Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.Patched.24562.10289.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win32.Patched.24562.10289.exe
Analysis ID:	1505139
MD5:	d430fb367b17fdd8a5f7fd72c16e0477
SHA1:	bd832259a3dd2e8d0c4e421bdf92c0a7b06f9049
SHA256:	3710df97f996f8f6390fa8b23bbafea03f2e7568bf00297f737324f380f06675
Tags:	exe
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Generic Python Ransomware

Found many strings related to Crypto-Wallets (likely being stolen)

Found pyInstaller with non standard icon

Tries to steal Crypto Currency Wallets

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Win32.Patched.24562.10289.exe (PID: 4268 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe" MD5: D430FB367B17FDD8A5F7FD72C16E0477)

SecuriteInfo.com.Win32.Patched.24562.10289.exe (PID: 6848 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe" MD5: D430FB367B17FDD8A5F7FD72C16E0477)

cmd.exe (PID: 5340 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 5540 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6984 cmdline: C:\Windows\system32\cmd.exe /c fsutil sparse setflag "C:\Users\user\AppData\Roaming\Electrum\blockchain_headers" 1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

fsutil.exe (PID: 7060 cmdline: fsutil sparse setflag "C:\Users\user\AppData\Roaming\Electrum\blockchain_headers" 1 MD5: 452CA7574A1B2550CD9FF83DDBE87463)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: SecuriteInfo.com.Win32.Patched.24562.10289.exe PID: 6848	JoeSecurity_GenericPythonRansomware	Yara detected Generic Python Ransomware	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_046BE670 ??1QCryptographicHash@@QAE@XZ,	3_2_046BE670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_0470A160 ?hash@QMessageAuthenticationCode@@SA?AVQByteArray@@ABV2@0W4Algorithm@QCryptographicHash@@@Z,	3_2_0470A160
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_046BE3D0 ?hashLength@QCryptographicHash@@SAHW4Algorithm@1@@Z,PyLong_FromLong,	3_2_046BE3D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_0470ACB0 ??0QByteArray@@QAE@XZ,??0QMessageAuthenticationCode@@QAE@W4Algorithm@QCryptographicHash@@ABVQByteArray@@@Z,??1QByteArray@@QAE@XZ,??1QByteArray@@QAE@XZ,	3_2_0470ACB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_046BE860 ??1QCryptographicHash@@QAE@XZ,	3_2_046BE860
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_046BEB00 ??0QCryptographicHash@@QAE@W4Algorithm@0@@Z,	3_2_046BEB00

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DEBUG_STRIPPED

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\electrum\plugins\payserver\www\vendor\jquery-ui-themes-1.12.1\LICENSE.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\electrum\plugins\revealer\LICENSE_DEJAVU.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\electrum\plugins\revealer\SIL Open Font License.txt	Jump to behavior

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe

Static PE information: certificate valid

Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbDD source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057256179.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3905161824.0000000068CC0000.00000002.00000001.01000000.00000038.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056928352.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055936180.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\x86ret\bin\i386\\msvcp140_1.i386.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2031031108.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055791942.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_wasapi.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055357295.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_wasapi.pdb++" source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055357295.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057256179.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3905161824.0000000068CC0000.00000002.00000001.01000000.00000038.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056325812.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_lzma.pdbOO source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3917882469.000000006F8AB000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056064792.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\11\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3918392629.000000006F901000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7mupx30s\src\rust\target\i686-pc-windows-msvc\release\deps\cryptography_rust.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3913976663.000000006C074000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_queue.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3917365415.000000006F833000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_lzma.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3917882469.000000006F8AB000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057069645.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\bearer\qgenericbearer.pdb"" source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055658515.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_overlapped.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3916772173.000000006F715000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb!! source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056064792.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056192074.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3913976663.000000006C074000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: D:\a\1\b\libssl-1_1.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3915332521.000000006C342000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057608412.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: lblobi2d_providedcrypto\asn1\i2d_evp.ci2d_PrivateKeycrypto\passphrase.cossl_pw_set_passphraseossl_pw_set_pem_password_cbossl_pw_set_ossl_passphrase_cbossl_pw_set_ui_methoddo_ui_passphrasepass phraseossl_pw_get_passphrasePrompt info data type incorrectNo password method specifiedPVKcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllcrypto\initthread.cOPENSSL_ia32capp? source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3913976663.000000006C074000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb"" source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056325812.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_windows.pdb(( source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055519714.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055549105.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3915735484.000000006C4F4000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: D:\a\1\b\libssl-1_1.pdbAA source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3915332521.000000006C342000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\bearer\qgenericbearer.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055658515.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb"" source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055791942.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdbTT source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056471003.0000000000D8C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\unicodedata.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3914567980.000000006C2AC000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3909730644.000000006A351000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_windows.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055519714.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055549105.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3907773060.0000000069D46000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056471003.0000000000D8C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057437458.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libEGL.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2041983489.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3907517422.0000000069863000.00000002.00000001.01000000.0000002E.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 1.1.1t 7 Feb 2023built on: Thu Feb 9 15:27:35 2023 UTCplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "C:\Program Files (x86)\OpenSSL\lib\engines-1_1"not available source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3915735484.000000006C4F4000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: lalgorpublic_keyX509_PUBKEYcrypto\x509\x_pubkey.cx509_pubkey_ex_new_exx509_pubkey_ex_d2i_exDERX509_PUBKEY_setx509_pubkey_decodeX509_PUBKEY_get0X509_PUBKEY_getPrivateKeyInfodo_pk8pkeycrypto\pem\pem_pk8.cd2i_PKCS8PrivateKey_bioENCRYPTED PRIVATE KEYPRIVATE KEYpem_read_bio_key_decodercrypto\pem\pem_pkey.cANY PRIVATE KEYPARAMETERSpem_read_bio_key_legacyPEM_write_bio_PrivateKey_traditional%s PRIVATE KEYtype-specificcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.2.1built on: Fri Feb 16 00:14:00 2024 UTCplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "C:\Program Files (x86)\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files (x86)\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3913976663.000000006C074000.00000002.00000001.01000000.00000019.sdmp

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 0_2_00408F20 FindFirstFileExW,FindClose,		0_2_00408F20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_00408F20 FindFirstFileExW,FindClose,		3_2_00408F20

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\audio\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\iconengines\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\bearer\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\generic\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\	Jump to behavior

