Source: qtaudio_windows.dll.1.dr	Static PE information: section name: .qtmetad
Source: qgenericbearer.dll.1.dr	Static PE information: section name: .qtmetad
Source: qtuiotouchplugin.dll.1.dr	Static PE information: section name: .qtmetad
Source: qsvgicon.dll.1.dr	Static PE information: section name: .qtmetad
Source: qgif.dll.1.dr	Static PE information: section name: .qtmetad
Source: qicns.dll.1.dr	Static PE information: section name: .qtmetad
Source: qico.dll.1.dr	Static PE information: section name: .qtmetad
Source: qjpeg.dll.1.dr	Static PE information: section name: .qtmetad
Source: qsvg.dll.1.dr	Static PE information: section name: .qtmetad
Source: qtga.dll.1.dr	Static PE information: section name: .qtmetad
Source: qtiff.dll.1.dr	Static PE information: section name: .qtmetad
Source: qwbmp.dll.1.dr	Static PE information: section name: .qtmetad
Source: qwebp.dll.1.dr	Static PE information: section name: .qtmetad
Source: dsengine.dll.1.dr	Static PE information: section name: .qtmetad
Source: qtmedia_audioengine.dll.1.dr	Static PE information: section name: .qtmetad
Source: wmfengine.dll.1.dr	Static PE information: section name: .qtmetad
Source: qminimal.dll.1.dr	Static PE information: section name: .qtmetad
Source: qoffscreen.dll.1.dr	Static PE information: section name: .qtmetad
Source: qwebgl.dll.1.dr	Static PE information: section name: .qtmetad
Source: qwindows.dll.1.dr	Static PE information: section name: .qtmetad
Source: qxdgdesktopportal.dll.1.dr	Static PE information: section name: .qtmetad
Source: qtmultimedia_m3u.dll.1.dr	Static PE information: section name: .qtmetad
Source: windowsprintersupport.dll.1.dr	Static PE information: section name: .qtmetad
Source: qwindowsvistastyle.dll.1.dr	Static PE information: section name: .qtmetad
Source: libcrypto-1_1.dll.1.dr	Static PE information: section name: .00cfg
Source: libsecp256k1-2.dll.1.dr	Static PE information: section name: /4
Source: libssl-1_1.dll.1.dr	Static PE information: section name: .00cfg
Source: libusb-1.0.dll.1.dr	Static PE information: section name: /4
Source: libzbar-0.dll.1.dr	Static PE information: section name: /4
Source: python310.dll.1.dr	Static PE information: section name: PyRuntim

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 1_2_004208BF push 41100E0Ah; ret	1_2_004208E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 1_2_0041B970 push ds; ret	1_2_0041B978
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 1_2_0041C3EB push ebx; iretd	1_2_0041C470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 1_2_0041C467 push ebx; iretd	1_2_0041C470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_004208BF push 41100E0Ah; ret	6_2_004208E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_0041B970 push ds; ret	6_2_0041B978
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_0041C3EB push ebx; iretd	6_2_0041C470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_0041C467 push ebx; iretd	6_2_0041C470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_695F0556 push ecx; ret	6_2_695F0569
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6A8A6B push FFFFFF8Bh; iretd	6_2_6A6A8A73
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6A8A34 push 8B6A6D37h; iretd	6_2_6A6A8A3C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6A8ADF push FFFFFF8Bh; iretd	6_2_6A6A8AE1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6A8AA8 push FFFFFF8Bh; iretd	6_2_6A6A8AAA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6A8B7E push FFFFFF8Bh; iretd	6_2_6A6A8B86
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6A8B47 push FFFFFF8Bh; iretd	6_2_6A6A8B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6A8B10 push FFFFFF8Bh; iretd	6_2_6A6A8B18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6A8BE8 push FFFFFF8Bh; iretd	6_2_6A6A8BF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6A8BB5 push FFFFFF8Bh; iretd	6_2_6A6A8BBD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6A8870 push FFFFFF8Bh; iretd	6_2_6A6A8884
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6A884B push FFFFFF8Bh; iretd	6_2_6A6A884D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6A880E push FFFFFF8Bh; iretd	6_2_6A6A8816
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6A88DA push FFFFFF8Bh; iretd	6_2_6A6A88F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6A88A3 push FFFFFF8Bh; iretd	6_2_6A6A88BB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6A8948 push FFFFFF8Bh; iretd	6_2_6A6A8960
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6A8911 push FFFFFF8Bh; iretd	6_2_6A6A8929
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6A89FD push FFFFFF8Bh; iretd	6_2_6A6A8A05
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6A89C6 push FFFFFF8Bh; iretd	6_2_6A6A89CE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6A8995 push FFFFFF8Bh; iretd	6_2_6A6A8997
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6A6E6D push FFFFFF8Bh; iretd	6_2_6A6A6E85
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6A8E70 push FFFFFF8Bh; iretd	6_2_6A6A8E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6A6E42 push FFFFFF8Bh; iretd	6_2_6A6A6E4E

Persistence and Installation Behavior

Found pyInstaller with non standard icon

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Process created: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe"

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5DBus.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\QtPrintSupport.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\sip.cp310-win32.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Gui.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qgif.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\QtWidgets.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\python310.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\libffi-7.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\cryptography\hazmat\bindings\_rust.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\QtCore.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\QtGui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\MSVCP140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Widgets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\libzbar-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\platforms\qwebgl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\printsupport\windowsprintersupport.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\libusb-1.0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\QtNetwork.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\opengl32sw.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\QtMultimedia.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5QmlModels.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Multimedia.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\platforms\qminimal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\mediaservice\wmfengine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Network.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Quick.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\bearer\qgenericbearer.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5WebSockets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\platforms\qoffscreen.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\mediaservice\qtmedia_audioengine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\audio\qtaudio_wasapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\libeay32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\libsecp256k1-2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5PrintSupport.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Qml.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\_sqlite3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\playlistformats\qtmultimedia_m3u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\ssleay32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\iconengines\qsvgicon.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\mediaservice\dsengine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\hid.cp310-win32.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\MSVCP140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Svg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\audio\qtaudio_windows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\_cffi_backend.cp310-win32.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI76522\_queue.pyd	Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user~1\AppData\Local\Temp\_MEI76522\electrum\plugins\payserver\www\vendor\jquery-ui-themes-1.12.1\LICENSE.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user~1\AppData\Local\Temp\_MEI76522\electrum\plugins\revealer\LICENSE_DEJAVU.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user~1\AppData\Local\Temp\_MEI76522\electrum\plugins\revealer\SIL Open Font License.txt	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Code function: 1_2_00406D50 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

1_2_00406D50

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Window / User API: foregroundWindowGot 493

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5DBus.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\sip.cp310-win32.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\QtPrintSupport.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qgif.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\QtWidgets.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\python310.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\cryptography\hazmat\bindings\_rust.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\QtCore.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\QtGui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\libzbar-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\platforms\qwebgl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\printsupport\windowsprintersupport.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\libusb-1.0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\QtNetwork.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\QtMultimedia.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\opengl32sw.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5QmlModels.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\platforms\qminimal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\mediaservice\wmfengine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Quick.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\bearer\qgenericbearer.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5WebSockets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\platforms\qoffscreen.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\mediaservice\qtmedia_audioengine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\audio\qtaudio_wasapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\libeay32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\libsecp256k1-2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5PrintSupport.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\_sqlite3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Qml.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\playlistformats\qtmultimedia_m3u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\ssleay32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\iconengines\qsvgicon.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\mediaservice\dsengine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\hid.cp310-win32.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\audio\qtaudio_windows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\_cffi_backend.cp310-win32.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76522\_queue.pyd	Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_1-19743

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	API coverage: 8.0 %
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	API coverage: 0.7 %

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 1_2_00408F20 FindFirstFileExW,FindClose,		1_2_00408F20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_00408F20 FindFirstFileExW,FindClose,		6_2_00408F20

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user~1\AppData\Local\Temp\_MEI76522\electrum\plugins\payserver\www\vendor\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user~1\AppData\Local\Temp\_MEI76522\electrum\plugins\payserver\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user~1\AppData\Local\Temp\_MEI76522\electrum\plugins\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user~1\AppData\Local\Temp\_MEI76522\electrum\plugins\payserver\www\vendor\jquery-ui-themes-1.12.1\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user~1\AppData\Local\Temp\_MEI76522\electrum\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user~1\AppData\Local\Temp\_MEI76522\electrum\plugins\payserver\www\	Jump to behavior

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2585047863.0000000005528000.00000008.00000001.01000000.00000025.sdmp

Binary or memory string: .?AVQEmulationPaintEngine@@

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Code function: 6_2_695F03E8 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

6_2_695F03E8

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Code function: 1_2_004014F0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,

1_2_004014F0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 1_2_0040117C Sleep,Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv,_amsg_exit,_initterm,GetStartupInfoW,_cexit,_initterm,exit,	1_2_0040117C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 1_2_00401170 Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv,	1_2_00401170
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 1_2_004011B3 Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv,	1_2_004011B3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_0040117C Sleep,Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv,_amsg_exit,_initterm,GetStartupInfoW,_cexit,_initterm,exit,	6_2_0040117C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_00401170 Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv,	6_2_00401170
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_004011B3 Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv,	6_2_004011B3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_0531420F SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_0531420F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_695EF85F SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_695EF85F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_695F03E8 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_695F03E8

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c fsutil sparse setflag "C:\Users\user\AppData\Roaming\Electrum\blockchain_headers" 1	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\fsutil.exe fsutil sparse setflag "C:\Users\user\AppData\Roaming\Electrum\blockchain_headers" 1	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Code function: 6_2_695EF5C6 cpuid

6_2_695EF5C6

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Code function: 6_2_695F059B GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

6_2_695F059B

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\config	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\blockchain_headers	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\forks	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\blockchain_headers	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\blockchain_headers	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\blockchain_headers	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\recent_servers	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\certs	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\cache\CoinGecko_EUR	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\cache	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\config	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\forks	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\forks\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\config	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\certs	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\cache	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\config	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\config	Jump to behavior
Source: C:\Windows\SysWOW64\fsutil.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\blockchain_headers	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A692A40 ?isListening@QLocalServer@@QBE_NXZ,WaitForSingleObject,	6_2_6A692A40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A684A30 ?writeDatagram@QUdpSocket@@QAE_JPBD_JABVQHostAddress@@G@Z,??0QHostAddress@@QAE@W4SpecialAddress@0@@Z,??1QHostAddress@@QAE@XZ,?state@QAbstractSocket@@QBE?AW4SocketState@1@XZ,?bind@QAbstractSocket@@QAE_NGV?$QFlags@W4BindFlag@QAbstractSocket@@@@@Z,??0QHostAddress@@QAE@XZ,??0QSslPreSharedKeyAuthenticator@@QAE@ABV0@@Z,??1QHostAddress@@QAE@XZ,??1QHostAddress@@QAE@XZ,?bytesWritten@QIODevice@@QAEX_J@Z,?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z,??1QString@@QAE@XZ,??1QString@@QAE@XZ,	6_2_6A684A30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A690840 ?isListening@QLocalServer@@QBE_NXZ,	6_2_6A690840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A690850 ?listen@QLocalServer@@QAE_NABVQString@@@Z,??0QMessageLogger@@QAE@PBDH0@Z,?warning@QMessageLogger@@QBAXPBDZZ,??0QString@@QAE@VQLatin1String@@@Z,?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z,??0QChar@@QAE@UQLatin1Char@@@Z,?arg@QString@@QBE?AV1@ABV1@HVQChar@@@Z,??4QDateTime@@QAEAAV0@$$QAV0@@Z,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ,?clear@QString@@QAEXXZ,?clear@QString@@QAEXXZ,??4QString@@QAEAAV0@ABV0@@Z,	6_2_6A690850
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A630800 ?startsWith@QString@@QBE_NVQLatin1String@@W4CaseSensitivity@Qt@@@Z,?property@QObject@@QBE?AVQVariant@@PBD@Z,?setProperty@QObject@@QAE_NPBDABVQVariant@@@Z,??1QVariant@@QAE@XZ,?isListening@QTcpServer@@QBE_NXZ,?listen@QTcpServer@@QAE_NABVQHostAddress@@G@Z,?serverPort@QTcpServer@@QBEGXZ,	6_2_6A630800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A6848F0 ?writeDatagram@QUdpSocket@@QAE_JABVQNetworkDatagram@@@Z,?destinationAddress@QNetworkDatagram@@QBE?AVQHostAddress@@XZ,??0QHostAddress@@QAE@W4SpecialAddress@0@@Z,??1QHostAddress@@QAE@XZ,??1QHostAddress@@QAE@XZ,?state@QAbstractSocket@@QBE?AW4SocketState@1@XZ,?bind@QAbstractSocket@@QAE_NGV?$QFlags@W4BindFlag@QAbstractSocket@@@@@Z,?data@QString@@QBEPBVQChar@@XZ,?bytesWritten@QIODevice@@QAEX_J@Z,??1QString@@QAE@XZ,	6_2_6A6848F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A690970 ?listen@QLocalServer@@QAE_NH@Z,??0QMessageLogger@@QAE@PBDH0@Z,?warning@QMessageLogger@@QBAXPBDZZ,?clear@QString@@QAEXXZ,?clear@QString@@QAEXXZ,	6_2_6A690970
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 6_2_6A686C50 ??0QHostAddress@@QAE@XZ,?protocol@QHostAddress@@QBE?AW4NetworkLayerProtocol@QAbstractSocket@@XZ,??4QHostAddress@@QAEAAV0@W4SpecialAddress@0@@Z,??4QHostAddress@@QAEAAV0@ABV0@@Z,?error@QDnsLookup@@QBE?AW4Error@1@XZ,?error@QDnsLookup@@QBE?AW4Error@1@XZ,?bind@QAbstractSocket@@QAE_NABVQHostAddress@@GV?$QFlags@W4BindFlag@QAbstractSocket@@@@@Z,?errorString@QIODevice@@QBE?AVQString@@XZ,?error@QAbstractSocket@@QBE?AW4SocketError@1@XZ,?localAddress@QAbstractSocket@@QBE?AVQHostAddress@@XZ,??1QHostAddress@@QAE@XZ,?localPort@QAbstractSocket@@QBEGXZ,??4QHostAddress@@QAEAAV0@ABV0@@Z,?start@QElapsedTimer@@QAEXXZ,?port@QNetworkProxy@@QBEGXZ,?hostName@QNetworkProxy@@QBE?AVQString@@XZ,??1QString@@QAE@XZ,?state@QAbstractSocket@@QBE?AW4SocketState@1@XZ,??1QHostAddress@@QAE@XZ,??4QHostAddress@@QAEAAV0@ABV0@@Z,??0QHostAddress@@QAE@XZ,??1QHostAddress@@QAE@XZ,??1QHostAddress@@QAE@XZ,??0QString@@QAE@VQLatin1String@@@Z,??1QString@@QAE@XZ,??1QHostAddress@@QAE@XZ,	6_2_6A686C50