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2157775396.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2172780743.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2107657852.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2138633371.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2160791058.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2150054137.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2170172607.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2141344769.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2152216416.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2116343186.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2118038383.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2113801665.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2147192887.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2154473704.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2150094671.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2134684168.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2167159991.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2111465597.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2134747715.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2143852805.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2175827518.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.jqueryui.com/category/theming/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugs.python.org/issue1230540
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2040035116.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiC
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037439173.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057850838.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057069645.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056928352.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057109951.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033807578.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056064792.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055386544.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055658515.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2035607926.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042022381.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2058382952.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060722436.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037888801.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056974458.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042379807.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056192074.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056221586.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033835991.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056928352.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2038632375.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037439173.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033807578.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056064792.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055658515.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2035607926.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2041983489.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2058382952.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056974458.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042379807.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056192074.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033835991.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056928352.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2058028143.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2034584391.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057627179.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060722436.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056093216.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056513023.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060832278.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042379807.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2036784771.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037439173.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057850838.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057069645.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056928352.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057109951.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033807578.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056064792.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055386544.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055658515.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042022381.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2058382952.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060722436.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037888801.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056221586.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060615124.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2058028143.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057437458.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056356309.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037918321.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057256179.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2034584391.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3894327344.00000000006F8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2222059296.00000000007AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2222525289.0000000002CDA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2223804553.0000000002CDA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895327676.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2224764305.0000000002CDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577916/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2099408343.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://creativecommons.org/publicdomain/zero/1.0/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176962564.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037439173.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033807578.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056064792.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055386544.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055658515.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2035607926.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2058382952.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056974458.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042379807.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033835991.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056928352.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2058028143.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2034584391.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057627179.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060722436.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056093216.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060832278.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042379807.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2036784771.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2039579699.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042352227.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037439173.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057850838.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057069645.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056928352.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057109951.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033807578.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056064792.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055386544.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055658515.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042022381.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060722436.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037888801.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056974458.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056192074.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056221586.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033835991.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2038632375.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060615124.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057437458.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056356309.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037918321.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037888801.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037918321.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-a
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033807578.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056064792.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055658515.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2035607926.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2041983489.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2058382952.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056974458.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042379807.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056192074.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033835991.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056928352.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2038632375.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2058028143.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2034584391.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057627179.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060722436.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056093216.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056513023.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060832278.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042379807.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2036784771.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037439173.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057850838.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057069645.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056928352.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057109951.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033807578.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056064792.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055386544.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055658515.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042022381.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2058382952.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060722436.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037888801.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056221586.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060615124.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2058028143.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057437458.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056356309.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037918321.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057256179.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2034584391.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037439173.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057850838.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057069645.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056928352.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057109951.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033807578.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056064792.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055386544.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055658515.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2035607926.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042022381.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2058382952.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060722436.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037888801.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056974458.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042379807.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056192074.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056221586.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033835991.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056928352.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2038632375.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033807578.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056064792.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055658515.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2035607926.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2041983489.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2058382952.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056974458.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042379807.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056192074.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033835991.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056928352.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2038632375.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2058028143.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2034584391.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057627179.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060722436.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056093216.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056513023.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060832278.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042379807.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2036784771.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037439173.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057850838.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057069645.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056928352.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057109951.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033807578.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056064792.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055386544.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055658515.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042022381.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2058382952.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060722436.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037888801.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056221586.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060615124.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2058028143.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057437458.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056356309.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037918321.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057256179.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2034584391.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242957335.000000000303D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf);
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176484279.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dejavu.sourceforge.net/wiki/index.php/License
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176484279.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dejavu.sourceforge.net/wiki/index.php/Licensehttp://dejavu.sourceforge.net/wiki/index.php/Lic
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3903630723.00000000058B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.electrum.org/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2273385825.0000000003A63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.electrum.org/r
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3896415516.0000000003200000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3896557254.00000000032C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2220401057.0000000002C82000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://example.co
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3902672259.0000000004FF0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3901013988.0000000004600000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/romanz/amodem/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3901013988.0000000004600000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/romanz/amodem/;
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897653550.00000000038F0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2237691242.00000000038FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897653550.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/mail
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895327676.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897653550.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/mail/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897653550.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3894327344.00000000006F8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897653550.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://httpbin.org/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895327676.0000000002C38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://httpbin.org/post
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2099219936.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jacek.jedrzejewski.name)
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2157775396.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2172780743.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2107657852.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2138633371.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2160791058.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2150054137.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2170172607.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2141344769.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2152216416.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2116343186.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2118038383.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2113801665.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2147192887.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2154473704.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2150094671.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2134684168.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2167159991.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2111465597.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2134747715.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2143852805.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2175827518.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jquery.org/license
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2175438895.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2157775396.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2172780743.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2107657852.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2169936868.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2132718277.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2147029780.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2138633371.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2160791058.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2150054137.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2149774289.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2101351693.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2124497148.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2157496095.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2170172607.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2138256366.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2152003824.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2119531424.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2132875943.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2113608155.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2141344769.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2099219936.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/about
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2100775372.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2101568342.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?bgShadowXPos=&bgOverlayXPos=&bgErrorXPos=&bgHighlightXPos=&bgConten
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2107657852.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2107513088.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Arial%2CHelvetica%2Csans-serif&fsDefault=1em&fwDefault=no
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2111465597.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2111314261.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Arial%2Csans-serif&fwDefault=bold&fsDefault=1.1em&cornerR
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2118038383.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2117876145.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Arial%2Csans-serif&fwDefault=bold&fsDefault=1.3em&cornerR
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2164195030.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2164458335.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Georgia%2CVerdana%2CArial%2Csans-serif&fwDefault=bold&fsD
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2127832677.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2127589116.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Gill%20Sans%2CArial%2Csans-serif&fwDefault=bold&fsDefault
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2124497148.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2124734450.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Helvetica%2CArial%2Csans-serif&fwDefault=bold&fsDefault=1
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2175438895.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2132718277.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2132875943.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2134684168.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2134747715.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2175827518.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Helvetica%2CArial%2Csans-serif&fwDefault=normal&fsDefault
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2138633371.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2150054137.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2149774289.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2138256366.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2119531424.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2113608155.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2149714750.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2113801665.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2150094671.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2119698960.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Lucida%20Grande%2CLucida%20Sans%2CArial%2Csans-serif&fwDe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2169936868.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2160791058.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2170172607.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2160528690.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Segoe%20UI%2CArial%2Csans-serif&fwDefault=bold&fsDefault=
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2141344769.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2167159991.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2166882820.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2140992867.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Segoe%20UI%2CHelvetica%2CArial%2Csans-serif&fwDefault=bol
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2143852805.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2143874303.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2143677772.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2143655574.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Trebuchet%20MS%2CHelvetica%2CArial%2Csans-serif&fwDefault
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2172780743.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2147029780.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2147192887.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2172549878.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Trebuchet%20MS%2CTahoma%2CVerdana%2CArial%2Csans-serif&fw
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2157775396.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2157496095.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2152003824.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2152216416.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2116343186.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2116148125.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2109909892.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2152185790.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2110058462.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2151981294.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Verdana%2CArial%2Csans-serif&fwDefault=normal&fsDefault=1
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2154473704.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2121932084.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2122170611.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2154262493.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=segoe%20ui%2CArial%2Csans-serif&fwDefault=bold&fsDefault=