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Native API	1 DLL Side-Loading	11 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	11 Process Injection	LSASS Memory	11 Security Software Discovery	Remote Desktop Protocol	1 Data from Local System	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	1 Application Window Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	2 File and Directory Discovery	Distributed Component Object Model	Input Capture	1 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Install Root Certificate	LSA Secrets	23 System Information Discovery	SSH	Keylogging	1 Proxy	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Software Packing	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Win32.Patched.24562.10289.exe	3%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\MSVCP140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\MSVCP140_1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Core.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5DBus.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Gui.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Multimedia.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Network.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5PrintSupport.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Qml.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5QmlModels.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Quick.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Svg.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5WebSockets.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Widgets.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\d3dcompiler_47.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\libEGL.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\libGLESv2.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\libeay32.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\opengl32sw.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\ssleay32.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\audio\qtaudio_wasapi.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\audio\qtaudio_windows.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\bearer\qgenericbearer.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\iconengines\qsvgicon.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qgif.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qicns.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qico.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qjpeg.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qsvg.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qtga.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qtiff.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qwbmp.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\imageformats\qwebp.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\mediaservice\dsengine.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\mediaservice\qtmedia_audioengine.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\mediaservice\wmfengine.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\platforms\qminimal.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\platforms\qoffscreen.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\platforms\qwebgl.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\platforms\qwindows.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\playlistformats\qtmultimedia_m3u.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\printsupport\windowsprintersupport.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\QtCore.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\QtGui.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\QtMultimedia.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\QtNetwork.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\QtPrintSupport.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\QtWidgets.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\sip.cp310-win32.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\VCRUNTIME140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\_asyncio.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\_bz2.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\_cffi_backend.cp310-win32.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\_ctypes.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\_decimal.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\_hashlib.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\_lzma.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\_multiprocessing.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\_overlapped.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\_queue.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\_socket.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\_sqlite3.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\_ssl.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\_uuid.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\bitbox02\communication\generated\backup_commands_pb2.pyi	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\bitbox02\communication\generated\bitbox02_system_pb2.pyi	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\bitbox02\communication\generated\btc_pb2.pyi	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76522\bitbox02\communication\generated\common_pb2.pyi	0%	ReversingLabs

Source	Detection	Scanner	Label
https://httpbin.org/get	0%	URL Reputation	safe
http://jqueryui.com	0%	Avira URL Cloud	safe
https://docs.python.org/3/library/ssl.html#ssl.OP_NO_COMPRESSION	0%	Avira URL Cloud	safe
https://github.com/romis2012/aiohttp-socks/issues/27	0%	Avira URL Cloud	safe
https://cloud.google.com/appengine/docs/standard/runtimes	0%	Avira URL Cloud	safe
https://github.com/aio-libs/aiohttp/discussions/6044	0%	Avira URL Cloud	safe
http://github.com/romanz/amodem/;	0%	Avira URL Cloud	safe
http://jqueryui.com/themeroller/?ffDefault=Segoe%20UI%2CArial%2Csans-serif&fwDefault=bold&fsDefault=	0%	Avira URL Cloud	safe
http://bugs.python.org/issue1230540	0%	Avira URL Cloud	safe
https://testnet.smartbit.com.au/	0%	Avira URL Cloud	safe
http://python.org	0%	Avira URL Cloud	safe
http://www.openssl.org/V	0%	URL Reputation	safe
https://httpbin.org/post	0%	URL Reputation	safe
https://github.com/bitcoin/bitcoin/blob/master/src/script/descriptor.cpp	0%	Avira URL Cloud	safe
https://github.com/stefankoegl/python-json-patchng	0%	Avira URL Cloud	safe
https://tools.ietf.org/html/rfc2388#section-4.4	0%	Avira URL Cloud	safe
http://python.org:80	0%	Avira URL Cloud	safe
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#	0%	Avira URL Cloud	safe
https://github.com/pypa/packaging	0%	Avira URL Cloud	safe
https://github.com/satoshilabs/slips/blob/master/slip-0039.md.	0%	Avira URL Cloud	safe
https://refspecs.linuxfoundation.org/elf/gabi4	0%	Avira URL Cloud	safe
http://bugreports.qt.io/	0%	Avira URL Cloud	safe
http://jqueryui.com/themeroller/?ffDefault=Segoe%20UI%2CHelvetica%2CArial%2Csans-serif&fwDefault=bol	0%	Avira URL Cloud	safe
http://www.fontbureau.comhttp://www.fontbureau.com/designersNormalNormaaliNormalNorm	0%	Avira URL Cloud	safe
https://github.com/romis2012/python-socks	0%	Avira URL Cloud	safe
http://docs.python.org/3/library/subprocess#subprocess.Popen.kill	0%	Avira URL Cloud	safe
https://github.com/python-attrs/attrs/issues/136	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/Microsoft	0%	Avira URL Cloud	safe
https://github.com/spesmilo/electrum	0%	Avira URL Cloud	safe
http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode	0%	Avira URL Cloud	safe
https://zopeinterface.readthedocs.io/en/latest/	0%	Avira URL Cloud	safe
https://www.digicert.jj	0%	Avira URL Cloud	safe
https://oxt.me/	0%	Avira URL Cloud	safe
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688	0%	Avira URL Cloud	safe
http://httpbin.org/	0%	Avira URL Cloud	safe
https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access	0%	Avira URL Cloud	safe
http://docs.electrum.org/r	0%	Avira URL Cloud	safe
https://docs.python.org/3/library/pprint.html	0%	Avira URL Cloud	safe
https://api.trustedcoin.com/2/	0%	Avira URL Cloud	safe
https://mempool.space/testnet/	0%	Avira URL Cloud	safe
https://btc.com/	0%	Avira URL Cloud	safe
https://electrum.org/version	0%	Avira URL Cloud	safe
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader	0%	Avira URL Cloud	safe
https://httpbin.org/	0%	Avira URL Cloud	safe
http://www.cl.cam.ac.uk/~mgk25/iso-time.html	0%	Avira URL Cloud	safe
http://www.color.org)	0%	Avira URL Cloud	safe
https://github.com/keis/base58	0%	Avira URL Cloud	safe
http://stackoverflow.com/questions/5176691/argparse-how-to-specify-a-default-subcommandFr	0%	Avira URL Cloud	safe
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535	0%	Avira URL Cloud	safe
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy	0%	Avira URL Cloud	safe
https://docs.python.org/3/library/re.html	0%	Avira URL Cloud	safe
http://github.com/ActiveState/appdirs	0%	Avira URL Cloud	safe
https://live.blockcypher.com/btc/	0%	Avira URL Cloud	safe
https://mempool.emzy.de/	0%	Avira URL Cloud	safe
https://wiki.debian.org/XDGBaseDirectorySpecification#state	0%	Avira URL Cloud	safe
http://wwwsearch.sf.net/):	0%	Avira URL Cloud	safe
http://tools.ietf.org/html/rfc6125#section-6.4.3	0%	Avira URL Cloud	safe
https://btc.bitaps.com/r	0%	Avira URL Cloud	safe
https://docs.aiohttp.org/en/stable/web_advanced.html#application-s-config	0%	Avira URL Cloud	safe
http://jqueryui.com/themeroller/?ffDefault=Helvetica%2CArial%2Csans-serif&fwDefault=normal&fsDefault	0%	Avira URL Cloud	safe
https://cffi.readthedocs.io/en/latest/using.html#callbacks	0%	Avira URL Cloud	safe
https://bugs.python.org/issue37179	0%	Avira URL Cloud	safe
https://blockchain.com/btc/	0%	Avira URL Cloud	safe
https://blockchair.com/bitcoin/	0%	Avira URL Cloud	safe
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py	0%	Avira URL Cloud	safe
https://github.com/jaraco/jaraco.functools/issues/5	0%	Avira URL Cloud	safe
http://github.com/romanz/amodem/	0%	Avira URL Cloud	safe
https://mempool.space/	0%	Avira URL Cloud	safe
http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm	0%	Avira URL Cloud	safe
http://dejavu.sourceforge.net/wiki/index.php/License	0%	Avira URL Cloud	safe
https://github.com/pyca/cryptography/issues	0%	Avira URL Cloud	safe
https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.	0%	Avira URL Cloud	safe
https://www.attrs.org/	0%	Avira URL Cloud	safe
http://google.com/	0%	Avira URL Cloud	safe
https://mahler:8092/site-updates.py	0%	Avira URL Cloud	safe
https://blockstream.info/	0%	Avira URL Cloud	safe
https://chainflyer.bitflyer.jp/	0%	Avira URL Cloud	safe
https://insight.bitpay.com/	0%	Avira URL Cloud	safe
https://mempool.space/signet/	0%	Avira URL Cloud	safe
https://docs.aiohttp.org/en/stable/web_advanced.html#application-s-configG	0%	Avira URL Cloud	safe
http://.../back.jpeg	0%	Avira URL Cloud	safe
https://www.python.org/download/releases/2.3/mro/.	0%	Avira URL Cloud	safe
https://github.com	0%	Avira URL Cloud	safe
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy	0%	Avira URL Cloud	safe
https://docs.python.org/3/library/asyncio-eventloop.html	0%	Avira URL Cloud	safe
http://jqueryui.com/themeroller/?ffDefault=Trebuchet%20MS%2CTahoma%2CVerdana%2CArial%2Csans-serif&fw	0%	Avira URL Cloud	safe
https://www.digicert.j	0%	Avira URL Cloud	safe
https://github.com/Ousret/charset_normalizer	0%	Avira URL Cloud	safe
https://electrum.org/	0%	Avira URL Cloud	safe
http://python.org/	0%	Avira URL Cloud	safe
https://github.com/urllib3/urllib3/issues/497	0%	Avira URL Cloud	safe
https://docs.python.org/3/library/re.html#re.sub	0%	Avira URL Cloud	safe
https://github.com/ColinDuquesnoy/QDarkStyleSheet/issues/200	0%	Avira URL Cloud	safe
http://yahoo.com/	0%	Avira URL Cloud	safe
https://electrum.org/versionr	0%	Avira URL Cloud	safe
https://blockstream.info/testnet/	0%	Avira URL Cloud	safe
https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.1.4.1	0%	Avira URL Cloud	safe
https://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular	0%	Avira URL Cloud	safe
http://unicode.org/reports/tr46/).	0%	Avira URL Cloud	safe
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
15.164.165.52.in-addr.arpa	unknown	unknown	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://github.com/romanz/amodem/;	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583962274.0000000004600000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://docs.python.org/3/library/ssl.html#ssl.OP_NO_COMPRESSION	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581898769.00000000037E0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cloud.google.com/appengine/docs/standard/runtimes	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581827621.0000000003750000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://bugs.python.org/issue1230540	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581400054.00000000034B0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://testnet.smartbit.com.au/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581646325.0000000003600000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://jqueryui.com	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1458408323.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1459591765.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1460708940.00000000024E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1462243863.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/aio-libs/aiohttp/discussions/6044	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.0000000002FC0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591612678.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590862643.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/romis2012/aiohttp-socks/issues/27	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581827621.0000000003750000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581573254.0000000003580000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://jqueryui.com/themeroller/?ffDefault=Segoe%20UI%2CArial%2Csans-serif&fwDefault=bold&fsDefault=	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1459591765.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://python.org	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581716829.0000000003690000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://python.org:80	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581716829.0000000003690000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1493848215.0000000000827000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1493284127.00000000001FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1492241928.0000000000803000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1499177635.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1491385442.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498239523.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1490197089.0000000002456000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1490308483.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1491802301.0000000000803000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1490894645.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1491504814.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1497647994.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2578332810.00000000007C8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1492512320.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498042646.000000000081E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1494521580.000000000082E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/stefankoegl/python-json-patchng	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583225136.00000000040D0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://bugreports.qt.io/	SecuriteInfo.com.Win32.Patched.24562.10289.exe	false	Avira URL Cloud: safe	unknown
https://tools.ietf.org/html/rfc2388#section-4.4	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590734268.0000000003163000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.0000000003163000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/pypa/packaging	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580714723.00000000031B0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/satoshilabs/slips/blob/master/slip-0039.md.	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583853520.0000000004540000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/bitcoin/bitcoin/blob/master/src/script/descriptor.cpp	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583112619.0000000004010000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://refspecs.linuxfoundation.org/elf/gabi4	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580653016.0000000003170000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://jqueryui.com/themeroller/?ffDefault=Segoe%20UI%2CHelvetica%2CArial%2Csans-serif&fwDefault=bol	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1458408323.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.python.org/3/library/subprocess#subprocess.Popen.kill	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580764662.0000000003200000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comhttp://www.fontbureau.com/designersNormalNormaaliNormalNorm	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.0000000003A18000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/Microsoft	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2578332810.00000000007C8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.digicert.jj	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1336782875.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/python-attrs/attrs/issues/136	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.0000000003132000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1524269615.0000000003135000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590734268.0000000003122000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1532252642.0000000003122000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.0000000003145000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://oxt.me/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581260816.0000000003400000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/spesmilo/electrum	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583039420.0000000003F80000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/romis2012/python-socks	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581863026.00000000037A0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://zopeinterface.readthedocs.io/en/latest/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591376227.0000000003051000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591899706.0000000003051000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591612678.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590862643.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.000000000305D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://docs.python.org/3/library/pprint.html	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2579405117.0000000002CB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1490197089.0000000002456000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://httpbin.org/get	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://httpbin.org/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000038F0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2578332810.00000000007C8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.electrum.org/r	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591510660.0000000003A78000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1497759033.0000000002C94000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1497458279.0000000002C7D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.trustedcoin.com/2/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2585521218.0000000005A20000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://electrum.org/version	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2585484853.00000000059E0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://btc.com/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1493848215.0000000000827000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1493284127.00000000001FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1492241928.0000000000803000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1499177635.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1491385442.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498239523.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1490197089.0000000002456000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1490308483.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1491802301.0000000000803000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1490894645.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1491504814.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1497647994.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2578332810.00000000007C8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1492512320.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498042646.000000000081E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1494521580.000000000082E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mempool.space/testnet/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://httpbin.org/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000038F0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2578332810.00000000007C8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.cl.cam.ac.uk/~mgk25/iso-time.html	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498473286.0000000002CEC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498473286.0000000002C6F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/keis/base58	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583039420.0000000003F80000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://stackoverflow.com/questions/5176691/argparse-how-to-specify-a-default-subcommandFr	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000039BB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.color.org)	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2584872500.0000000005317000.00000002.00000001.01000000.00000025.sdmp	false	Avira URL Cloud: safe	unknown