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mynode.local:3002/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037439173.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057850838.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057069645.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056928352.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057109951.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033807578.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056064792.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055386544.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055658515.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2035607926.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042022381.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2058382952.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060722436.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037888801.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056974458.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042379807.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056192074.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056221586.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033835991.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056928352.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2038632375.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033807578.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056064792.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055658515.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2035607926.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2041983489.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2058382952.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056974458.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042379807.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056192074.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033835991.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056928352.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2058028143.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2034584391.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057627179.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060722436.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056093216.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056513023.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060832278.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042379807.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2036784771.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2039579699.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037439173.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057850838.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057069645.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056928352.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057109951.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033807578.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056064792.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055386544.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055658515.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042022381.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2058382952.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060722436.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037888801.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056221586.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060615124.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2058028143.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057437458.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056356309.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037918321.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057256179.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2034584391.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176962564.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895685466.0000000002E60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2215977916.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895886194.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242957335.000000000303D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://python.org/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176962564.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176899671.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2177165283.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176962564.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sc.symcb.com/sc.crl0W
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176962564.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176899671.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2177165283.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176962564.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sc.symcb.com/sc.crt0
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176962564.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176899671.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2177165283.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176962564.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sc.symcd.com0&
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176298438.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/questi
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176244493.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/questi---
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176244493.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176298438.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/questions/18729405/how-to-convert-utf8-string-to-byte-array
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2098316225.0000000000D90000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2098216909.0000000000D90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/questions/29186154/chrome-clicking-mailto-links-closes-websocket-connection
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2273425021.0000000003A12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/questions/5176691/argparse-how-to-specify-a-default-subcommandFr
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895685466.0000000002E60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176962564.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176962564.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176962564.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895737140.0000000002EA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2215977916.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2216065168.0000000002CE4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2216065168.0000000002CD4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2237001042.000000000303F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895886194.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242957335.000000000303D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2216065168.0000000002CE4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2216065168.0000000002CC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3894327344.00000000006F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/Microsoft
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2177467444.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055166286.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.openssl.org/V
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2216065168.0000000002CE4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2216065168.0000000002CD4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176962564.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176899671.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/cps0(
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176962564.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176899671.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/rpa04
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897653550.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wwwsearch.sf.net/):
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3899650797.0000000004150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xmr.link
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897653550.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://yahoo.com/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://3xpl.com/bitcoin/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2097439164.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2097418553.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://EditorConfig.org
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3903170065.0000000005710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.trustedcoin.com/#/electrum-help
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2182448111.0000000000D89000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3903955364.00000000059B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.trustedcoin.com/2/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897866466.0000000003AFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.trustedcoin.com/2/c
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blockchain.com/btc/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blockchair.com/bitcoin/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blockstream.info/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blockstream.info/testnet/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://btc.bitaps.com/r
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://btc.com/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895886194.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242957335.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897094882.00000000035C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.python.org/issue37179
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bugs.python.org/issue42130
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chainflyer.bitflyer.jp/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897605402.00000000038B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cloud.google.com/appengine/docs/standard/runtimes
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3913976663.000000006C074000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3899650797.0000000004150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cryptoname.co/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176962564.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176899671.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176962564.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176899671.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895886194.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242957335.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897094882.00000000035C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.aiohttp.org/en/stable/client_advanced.html#proxy-support
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895886194.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242957335.000000000303D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/asyncio-eventloop.html
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2238525775.0000000002FD2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2241356534.0000000002FD2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242545938.0000000002FD2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/pprint.html
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2238525775.0000000002FD2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2241356534.0000000002FD2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242545938.0000000002FD2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/pprint.html#pprint.pprint
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2224960603.0000000003042000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/re.html
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2224608904.0000000003003000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2224960603.0000000003042000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/re.html#re.sub
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3903630723.00000000058B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2273385825.0000000003A63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://electrum.org
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2273425021.0000000003A12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://electrum.org/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3903873170.0000000005970000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://electrum.org/#download
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3903873170.0000000005970000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://electrum.org/version
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3903873170.0000000005970000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://electrum.org/versionr
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2218915293.0000000000752000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2217530376.000000000074F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2206450001.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2220078213.0000000000752000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://en.w
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ex.signet.bublina.eu.org/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://explorer.bc-2.jp/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3896322584.0000000003170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897282305.00000000036D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2093273663.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Blockstream/Jade)
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2093273663.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Blockstream/Jade/releases/tag/1.0.29).
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3903873170.0000000005970000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ColinDuquesnoy/QDarkStyleSheet/issues/200
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2096935865.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2096131809.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2096059627.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2096131809.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/LedgerHQ/ledgercomm/blob/bc5ada865980cb63c2b9b71a916e01f2f8e53716/ledgercomm/inte
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897653550.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2204274538.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3894327344.00000000006F8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2218915293.0000000000752000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2206879957.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2217530376.000000000074F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2206450001.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2220078213.0000000000752000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2205412182.0000000000761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895886194.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242957335.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897094882.00000000035C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/aio-libs/aiohttp/discussions/6044
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2178553184.0000000000D89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/archos-safe-t/python-safet
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3898987186.0000000003E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/bitcoin-core/HWI/blob/5f300d3dee7b317a6194680ad293eaa0962a3cc7/hwilib/key.py
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895737140.0000000002EA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2099408343.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/jquery-ui
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2094497437.0000000000D89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/keepkey/python-keepkey
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3913976663.000000006C074000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://github.com/pyca/cryptography/issues
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3913976663.000000006C074000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://github.com/pyca/cryptography/issues/8996
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3913976663.000000006C074000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://github.com/pyca/cryptography/issues/9253
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242545938.0000000002FD2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895886194.000000000302F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pyparsing/pyparsing/wiki
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895886194.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242957335.000000000303D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python-attrs/attrs/issues/136
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895886194.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242957335.000000000303D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python-attrs/attrs/issues/428
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3894963625.0000000002810000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2206847907.0000000000BE9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2205412182.0000000000761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2204274538.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3894327344.00000000006F8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2218915293.0000000000752000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2206879957.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2217530376.000000000074F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2206450001.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2220078213.0000000000752000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2205412182.0000000000761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/issues/86296
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895886194.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242957335.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897094882.00000000035C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/pull/28073
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897605402.00000000038B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/romis2012/python-socks
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3899180485.0000000003F80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/spesmilo/electrum
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3899180485.0000000003F80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/spesmilo/electrum/issues
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2094168117.0000000000D89000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2094260180.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/spesmilo/electrum/issues/7779
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3899650797.0000000004150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/stefankoegl/python-json-patch
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3899650797.0000000004150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/stefankoegl/python-json-patchng
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3899650797.0000000004150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/stefankoegl/python-json-pointer
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2204274538.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3894327344.00000000006F8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2218915293.0000000000752000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2206879957.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2217530376.000000000074F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2206450001.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2220078213.0000000000752000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2205412182.0000000000761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2178138454.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2178111626.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/trezor/trezor-common/blob/44dfb07cfaafffada4b2ce0d15ba1d90d17cf35e/protob/types.p
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2179830252.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/trezor/trezor-firmware/issues/1167
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2180420002.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2178634254.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2178553184.0000000000D89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/trezor/trezor-mcu/pull/306
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897513932.0000000003830000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/1323#issuecomment-362494839
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897653550.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3898810999.0000000003D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/497
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3894327344.00000000006F8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897653550.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897653550.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/get
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895327676.0000000002C38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/post
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://insight.bitpay.com/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2099408343.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jquery.org/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242957335.000000000303D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://json.org
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://live.blockcypher.com/btc-testnet/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://live.blockcypher.com/btc/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895886194.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242957335.000000000303D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mahler:8092/site-updates.py
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mempool.emzy.de/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mempool.space/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mempool.space/signet/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mempool.space/testnet/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3899650797.0000000004150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://openalias.org
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://oxt.me/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2180335412.0000000000D89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/trezor/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3896322584.0000000003170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895327676.0000000002C38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://requests.readthedocs.io
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2177418259.0000000000D89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://revealer.cc/revealer-warning-and-upgrade/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2178553184.0000000000D89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://safe-t.io
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895327676.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2213963496.0000000002C6E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://signet.bitcoinexplorer.org/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2233339753.0000000003117000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/a/13624858
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2238525775.0000000002FD2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2241356534.0000000002FD2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895327676.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242545938.0000000002FD2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2224608904.0000000003003000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2224960603.0000000003042000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3899650797.0000000004150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://swaps.electrum.org/api
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3899650797.0000000004150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://swaps.electrum.org/testnet
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tbtc.bitaps.com/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://testnet.smartbit.com.au/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897653550.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3894327344.00000000006F8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897653550.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2237866786.0000000003905000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3898810999.0000000003D30000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2237691242.00000000038FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2237691242.00000000038FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895327676.0000000002C38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/html/sec-forms.html#multipart-form-data
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2180335412.0000000000D89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wallet.trezor.io
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3894327344.00000000006F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wiki.debian.org/XDGBaseDirectorySpecification#state
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895886194.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242957335.000000000303D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wiki.python.org/moin/DunderAlias
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.blockchain.com/btc-testnet/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.blockonomics.co/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.chain.so/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042379807.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042352227.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.6T6X6
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037439173.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057850838.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057069645.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056928352.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057109951.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033807578.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056064792.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055386544.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055658515.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2035607926.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2041983489.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042022381.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2058382952.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060722436.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037888801.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056974458.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042379807.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056192074.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056221586.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033835991.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056928352.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2094497437.0000000000D89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.keepkey.com
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895327676.0000000002C38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895886194.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242957335.000000000303D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3896953265.00000000034F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/dev/peps/pep-0506/
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895122046.0000000002B10000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2205721333.0000000000776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895327676.0000000002C38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://zopeinterface.readthedocs.io/en/latest/