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1493848215.0000000000827000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1493284127.00000000001FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1492241928.0000000000803000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1499177635.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1491385442.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498239523.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1490197089.0000000002456000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1490308483.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1491802301.0000000000803000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1490894645.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1491504814.000000000082D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1497647994.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2578332810.00000000007C8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1492512320.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498042646.000000000081E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1494521580.000000000082E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://docs.python.org/3/library/re.html	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1517242856.0000000002FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591612678.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590862643.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.000000000305D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1521036439.000000000305D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523647364.0000000002FC2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1524685226.000000000305D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://github.com/ActiveState/appdirs	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1508291858.0000000002D2E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580653016.0000000003170000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://live.blockcypher.com/btc/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581646325.0000000003600000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mempool.emzy.de/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wiki.debian.org/XDGBaseDirectorySpecification#state	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1508291858.0000000002D2E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523574953.000000000087F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2578332810.00000000007C8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://wwwsearch.sf.net/):	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tools.ietf.org/html/rfc6125#section-6.4.3	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2579837855.0000000002E60000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://docs.aiohttp.org/en/stable/web_advanced.html#application-s-config	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583740593.0000000004480000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://btc.bitaps.com/r	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cffi.readthedocs.io/en/latest/using.html#callbacks	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2597512220.000000006C39A000.00000002.00000001.01000000.0000001A.sdmp	false	Avira URL Cloud: safe	unknown
http://jqueryui.com/themeroller/?ffDefault=Helvetica%2CArial%2Csans-serif&fwDefault=normal&fsDefault	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1462243863.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://bugs.python.org/issue37179	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.0000000002FC0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591612678.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590862643.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://blockchain.com/btc/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://blockchair.com/bitcoin/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mempool.space/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/jaraco/jaraco.functools/issues/5	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2579888959.0000000002EA0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1494521580.000000000082E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://github.com/romanz/amodem/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583962274.0000000004600000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2584035611.00000000046A0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498473286.0000000002CEC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1498473286.0000000002C6F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://dejavu.sourceforge.net/wiki/index.php/License	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1462886230.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/pyca/cryptography/issues	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583076129.0000000003FC0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.0000000003132000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590734268.0000000003122000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1532252642.0000000003122000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.0000000003145000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.attrs.org/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581791806.0000000003710000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://google.com/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000038F0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2578332810.00000000007C8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1528642852.000000000392A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://chainflyer.bitflyer.jp/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mahler:8092/site-updates.py	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1532252642.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1528335797.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1492947254.0000000000800000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1524341335.00000000030E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590734268.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.00000000030F7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://blockstream.info/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mempool.space/signet/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://insight.bitpay.com/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581681370.0000000003640000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://.../back.jpeg	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582930312.0000000003EC0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.openssl.org/V	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1353714154.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://docs.aiohttp.org/en/stable/web_advanced.html#application-s-configG	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2583740593.0000000004480000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.python.org/download/releases/2.3/mro/.	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2578984098.0000000002B40000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1491719086.0000000000841000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581827621.0000000003750000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581754093.00000000036D0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582757109.0000000003D30000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://docs.python.org/3/library/asyncio-eventloop.html	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1532252642.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1528335797.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590734268.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581863026.00000000037A0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://jqueryui.com/themeroller/?ffDefault=Trebuchet%20MS%2CTahoma%2CVerdana%2CArial%2Csans-serif&fw	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1460708940.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://httpbin.org/post	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590734268.0000000003163000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.0000000003163000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://python.org/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.0000000003132000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590734268.0000000003122000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1532252642.0000000003122000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.0000000003145000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.digicert.j	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1336782875.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/Ousret/charset_normalizer	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://electrum.org/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000039BB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/urllib3/urllib3/issues/497	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582757109.0000000003D30000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1528642852.000000000392A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://docs.python.org/3/library/re.html#re.sub	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2579950912.0000000002EE0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1517734718.0000000003022000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1517242856.0000000002FD3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/ColinDuquesnoy/QDarkStyleSheet/issues/200	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2585484853.00000000059E0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.1.4.1	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582930312.0000000003EC0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://blockstream.info/testnet/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2581646325.0000000003600000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523906255.00000000030DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://unicode.org/reports/tr46/).	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2580091208.0000000003122000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.0000000003132000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590734268.0000000003122000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1532252642.0000000003122000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://yahoo.com/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.0000000002FC0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1517734718.000000000305D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523647364.000000000305D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591376227.0000000003051000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1517734718.0000000003022000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1521292676.000000000305D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591899706.0000000003051000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1517242856.0000000002FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591612678.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590862643.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.000000000305D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1521036439.000000000305D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1523647364.0000000002FC2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1524685226.000000000305D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1524643453.00000000030C9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591376227.0000000003051000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591899706.0000000003051000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1591612678.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1590862643.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000003.1530042500.000000000305D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://electrum.org/versionr	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2585484853.00000000059E0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1505139
Start date and time:	2024-09-05 20:27:12 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Win32.Patched.24562.10289.exe
Detection:	MAL
Classification:	mal45.rans.spyw.evad.winEXE@14/874@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 77% Number of executed functions: 45 Number of non-executed functions: 371
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe, UsoClient.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, login.live.com, slscr.update.microsoft.com, settings-win.data.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
VT rate limit hit for: SecuriteInfo.com.Win32.Patched.24562.10289.exe

Simulations

Behavior and APIs

Time	Type	Description
15:42:38	API Interceptor	26x Sleep call for process: SecuriteInfo.com.Win32.Patched.24562.10289.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\MSVCP140.dll	fr#U0435#U0435#U041a#U041cS#U0410ut#U043e#U279cN#U0435t#U279cP#U043ert#U0430bl#U0435##U28e4.zip.7z	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Win32.Patched.29806.7109.exe	Get hash	malicious	Unknown	Browse
	electrum-4.5.3-setup.exe	Get hash	malicious	Unknown	Browse
	electrum-4.5.3.exe	Get hash	malicious	Unknown	Browse
	BEwkwcQFOA.exe	Get hash	malicious	Unknown	Browse
	https://files.jalinga.com/builds/releases/jalinga_studio.4.0.2040.0.exe	Get hash	malicious	Unknown	Browse
	MedMooc.exe	Get hash	malicious	Unknown	Browse
	FileZilla_3.52.2_win64_sponsored-setup.exe	Get hash	malicious	Unknown	Browse
	f_026dfd.exe	Get hash	malicious	Unknown	Browse
C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\MSVCP140_1.dll	Browser.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Win32.Patched.29806.7109.exe	Get hash	malicious	Unknown	Browse
	electrum-4.5.3-setup.exe	Get hash	malicious	Unknown	Browse
	electrum-4.5.3.exe	Get hash	malicious	Unknown	Browse
	BEwkwcQFOA.exe	Get hash	malicious	Unknown	Browse
	https://files.jalinga.com/builds/releases/jalinga_studio.4.0.2040.0.exe	Get hash	malicious	Unknown	Browse
	CABPRansom.exe	Get hash	malicious	Unknown	Browse
	MedMooc.exe	Get hash	malicious	Unknown	Browse