Spam, unwanted Advertisements and Ransom Demands

Yara detected Generic Python Ransomware

Source: Yara match

File source: Process Memory Space: SecuriteInfo.com.Win32.Patched.24562.10289.exe PID: 6848, type: MEMORYSTR

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 0_2_00409949	0_2_00409949
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 0_2_004131C0	0_2_004131C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 0_2_00410A20	0_2_00410A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 0_2_00414570	0_2_00414570
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 0_2_004095E6	0_2_004095E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 0_2_004095E6	0_2_004095E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 0_2_0040A670	0_2_0040A670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 0_2_0040AF90	0_2_0040AF90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_00409949	3_2_00409949
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_004131C0	3_2_004131C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_00410A20	3_2_00410A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_00414570	3_2_00414570
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_004095E6	3_2_004095E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_004095E6	3_2_004095E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_0040A670	3_2_0040A670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_0040AF90	3_2_0040AF90

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: String function: 00402ED0 appears 132 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: String function: 00402F90 appears 214 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: String function: 04759483 appears 88 times

Source: _overlapped.pyd.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: libzbar-0.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: libusb-1.0.dll.0.dr	Static PE information: Number of sections : 11 > 10

Source: python3.dll.0.dr

Static PE information: No import functions for PE file found

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DEBUG_STRIPPED

Source: Qt5Core.dll.0.dr	Static PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
Source: libsecp256k1-2.dll.0.dr	Static PE information: Section: .rdata ZLIB complexity 0.9982626488095238

Source: classification engine

Classification label: mal60.rans.spyw.winEXE@14/874@0/1

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Code function: 0_2_004086F0 FormatMessageW,WideCharToMultiByte,GetLastError,

0_2_004086F0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

File created: C:\Users\user\AppData\Roaming\Electrum

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5284:120:WilError_03
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4308:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5264:120:WilError_03

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI42682

Jump to behavior

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c fsutil sparse setflag "C:\Users\user\AppData\Roaming\Electrum\blockchain_headers" 1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\fsutil.exe fsutil sparse setflag "C:\Users\user\AppData\Roaming\Electrum\blockchain_headers" 1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c fsutil sparse setflag "C:\Users\user\AppData\Roaming\Electrum\blockchain_headers" 1	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\fsutil.exe fsutil sparse setflag "C:\Users\user\AppData\Roaming\Electrum\blockchain_headers" 1	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: libffi-7.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: libcrypto-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: libssl-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: hid.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: sqlite3.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: msvcp140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: qt5gui.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: qt5widgets.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: qt5multimedia.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: qt5network.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: opengl32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: glu32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: libegl.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: libglesv2.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: qt5svg.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

File opened: C:\Users\user\Desktop\pyvenv.cfg

Jump to behavior

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe

Static file information: File size 47764104 > 1048576

Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbDD source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057256179.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3905161824.0000000068CC0000.00000002.00000001.01000000.00000038.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056928352.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055936180.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\x86ret\bin\i386\\msvcp140_1.i386.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2031031108.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055791942.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_wasapi.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055357295.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_wasapi.pdb++" source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055357295.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057256179.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3905161824.0000000068CC0000.00000002.00000001.01000000.00000038.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056325812.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_lzma.pdbOO source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3917882469.000000006F8AB000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056064792.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\11\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3918392629.000000006F901000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7mupx30s\src\rust\target\i686-pc-windows-msvc\release\deps\cryptography_rust.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3913976663.000000006C074000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_queue.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3917365415.000000006F833000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_lzma.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3917882469.000000006F8AB000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057069645.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\bearer\qgenericbearer.pdb"" source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055658515.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\_overlapped.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3916772173.000000006F715000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb!! source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056064792.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056192074.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3913976663.000000006C074000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: D:\a\1\b\libssl-1_1.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3915332521.000000006C342000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057608412.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: lblobi2d_providedcrypto\asn1\i2d_evp.ci2d_PrivateKeycrypto\passphrase.cossl_pw_set_passphraseossl_pw_set_pem_password_cbossl_pw_set_ossl_passphrase_cbossl_pw_set_ui_methoddo_ui_passphrasepass phraseossl_pw_get_passphrasePrompt info data type incorrectNo password method specifiedPVKcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllcrypto\initthread.cOPENSSL_ia32capp? source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3913976663.000000006C074000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb"" source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056325812.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_windows.pdb(( source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055519714.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055549105.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3915735484.000000006C4F4000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: D:\a\1\b\libssl-1_1.pdbAA source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3915332521.000000006C342000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\bearer\qgenericbearer.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055658515.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb"" source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055791942.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdbTT source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056471003.0000000000D8C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\win32\unicodedata.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3914567980.000000006C2AC000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3909730644.000000006A351000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\audio\qtaudio_windows.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055519714.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055549105.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3907773060.0000000069D46000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056471003.0000000000D8C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057437458.0000000000D88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libEGL.pdb source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2041983489.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3907517422.0000000069863000.00000002.00000001.01000000.0000002E.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 1.1.1t 7 Feb 2023built on: Thu Feb 9 15:27:35 2023 UTCplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "C:\Program Files (x86)\OpenSSL\lib\engines-1_1"not available source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3915735484.000000006C4F4000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: lalgorpublic_keyX509_PUBKEYcrypto\x509\x_pubkey.cx509_pubkey_ex_new_exx509_pubkey_ex_d2i_exDERX509_PUBKEY_setx509_pubkey_decodeX509_PUBKEY_get0X509_PUBKEY_getPrivateKeyInfodo_pk8pkeycrypto\pem\pem_pk8.cd2i_PKCS8PrivateKey_bioENCRYPTED PRIVATE KEYPRIVATE KEYpem_read_bio_key_decodercrypto\pem\pem_pkey.cANY PRIVATE KEYPARAMETERSpem_read_bio_key_legacyPEM_write_bio_PrivateKey_traditional%s PRIVATE KEYtype-specificcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.2.1built on: Fri Feb 16 00:14:00 2024 UTCplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "C:\Program Files (x86)\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files (x86)\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3913976663.000000006C074000.00000002.00000001.01000000.00000019.sdmp

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Code function: 0_2_004014F0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_004014F0