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1353714154.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamessleay32.dllH vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1353935513.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtaudio_wasapi.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1328851196.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5QmlModels.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1357348485.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqoffscreen.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354117294.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtaudio_windows.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355850762.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqwbmp.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1322886977.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140_1.dllT vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358561580.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewindowsprintersupport.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1330180278.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Svg.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358309816.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqxdgdesktopportal.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1324867978.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5DBus.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1322640578.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140.dllT vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356295590.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedsengine.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1330347814.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5WebSockets.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358330012.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqxdgdesktopportal.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1357624359.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqwebgl.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355640405.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtiff.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354863666.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqicns.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354975105.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqico.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1327561232.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5PrintSupport.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358443027.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtmultimedia_m3u.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354396146.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtuiotouchplugin.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356563460.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtmedia_audioengine.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1335273224.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibEGL.dll. vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1358679724.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqwindowsvistastyle.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356803857.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewmfengine.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354565423.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqsvgicon.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354700958.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqgif.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355499153.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtga.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1354837544.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqicns.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1357030922.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqminimal.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1335239147.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibEGL.dll. vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1356040749.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqwebp.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000001.00000003.1355359672.00000000024E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqsvg.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe	Binary or memory string: OriginalFilename vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2586182529.0000000010000000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamepython3.dll. vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2600793966.000000006CD57000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: OriginalFilenamepyexpat.pyd. vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2596007447.000000006BADB000.00000002.00000001.01000000.00000022.sdmp	Binary or memory string: OriginalFilenamemsvcp140.dllT vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2601261514.000000006CDC0000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2593392537.000000006A570000.00000002.00000001.01000000.0000002C.sdmp	Binary or memory string: OriginalFilenameqwindows.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2597157942.000000006C31A000.00000002.00000001.01000000.0000001E.sdmp	Binary or memory string: OriginalFilenamesqlite3.dll0 vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2585118457.0000000005533000.00000002.00000001.01000000.00000025.sdmp	Binary or memory string: OriginalFilenameQt5Gui.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2602351901.000000006FF68000.00000002.00000001.01000000.00000031.sdmp	Binary or memory string: OriginalFilenameqgif.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2592311313.0000000069639000.00000002.00000001.01000000.00000032.sdmp	Binary or memory string: OriginalFilenameqicns.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2602569991.0000000073C71000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2591629140.000000006961B000.00000002.00000001.01000000.00000034.sdmp	Binary or memory string: OriginalFilenameqjpeg.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2586830831.00000000694E6000.00000002.00000001.01000000.00000039.sdmp	Binary or memory string: OriginalFilenameqwbmp.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2588229485.0000000069556000.00000002.00000001.01000000.00000037.sdmp	Binary or memory string: OriginalFilenameqtga.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2592509324.000000006965F000.00000002.00000001.01000000.00000030.sdmp	Binary or memory string: OriginalFilenameqwindowsvistastyle.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2582049925.0000000003B73000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameD3D10Warp.dllj% vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2587309842.0000000069544000.00000002.00000001.01000000.00000038.sdmp	Binary or memory string: OriginalFilenameqtiff.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2601827179.000000006D1CC000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: OriginalFilenamepython310.dll. vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2602215425.000000006EC17000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2586443101.00000000694D4000.00000002.00000001.01000000.0000003A.sdmp	Binary or memory string: OriginalFilenameqwebp.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2594049092.000000006A7AB000.00000002.00000001.01000000.00000029.sdmp	Binary or memory string: OriginalFilenameQt5Multimedia.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2600510142.000000006CD0F000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2599685800.000000006CA1C000.00000002.00000001.01000000.00000013.sdmp	Binary or memory string: OriginalFilename_asyncio.pyd. vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2593098527.000000006A093000.00000002.00000001.01000000.0000002F.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dll4 vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2600932143.000000006CD6F000.00000002.00000001.01000000.0000000C.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2601973308.000000006E926000.00000002.00000001.01000000.0000000D.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2597295354.000000006C33F000.00000002.00000001.01000000.0000001D.sdmp	Binary or memory string: OriginalFilename_sqlite3.pyd. vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2602461223.000000006FF76000.00000002.00000001.01000000.0000002E.sdmp	Binary or memory string: OriginalFilenamelibEGL.dll. vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2601109898.000000006CDA2000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2594793727.000000006AC96000.00000002.00000001.01000000.00000027.sdmp	Binary or memory string: OriginalFilenameQt5Widgets.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2592144411.0000000069628000.00000002.00000001.01000000.00000033.sdmp	Binary or memory string: OriginalFilenameqico.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000006.00000002.2593882611.000000006A704000.00000002.00000001.01000000.0000002A.sdmp	Binary or memory string: OriginalFilenameQt5Network.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	454128
Entropy (8bit):	6.669498628019609
Encrypted:	false
SSDEEP:	12288:y9vcHNFaPZ2Jj/gMvpbUUtQgTCZuGre6gIo1hUgiW6QR7t5s03Ooc8dHkC2esrVx:ytcHNa2Jj/g4bUUtQgTn6g003Ooc8dHE
MD5:	ECEFF9C92E14B580EA84365F3D60F7DE
SHA1:	00699126456379FA48CB122E21B7F4731A72C57C
SHA-256:	265591A709A5DB413D73C95B538DA321EDEACB40059BDCEB142F997A3D458B49
SHA-512:	FD325D77EB2C30E1CD1B2D871986E057318C1BE911793521C7BF79FB2C5DC359CB7DB90C6D6C5711FEDD734B6B03117B8BAF241DFBD78585CF55A25983EC8727
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: fr#U0435#U0435#U041a#U041cS#U0410ut#U043e#U279cN#U0435t#U279cP#U043ert#U0430bl#U0435##U28e4.zip.7z, Detection: malicious, Browse Filename: SecuriteInfo.com.Win32.Patched.29806.7109.exe, Detection: malicious, Browse Filename: electrum-4.5.3-setup.exe, Detection: malicious, Browse Filename: electrum-4.5.3.exe, Detection: malicious, Browse Filename: BEwkwcQFOA.exe, Detection: malicious, Browse Filename: , Detection: malicious, Browse Filename: MedMooc.exe, Detection: malicious, Browse Filename: FileZilla_3.52.2_win64_sponsored-setup.exe, Detection: malicious, Browse Filename: f_026dfd.exe, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mw`...3...3...3C..3...3.t.3...3...36..3<c.2...3<c.2...3<c.2...3<c.2g..3<c.2...3<c.3...3<c.2...3Rich...3........PE..L.....t^.........."!.....:...................P......................................_Y....@A.........................z...................................A.......;...z..8...........................Xy..@....................v..@....................text....9.......:.................. ..`.data...t(...P.......>..............@....idata...............V..............@..@.didat..4............j..............@....rsrc................l..............@..@.reloc...;.......<...p..............@..B................................................................................................................................................................................................................................................................................

File type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Entropy (8bit):	7.998115015420231
TrID:	Win32 Executable (generic) a (10002005/4) 99.53% InstallShield setup (43055/19) 0.43% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Win32.Patched.24562.10289.exe
File size:	47'764'104 bytes
MD5:	d430fb367b17fdd8a5f7fd72c16e0477
SHA1:	bd832259a3dd2e8d0c4e421bdf92c0a7b06f9049
SHA256:	3710df97f996f8f6390fa8b23bbafea03f2e7568bf00297f737324f380f06675
SHA512:	255c2888007b0236c70c74293995e23a78f921a6712abaffefccd4d4a85c5ce1a3d1d7e40e60fc3fcfc194c979e9d4497860f4572b75b16d8d55304bfc18652f
SSDEEP:	786432:MF8WWxUd9d1LRphkc3FphiWGlso5EYWAFPMUcgDB2hREoBdImGIcmdK1RdiG+udQ:MF8WWxU9ddRzFphiZd5EXUcgD4hAIzsY
TLSH:	8CA733C68DB20073F422057BACD5FDF1873E12E8AB76842BDA39045765BBCE1195263B
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n05[........../....#.j........................@..........................`.......C.....................................

Entrypoint:	0x4014b0
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DEBUG_STRIPPED
DLL Characteristics:
Time Stamp:	0x5B35306E [Thu Jun 28 19:01:02 2018 UTC]
TLS Callbacks:	0x40d830, 0x40d7e0
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	e9d858bf5cc2b22933333fd98518c716

Signature Valid:	true
Signature Issuer:	CN=GoGetSSL G4 CS RSA4096 SHA256 2022 CA-1, O=EnVers Group SIA, C=LV
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	08/05/2024 02:00:00 08/05/2025 01:59:59
Subject Chain	CN=Electrum Technologies GmbH, O=Electrum Technologies GmbH, L=Berlin, S=Berlin, C=DE
Version:	3
Thumbprint MD5:	147702A38DDFCC9690E07814BB328522
Thumbprint SHA-1:	BFF7076B4C517AEE0E3D2CCAA7F894C2399010CF
Thumbprint SHA-256:	2FC8F7385221D01B0010390F40A0653A72CF36EFE729B8FF21FBF8F1C458385F
Serial:	0207B0D2256E682FD464B51556AD55A7