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe	Static PE information: section name: /4
Source: MSVCP140.dll.0.dr	Static PE information: section name: .didat
Source: Qt5Core.dll.0.dr	Static PE information: section name: .qtmimed
Source: opengl32sw.dll.0.dr	Static PE information: section name: _RDATA
Source: qtaudio_wasapi.dll.0.dr	Static PE information: section name: .qtmetad
Source: qtaudio_windows.dll.0.dr	Static PE information: section name: .qtmetad
Source: qgenericbearer.dll.0.dr	Static PE information: section name: .qtmetad
Source: qtuiotouchplugin.dll.0.dr	Static PE information: section name: .qtmetad
Source: qsvgicon.dll.0.dr	Static PE information: section name: .qtmetad
Source: qgif.dll.0.dr	Static PE information: section name: .qtmetad
Source: qicns.dll.0.dr	Static PE information: section name: .qtmetad
Source: qico.dll.0.dr	Static PE information: section name: .qtmetad
Source: qjpeg.dll.0.dr	Static PE information: section name: .qtmetad
Source: qsvg.dll.0.dr	Static PE information: section name: .qtmetad
Source: qtga.dll.0.dr	Static PE information: section name: .qtmetad
Source: qtiff.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwbmp.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwebp.dll.0.dr	Static PE information: section name: .qtmetad
Source: dsengine.dll.0.dr	Static PE information: section name: .qtmetad
Source: qtmedia_audioengine.dll.0.dr	Static PE information: section name: .qtmetad
Source: wmfengine.dll.0.dr	Static PE information: section name: .qtmetad
Source: qminimal.dll.0.dr	Static PE information: section name: .qtmetad
Source: qoffscreen.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwebgl.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwindows.dll.0.dr	Static PE information: section name: .qtmetad
Source: qxdgdesktopportal.dll.0.dr	Static PE information: section name: .qtmetad
Source: qtmultimedia_m3u.dll.0.dr	Static PE information: section name: .qtmetad
Source: windowsprintersupport.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwindowsvistastyle.dll.0.dr	Static PE information: section name: .qtmetad
Source: libcrypto-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: libsecp256k1-2.dll.0.dr	Static PE information: section name: /4
Source: libssl-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: libusb-1.0.dll.0.dr	Static PE information: section name: /4
Source: libzbar-0.dll.0.dr	Static PE information: section name: /4
Source: python310.dll.0.dr	Static PE information: section name: PyRuntim

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 0_2_004208BF push 41100E0Ah; ret	0_2_004208E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 0_2_0041B970 push ds; ret	0_2_0041B978
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 0_2_0041C3EB push ebx; iretd	0_2_0041C470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 0_2_0041C467 push ebx; iretd	0_2_0041C470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_004208BF push 41100E0Ah; ret	3_2_004208E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_0041B970 push ds; ret	3_2_0041B978
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_0041C3EB push ebx; iretd	3_2_0041C470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_0041C467 push ebx; iretd	3_2_0041C470

Persistence and Installation Behavior

Found pyInstaller with non standard icon

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Process created: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe"

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\platforms\qwebgl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5QmlModels.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\libsecp256k1-2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qgif.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\platforms\qoffscreen.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\printsupport\windowsprintersupport.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\QtWidgets.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Network.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\sip.cp310-win32.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\platforms\qminimal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Gui.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\_sqlite3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5WebSockets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\iconengines\qsvgicon.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5DBus.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\audio\qtaudio_windows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Qml.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Quick.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Svg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\QtCore.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\libzbar-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\libffi-7.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\mediaservice\dsengine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\hid.cp310-win32.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\libusb-1.0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\python310.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\audio\qtaudio_wasapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\MSVCP140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\opengl32sw.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\bearer\qgenericbearer.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\mediaservice\wmfengine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\MSVCP140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\QtPrintSupport.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Widgets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\libeay32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\ssleay32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5PrintSupport.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\QtNetwork.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\_cffi_backend.cp310-win32.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\cryptography\hazmat\bindings\_rust.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\playlistformats\qtmultimedia_m3u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Multimedia.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\QtGui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\QtMultimedia.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\mediaservice\qtmedia_audioengine.dll	Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\electrum\plugins\payserver\www\vendor\jquery-ui-themes-1.12.1\LICENSE.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\electrum\plugins\revealer\LICENSE_DEJAVU.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI42682\electrum\plugins\revealer\SIL Open Font License.txt	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Code function: 0_2_00406D50 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00406D50

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Window / User API: foregroundWindowGot 687

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\platforms\qwebgl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5QmlModels.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\libsecp256k1-2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qgif.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\platforms\qoffscreen.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\printsupport\windowsprintersupport.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\QtWidgets.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\sip.cp310-win32.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\platforms\qminimal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\_sqlite3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5WebSockets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\iconengines\qsvgicon.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5DBus.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\audio\qtaudio_windows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Qml.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Quick.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\QtCore.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\libzbar-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\mediaservice\dsengine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\hid.cp310-win32.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\libusb-1.0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\python310.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\audio\qtaudio_wasapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\opengl32sw.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\bearer\qgenericbearer.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\mediaservice\wmfengine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\QtPrintSupport.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\libeay32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\ssleay32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5PrintSupport.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\_cffi_backend.cp310-win32.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\cryptography\hazmat\bindings\_rust.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\QtNetwork.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\playlistformats\qtmultimedia_m3u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\QtGui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\QtMultimedia.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\mediaservice\qtmedia_audioengine.dll	Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_0-19792

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	API coverage: 8.6 %
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	API coverage: 0.9 %

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 0_2_00408F20 FindFirstFileExW,FindClose,		0_2_00408F20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_00408F20 FindFirstFileExW,FindClose,		3_2_00408F20

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\audio\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\iconengines\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\bearer\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\generic\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\	Jump to behavior

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2093102510.0000000000D89000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2093148044.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: # Maybe look for Jade Qemu simulator if the vars are set (experimental)
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2093102510.0000000000D89000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2093148044.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: # For testing with qemu simulator (experimental)
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2093102510.0000000000D89000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2093148044.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: id_='Jade Qemu Simulator',
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3911192477.000000006B0F8000.00000008.00000001.01000000.00000025.sdmp	Binary or memory string: j.?AVQEmulationPaintEngine@@
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3894327344.00000000006F8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2218915293.0000000000752000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2217530376.000000000074F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2220078213.0000000000752000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3911192477.000000006B0F8000.00000008.00000001.01000000.00000025.sdmp	Binary or memory string: .?AVQEmulationPaintEngine@@

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Code function: 3_2_0475A3AE IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

3_2_0475A3AE

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Code function: 0_2_004014F0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_004014F0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 0_2_0040117C Sleep,Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv,_amsg_exit,_initterm,GetStartupInfoW,_cexit,_initterm,exit,	0_2_0040117C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 0_2_00401170 Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv,	0_2_00401170
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 0_2_004011B3 Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv,	0_2_004011B3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_0040117C Sleep,Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv,_amsg_exit,_initterm,GetStartupInfoW,_cexit,_initterm,exit,	3_2_0040117C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_00401170 Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv,	3_2_00401170
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_004011B3 Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv,	3_2_004011B3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_0475A0AB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_0475A0AB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Code function: 3_2_0475A3AE IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_0475A3AE

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c fsutil sparse setflag "C:\Users\user\AppData\Roaming\Electrum\blockchain_headers" 1	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\fsutil.exe fsutil sparse setflag "C:\Users\user\AppData\Roaming\Electrum\blockchain_headers" 1	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Code function: 3_2_0475A1CD cpuid

3_2_0475A1CD

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Code function: 3_2_0475A554 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

3_2_0475A554

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Found many strings related to Crypto-Wallets (likely being stolen)

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe	String found in binary or memory: tagged by Electrum@7263a49129d14db288a01b0b9d569422baddf5e1
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2183288451.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "btc.electroncash.dk": {
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2096059627.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: def get_singlesig_default_wallet_policy(self, addr_type: 'AddressType', account: int) -> 'WalletPolicy':
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895225954.0000000002B90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: safetlib.messages.EthereumAddress
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2095753362.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: registers_keystore = ('hardware', 'ledger', _("Ledger wallet"))

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\config	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\blockchain_headers	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\forks	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\blockchain_headers	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\blockchain_headers	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\blockchain_headers	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\recent_servers	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\certs	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\cache\CoinGecko_EUR	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\cache	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\config	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\forks	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\forks\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\config	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\certs	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\cache	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\config	Jump to behavior
Source: C:\Windows\SysWOW64\fsutil.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\blockchain_headers	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Native API	1 DLL Side-Loading	11 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	11 Process Injection	LSASS Memory	11 Security Software Discovery	Remote Desktop Protocol	2 Data from Local System	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	1 Application Window Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	2 File and Directory Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	23 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Win32.Patched.24562.10289.exe	3%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\MSVCP140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\MSVCP140_1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Core.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5DBus.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Gui.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Multimedia.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Network.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5PrintSupport.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Qml.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5QmlModels.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Quick.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Svg.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5WebSockets.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Widgets.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\d3dcompiler_47.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\libEGL.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\libGLESv2.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\libeay32.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\opengl32sw.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\ssleay32.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\audio\qtaudio_wasapi.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\audio\qtaudio_windows.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\bearer\qgenericbearer.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\iconengines\qsvgicon.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qgif.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qicns.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qico.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qjpeg.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qsvg.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qtga.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qtiff.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qwbmp.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\imageformats\qwebp.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\mediaservice\dsengine.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\mediaservice\qtmedia_audioengine.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\mediaservice\wmfengine.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\platforms\qminimal.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\platforms\qoffscreen.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\platforms\qwebgl.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\platforms\qwindows.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\playlistformats\qtmultimedia_m3u.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\printsupport\windowsprintersupport.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\QtCore.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\QtGui.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\QtMultimedia.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\QtNetwork.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\QtPrintSupport.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\QtWidgets.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\sip.cp310-win32.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\VCRUNTIME140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\_asyncio.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\_bz2.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\_cffi_backend.cp310-win32.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\_ctypes.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\_decimal.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\_hashlib.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\_lzma.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\_multiprocessing.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\_overlapped.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\_queue.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\_socket.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\_sqlite3.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\_ssl.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\_uuid.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\bitbox02\communication\generated\backup_commands_pb2.pyi	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\bitbox02\communication\generated\bitbox02_system_pb2.pyi	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\bitbox02\communication\generated\btc_pb2.pyi	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI42682\bitbox02\communication\generated\common_pb2.pyi	0%	ReversingLabs

Source	Detection	Scanner	Label
https://httpbin.org/get	0%	URL Reputation	safe
https://www.python.org/dev/peps/pep-0506/	0%	Avira URL Cloud	safe
http://www.openssl.org/V	0%	URL Reputation	safe
https://EditorConfig.org	0%	Avira URL Cloud	safe
http://api.jqueryui.com/category/theming/	0%	Avira URL Cloud	safe
https://github.com/keepkey/python-keepkey	0%	Avira URL Cloud	safe
http://github.com/romanz/amodem/;	0%	Avira URL Cloud	safe
https://cloud.google.com/appengine/docs/standard/runtimes	0%	Avira URL Cloud	safe
https://github.com/pyca/cryptography/issues/8996	0%	Avira URL Cloud	safe
https://testnet.smartbit.com.au/	0%	Avira URL Cloud	safe
http://jqueryui.com	0%	Avira URL Cloud	safe
http://bugs.python.org/issue1230540	0%	Avira URL Cloud	safe
https://httpbin.org/post	0%	URL Reputation	safe
https://github.com/aio-libs/aiohttp/discussions/6044	0%	Avira URL Cloud	safe
https://github.com/stefankoegl/python-json-pointer	0%	Avira URL Cloud	safe
http://jqueryui.com/themeroller/?ffDefault=Arial%2Csans-serif&fwDefault=bold&fsDefault=1.1em&cornerR	0%	Avira URL Cloud	safe
http://jqueryui.com/themeroller/?ffDefault=Segoe%20UI%2CArial%2Csans-serif&fwDefault=bold&fsDefault=	0%	Avira URL Cloud	safe
https://github.com/stefankoegl/python-json-patchng	0%	Avira URL Cloud	safe
https://github.com/Blockstream/Jade)	0%	Avira URL Cloud	safe
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#	0%	Avira URL Cloud	safe
https://tools.ietf.org/html/rfc2388#section-4.4	0%	Avira URL Cloud	safe
http://jqueryui.com/themeroller/?ffDefault=Verdana%2CArial%2Csans-serif&fwDefault=normal&fsDefault=1	0%	Avira URL Cloud	safe
http://www.opensource.org/licenses/mit-license.php	0%	Avira URL Cloud	safe
https://refspecs.linuxfoundation.org/elf/gabi4	0%	Avira URL Cloud	safe
http://docs.python.org/3/library/subprocess#subprocess.Popen.kill	0%	Avira URL Cloud	safe
http://jqueryui.com/themeroller/?ffDefault=Segoe%20UI%2CHelvetica%2CArial%2Csans-serif&fwDefault=bol	0%	Avira URL Cloud	safe
http://jqueryui.com/themeroller/?ffDefault=Arial%2Csans-serif&fwDefault=bold&fsDefault=1.3em&cornerR	0%	Avira URL Cloud	safe
https://github.com/python-attrs/attrs/issues/136	0%	Avira URL Cloud	safe
https://github.com/romis2012/python-socks	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/Microsoft	0%	Avira URL Cloud	safe
https://oxt.me/	0%	Avira URL Cloud	safe
https://zopeinterface.readthedocs.io/en/latest/	0%	Avira URL Cloud	safe
https://github.com/spesmilo/electrum	0%	Avira URL Cloud	safe
https://docs.python.org/3/library/pprint.html	0%	Avira URL Cloud	safe
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688	0%	Avira URL Cloud	safe
http://httpbin.org/	0%	Avira URL Cloud	safe
http://jacek.jedrzejewski.name)	0%	Avira URL Cloud	safe
https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access	0%	Avira URL Cloud	safe
https://api.trustedcoin.com/2/	0%	Avira URL Cloud	safe
https://electrum.org/version	0%	Avira URL Cloud	safe
http://docs.electrum.org/r	0%	Avira URL Cloud	safe
https://btc.com/	0%	Avira URL Cloud	safe
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader	0%	Avira URL Cloud	safe
https://mempool.space/testnet/	0%	Avira URL Cloud	safe
https://httpbin.org/	0%	Avira URL Cloud	safe
http://xmr.link	0%	Avira URL Cloud	safe
http://www.cl.cam.ac.uk/~mgk25/iso-time.html	0%	Avira URL Cloud	safe
http://stackoverflow.com/questions/5176691/argparse-how-to-specify-a-default-subcommandFr	0%	Avira URL Cloud	safe
http://jqueryui.com/themeroller/?ffDefault=Arial%2CHelvetica%2Csans-serif&fsDefault=1em&fwDefault=no	0%	Avira URL Cloud	safe
https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file	0%	Avira URL Cloud	safe
http://www.symauth.com/cps0(	0%	Avira URL Cloud	safe
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535	0%	Avira URL Cloud	safe
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy	0%	Avira URL Cloud	safe
https://jquery.org/	0%	Avira URL Cloud	safe
https://live.blockcypher.com/btc/	0%	Avira URL Cloud	safe
https://docs.python.org/3/library/re.html	0%	Avira URL Cloud	safe
https://wiki.debian.org/XDGBaseDirectorySpecification#state	0%	Avira URL Cloud	safe
http://wwwsearch.sf.net/):	0%	Avira URL Cloud	safe
https://mempool.emzy.de/	0%	Avira URL Cloud	safe
https://btc.bitaps.com/r	0%	Avira URL Cloud	safe
http://tools.ietf.org/html/rfc6125#section-6.4.3	0%	Avira URL Cloud	safe
https://wallet.trezor.io	0%	Avira URL Cloud	safe
http://jqueryui.com/themeroller/?ffDefault=Helvetica%2CArial%2Csans-serif&fwDefault=normal&fsDefault	0%	Avira URL Cloud	safe
https://github.com/trezor/trezor-mcu/pull/306	0%	Avira URL Cloud	safe
https://blockchain.com/btc/	0%	Avira URL Cloud	safe
http://stackoverflow.com/questi	0%	Avira URL Cloud	safe
https://bugs.python.org/issue37179	0%	Avira URL Cloud	safe
https://blockchair.com/bitcoin/	0%	Avira URL Cloud	safe
https://mempool.space/	0%	Avira URL Cloud	safe
http://github.com/romanz/amodem/	0%	Avira URL Cloud	safe
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py	0%	Avira URL Cloud	safe
https://github.com/jaraco/jaraco.functools/issues/5	0%	Avira URL Cloud	safe
http://www.symauth.com/rpa04	0%	Avira URL Cloud	safe
http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm	0%	Avira URL Cloud	safe
http://dejavu.sourceforge.net/wiki/index.php/License	0%	Avira URL Cloud	safe
https://github.com/pyca/cryptography/issues	0%	Avira URL Cloud	safe
https://www.keepkey.com	0%	Avira URL Cloud	safe
http://stackoverflow.com/questions/18729405/how-to-convert-utf8-string-to-byte-array	0%	Avira URL Cloud	safe
http://example.co	0%	Avira URL Cloud	safe
https://chainflyer.bitflyer.jp/	0%	Avira URL Cloud	safe
https://mahler:8092/site-updates.py	0%	Avira URL Cloud	safe
https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.	0%	Avira URL Cloud	safe
http://google.com/	0%	Avira URL Cloud	safe
https://blockstream.info/	0%	Avira URL Cloud	safe
https://github.com/trezor/trezor-common/blob/44dfb07cfaafffada4b2ce0d15ba1d90d17cf35e/protob/types.p	0%	Avira URL Cloud	safe
https://mempool.space/signet/	0%	Avira URL Cloud	safe
https://insight.bitpay.com/	0%	Avira URL Cloud	safe
https://github.com	0%	Avira URL Cloud	safe
https://www.python.org/download/releases/2.3/mro/.	0%	Avira URL Cloud	safe
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy	0%	Avira URL Cloud	safe
http://jquery.org/license	0%	Avira URL Cloud	safe
https://docs.python.org/3/library/asyncio-eventloop.html	0%	Avira URL Cloud	safe
https://github.com/jquery/jquery-ui	0%	Avira URL Cloud	safe
http://jqueryui.com/themeroller/?ffDefault=Georgia%2CVerdana%2CArial%2Csans-serif&fwDefault=bold&fsD	0%	Avira URL Cloud	safe
http://python.org/	0%	Avira URL Cloud	safe
https://github.com/trezor/trezor-firmware/issues/1167	0%	Avira URL Cloud	safe
http://jqueryui.com/themeroller/?ffDefault=Trebuchet%20MS%2CTahoma%2CVerdana%2CArial%2Csans-serif&fw	0%	Avira URL Cloud	safe
https://github.com/Ousret/charset_normalizer	0%	Avira URL Cloud	safe
https://en.w	0%	Avira URL Cloud	safe

Name	Source	Malicious	Antivirus Detection	Reputation
http://github.com/romanz/amodem/;	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3901013988.0000000004600000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://EditorConfig.org	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2097439164.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2097418553.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/pyca/cryptography/issues/8996	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3913976663.000000006C074000.00000002.00000001.01000000.00000019.sdmp	false	Avira URL Cloud: safe	unknown
https://cloud.google.com/appengine/docs/standard/runtimes	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897605402.00000000038B0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://bugs.python.org/issue1230540	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/keepkey/python-keepkey	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2094497437.0000000000D89000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://testnet.smartbit.com.au/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.python.org/dev/peps/pep-0506/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3896953265.00000000034F0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://jqueryui.com	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2175438895.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2157775396.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2172780743.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2107657852.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2169936868.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2132718277.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2147029780.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2138633371.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2160791058.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2150054137.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2149774289.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2101351693.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2124497148.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2157496095.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2170172607.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2138256366.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2152003824.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2119531424.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2132875943.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2113608155.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2141344769.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://api.jqueryui.com/category/theming/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2157775396.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2172780743.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2107657852.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2138633371.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2160791058.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2150054137.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2170172607.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2141344769.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2152216416.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2116343186.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2118038383.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2113801665.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2147192887.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2154473704.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2150094671.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2134684168.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2167159991.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2111465597.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2134747715.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2143852805.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2175827518.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/aio-libs/aiohttp/discussions/6044	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895886194.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242957335.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897094882.00000000035C0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://jqueryui.com/themeroller/?ffDefault=Segoe%20UI%2CArial%2Csans-serif&fwDefault=bold&fsDefault=	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2169936868.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2160791058.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2170172607.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2160528690.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://jqueryui.com/themeroller/?ffDefault=Arial%2Csans-serif&fwDefault=bold&fsDefault=1.1em&cornerR	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2111465597.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2111314261.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2204274538.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3894327344.00000000006F8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2218915293.0000000000752000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2206879957.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2217530376.000000000074F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2206450001.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2220078213.0000000000752000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2205412182.0000000000761000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/stefankoegl/python-json-pointer	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3899650797.0000000004150000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/stefankoegl/python-json-patchng	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3899650797.0000000004150000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tools.ietf.org/html/rfc2388#section-4.4	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897653550.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/Blockstream/Jade)	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2093273663.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://jqueryui.com/themeroller/?ffDefault=Verdana%2CArial%2Csans-serif&fwDefault=normal&fsDefault=1	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2157775396.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2157496095.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2152003824.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2152216416.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2116343186.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2116148125.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2109909892.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2152185790.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2110058462.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2151981294.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.opensource.org/licenses/mit-license.php	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2177467444.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://refspecs.linuxfoundation.org/elf/gabi4	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3896322584.0000000003170000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://jqueryui.com/themeroller/?ffDefault=Segoe%20UI%2CHelvetica%2CArial%2Csans-serif&fwDefault=bol	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2141344769.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2167159991.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2166882820.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2140992867.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.python.org/3/library/subprocess#subprocess.Popen.kill	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3896415516.0000000003200000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/Microsoft	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3894327344.00000000006F8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/python-attrs/attrs/issues/136	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895886194.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242957335.000000000303D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://jqueryui.com/themeroller/?ffDefault=Arial%2Csans-serif&fwDefault=bold&fsDefault=1.3em&cornerR	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2118038383.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2117876145.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://oxt.me/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/spesmilo/electrum	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3899180485.0000000003F80000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://jqueryui.com/themeroller/?ffDefault=segoe%20ui%2CArial%2Csans-serif&fwDefault=bold&fsDefault=	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2154473704.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2121932084.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2122170611.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2154262493.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://github.com/romis2012/python-socks	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897605402.00000000038B0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://zopeinterface.readthedocs.io/en/latest/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895327676.0000000002C38000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://docs.python.org/3/library/pprint.html	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2238525775.0000000002FD2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2241356534.0000000002FD2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242545938.0000000002FD2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3894963625.0000000002810000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2206847907.0000000000BE9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://httpbin.org/get	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897653550.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://httpbin.org/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3894327344.00000000006F8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897653550.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.electrum.org/r	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2273385825.0000000003A63000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895327676.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2213963496.0000000002C6E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.trustedcoin.com/2/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2182448111.0000000000D89000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3903955364.00000000059B0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://electrum.org/version	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3903873170.0000000005970000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://jacek.jedrzejewski.name)	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2099219936.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://btc.com/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2204274538.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3894327344.00000000006F8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2218915293.0000000000752000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2206879957.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2217530376.000000000074F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2206450001.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2220078213.0000000000752000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2205412182.0000000000761000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mempool.space/testnet/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://httpbin.org/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3894327344.00000000006F8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897653550.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://xmr.link	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3899650797.0000000004150000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3913976663.000000006C074000.00000002.00000001.01000000.00000019.sdmp	false	Avira URL Cloud: safe	unknown
http://www.cl.cam.ac.uk/~mgk25/iso-time.html	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2216065168.0000000002CE4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2216065168.0000000002CD4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://stackoverflow.com/questions/5176691/argparse-how-to-specify-a-default-subcommandFr	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2273425021.0000000003A12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.symauth.com/cps0(	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176962564.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176899671.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://jqueryui.com/themeroller/?ffDefault=Arial%2CHelvetica%2Csans-serif&fsDefault=1em&fwDefault=no	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2107657852.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2107513088.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897653550.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2204274538.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3894327344.00000000006F8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2218915293.0000000000752000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2206879957.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2217530376.000000000074F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2206450001.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2220078213.0000000000752000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2205412182.0000000000761000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://docs.python.org/3/library/re.html	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2224960603.0000000003042000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jquery.org/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2099408343.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://live.blockcypher.com/btc/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mempool.emzy.de/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wiki.debian.org/XDGBaseDirectorySpecification#state	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3894327344.00000000006F8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://wwwsearch.sf.net/):	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897653550.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tools.ietf.org/html/rfc6125#section-6.4.3	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895685466.0000000002E60000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://btc.bitaps.com/r	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://jqueryui.com/themeroller/?ffDefault=Helvetica%2CArial%2Csans-serif&fwDefault=normal&fsDefault	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2175438895.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2132718277.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2132875943.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2134684168.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2134747715.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2175827518.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wallet.trezor.io	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2180335412.0000000000D89000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/trezor/trezor-mcu/pull/306	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2180420002.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2178634254.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2178553184.0000000000D89000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://bugs.python.org/issue37179	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895886194.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242957335.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897094882.00000000035C0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://blockchain.com/btc/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://blockchair.com/bitcoin/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://stackoverflow.com/questi	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176298438.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mempool.space/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.symauth.com/rpa04	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176962564.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176899671.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/jaraco/jaraco.functools/issues/5	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895737140.0000000002EA0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2205412182.0000000000761000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://github.com/romanz/amodem/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3902672259.0000000004FF0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3901013988.0000000004600000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2216065168.0000000002CE4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2216065168.0000000002CD4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://dejavu.sourceforge.net/wiki/index.php/License	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176484279.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://stackoverflow.com/questions/18729405/how-to-convert-utf8-string-to-byte-array	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176244493.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2176298438.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/pyca/cryptography/issues	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3913976663.000000006C074000.00000002.00000001.01000000.00000019.sdmp	false	Avira URL Cloud: safe	unknown
https://www.keepkey.com	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2094497437.0000000000D89000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://example.co	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2220401057.0000000002C82000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897653550.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://google.com/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897653550.00000000038F0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2237691242.00000000038FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://chainflyer.bitflyer.jp/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mahler:8092/site-updates.py	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895886194.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242957335.000000000303D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://blockstream.info/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mempool.space/signet/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/trezor/trezor-common/blob/44dfb07cfaafffada4b2ce0d15ba1d90d17cf35e/protob/types.p	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2178138454.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2178111626.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://insight.bitpay.com/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2232555786.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://jquery.org/license	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2157775396.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2172780743.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2107657852.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2138633371.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2160791058.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2150054137.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2170172607.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2141344769.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2152216416.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2116343186.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2118038383.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2113801665.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2147192887.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2154473704.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2150094671.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2134684168.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2167159991.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2111465597.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2134747715.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2143852805.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2175827518.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.openssl.org/V	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055166286.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.python.org/download/releases/2.3/mro/.	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895122046.0000000002B10000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2205721333.0000000000776000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897282305.00000000036D0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2237866786.0000000003905000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3898810999.0000000003D30000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2237691242.00000000038FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://docs.python.org/3/library/asyncio-eventloop.html	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895886194.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242957335.000000000303D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/jquery/jquery-ui	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2099408343.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://jqueryui.com/themeroller/?ffDefault=Georgia%2CVerdana%2CArial%2Csans-serif&fwDefault=bold&fsD	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2164195030.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2164458335.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://jqueryui.com/themeroller/?ffDefault=Trebuchet%20MS%2CTahoma%2CVerdana%2CArial%2Csans-serif&fw	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2172780743.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2147029780.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2147192887.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2172549878.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://httpbin.org/post	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895327676.0000000002C38000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/trezor/trezor-firmware/issues/1167	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2179830252.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://python.org/	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3895886194.000000000303D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2242957335.000000000303D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://en.w	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2218915293.0000000000752000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2217530376.000000000074F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2206450001.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000003.2220078213.0000000000752000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/Ousret/charset_normalizer	SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3897653550.00000000038F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1505139
Start date and time:	2024-09-05 20:37:33 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Win32.Patched.24562.10289.exe
Detection:	MAL
Classification:	mal60.rans.spyw.winEXE@14/874@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 98% Number of executed functions: 50 Number of non-executed functions: 494
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: SecuriteInfo.com.Win32.Patched.24562.10289.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\MSVCP140.dll	fr#U0435#U0435#U041a#U041cS#U0410ut#U043e#U279cN#U0435t#U279cP#U043ert#U0430bl#U0435##U28e4.zip.7z	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Win32.Patched.29806.7109.exe	Get hash	malicious	Unknown	Browse
	electrum-4.5.3-setup.exe	Get hash	malicious	Unknown	Browse
	electrum-4.5.3.exe	Get hash	malicious	Unknown	Browse
	BEwkwcQFOA.exe	Get hash	malicious	Unknown	Browse
	https://files.jalinga.com/builds/releases/jalinga_studio.4.0.2040.0.exe	Get hash	malicious	Unknown	Browse
	MedMooc.exe	Get hash	malicious	Unknown	Browse
	FileZilla_3.52.2_win64_sponsored-setup.exe	Get hash	malicious	Unknown	Browse
	f_026dfd.exe	Get hash	malicious	Unknown	Browse
C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\MSVCP140_1.dll	Browser.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Win32.Patched.29806.7109.exe	Get hash	malicious	Unknown	Browse
	electrum-4.5.3-setup.exe	Get hash	malicious	Unknown	Browse
	electrum-4.5.3.exe	Get hash	malicious	Unknown	Browse
	BEwkwcQFOA.exe	Get hash	malicious	Unknown	Browse
	https://files.jalinga.com/builds/releases/jalinga_studio.4.0.2040.0.exe	Get hash	malicious	Unknown	