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x31000	0x10dc	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x35000	0x10148	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x2d8aa68	0x2820
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x1d9e4	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x31304	0x278	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x16844	0x16a00	bfa94cc0c6fba6cfbec218f12bae7497	False	0.49559737569060774	data	6.147093437333147	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x18000	0x7c	0x200	5f248157483c9031b1f144a8f35a67cd	False	0.158203125	data	1.0951453424827384	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x19000	0x5ab8	0x5c00	aacd1e7ef1965ac5f96b9f65821eebe5	False	0.4833984375	data	6.42318523882154	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
/4	0x1f000	0x282c	0x2a00	5ade56e21c5cc0870eed26c14dc73992	False	0.31156994047619047	data	4.885403344130252	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.bss	0x22000	0xecb4	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x31000	0x10dc	0x1200	1a0f376f0f1923d8b6ac09985cd92d62	False	0.3878038194444444	PGP symmetric key encrypted data - Plaintext or unencrypted data	5.130264530707902	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.CRT	0x33000	0x34	0x200	3d6d77b813b142a365114d8d26628b28	False	0.0703125	Matlab v4 mat-file (little endian) \220\327@, numeric, rows 4198704, columns 0	0.2709192282599745	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x34000	0x8	0x200	bf619eac0cdf3f68d496ea9344137e8b	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x35000	0x11000	0x10200	3b12c52c6e1917222adab677428556b6	False	0.6228197674418605	data	6.0401874871081915	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x35208	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	0.38853790613718414
RT_ICON	0x35ab0	0x6d06	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9946255822285919
RT_ICON	0x3c7b8	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 0	0.2696622579121398
RT_ICON	0x409e0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	0.34315352697095436
RT_ICON	0x42f88	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	0.38672607879924953
RT_ICON	0x44030	0x6b8	Device independent bitmap graphic, 20 x 40 x 32, image size 0	0.5866279069767442
RT_ICON	0x446e8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	0.5328014184397163
RT_GROUP_ICON	0x44b50	0x68	data	0.7596153846153846
RT_MANIFEST	0x44bb8	0x590	XML 1.0 document, ASCII text, with CRLF line terminators	0.44662921348314605

DLL	Import
ADVAPI32.dll	ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetTokenInformation, OpenProcessToken
COMCTL32.DLL	LoadIconMetric
GDI32.dll	CreateFontIndirectW, DeleteObject, SelectObject
KERNEL32.dll	CloseHandle, CreateDirectoryW, CreateProcessW, DeleteCriticalSection, EnterCriticalSection, ExpandEnvironmentStringsW, FindClose, FindFirstFileExW, FormatMessageW, FreeLibrary, GetCommandLineW, GetCurrentProcess, GetEnvironmentVariableW, GetExitCodeProcess, GetLastError, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleW, GetProcAddress, GetStartupInfoW, GetTempPathW, InitializeCriticalSection, IsDBCSLeadByteEx, LeaveCriticalSection, LoadLibraryA, LoadLibraryExW, LocalFree, MulDiv, MultiByteToWideChar, SetConsoleCtrlHandler, SetDllDirectoryW, SetEnvironmentVariableW, SetUnhandledExceptionFilter, Sleep, TlsGetValue, VirtualProtect, VirtualQuery, WaitForSingleObject, WideCharToMultiByte
msvcrt.dll	__argc, __lconv_init, __mb_cur_max, __p__commode, __p__fmode, __p__wcmdln, __set_app_type, __setusermatherr, __wargv, __wgetmainargs, __winitenv, _amsg_exit, _cexit, _errno, _filelengthi64, _fileno, _findclose, _get_osfhandle, _initterm, _iob, _lock, _onexit, _setmode, _snwprintf, fwprintf, _unlock, _wcsdup, _wfopen, _wfullpath, _wputenv_s, _wremove, _wrmdir, _wtempnam, abort, atoi, calloc, clearerr, exit, fclose, feof, ferror, fflush, fgetpos, fprintf, fputc, fputwc, fread, free, fsetpos, fwrite, iswctype, localeconv, malloc, mbstowcs, memcmp, memcpy, memset, perror, realloc, setbuf, setlocale, signal, strcat, strchr, strcmp, strcpy, strerror, strlen, strncat, strncmp, strncpy, strtok, vfprintf, wcscat, wcschr, wcscmp, wcscpy, wcslen, wcsncpy, wcstombs, _wstat, _wfindnext, _wfindfirst, _stat, _wcsdup, _strdup, _getpid, _fileno
USER32.dll	CreateWindowExW, DestroyIcon, DialogBoxIndirectParamW, DrawTextW, EndDialog, GetClientRect, GetDC, GetDialogBaseUnits, GetWindowLongW, InvalidateRect, MessageBoxA, MessageBoxW, MoveWindow, ReleaseDC, SendMessageW, SetWindowLongW, SystemParametersInfoW

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 5, 2024 20:28:49.045609951 CEST	53	62282	162.159.36.2	192.168.2.7
Sep 5, 2024 20:28:49.510045052 CEST	59340	53	192.168.2.7	1.1.1.1
Sep 5, 2024 20:28:49.517741919 CEST	53	59340	1.1.1.1	192.168.2.7

Target ID:	1
Start time:	14:28:16
Start date:	05/09/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe"
Imagebase:	0x400000
File size:	47'764'104 bytes
MD5 hash:	D430FB367B17FDD8A5F7FD72C16E0477
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	6
Start time:	15:42:27
Start date:	05/09/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe"
Imagebase:	0x400000
File size:	47'764'104 bytes
MD5 hash:	D430FB367B17FDD8A5F7FD72C16E0477
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	8
Start time:	15:42:31
Start date:	05/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c "ver"
Imagebase:	0x730000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	10
Start time:	15:42:32
Start date:	05/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c "ver"
Imagebase:	0x410000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	11
Start time:	15:42:33
Start date:	05/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	12
Start time:	15:42:36
Start date:	05/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c fsutil sparse setflag "C:\Users\user\AppData\Roaming\Electrum\blockchain_headers" 1
Imagebase:	0x410000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	14
Start time:	15:42:37
Start date:	05/09/2024
Path:	C:\Windows\SysWOW64\fsutil.exe
Wow64 process (32bit):	true
Commandline:	fsutil sparse setflag "C:\Users\user\AppData\Roaming\Electrum\blockchain_headers" 1
Imagebase:	0xcd0000
File size:	167'440 bytes
MD5 hash:	452CA7574A1B2550CD9FF83DDBE87463
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Execution Coverage:	1.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	9.5%
Total number of Nodes:	1391
Total number of Limit Nodes:	32

Execution Coverage:	0.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	308
Total number of Limit Nodes:	25

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Win32.Patched.24562.10289.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Cryptography

Compliance

Spreading

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\MSVCP140.dll

C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\MSVCP140_1.dll

C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Core.dll

C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5DBus.dll

C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Gui.dll

C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Multimedia.dll

C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Network.dll

C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5PrintSupport.dll

C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Qml.dll

C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5QmlModels.dll

C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Quick.dll

C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Svg.dll

C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5WebSockets.dll

C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\Qt5Widgets.dll

C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\d3dcompiler_47.dll

C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\libEGL.dll

C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\libGLESv2.dll

C:\Users\user\AppData\Local\Temp\_MEI76522\PyQt5\Qt5\bin\libeay32.dll

Windows Analysis Report
SecuriteInfo.com.Win32.Patched.24562.10289.exe

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may install a root certificate on a compromised system to avoid warnings when connecting to adversary controlled web servers. Root certificates are used in public key cryptography to identify a root certificate authority (CA). When a root certificate is installed, the system or application will trust certificates in the root's chain of trust that have been signed by the root certificate.Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre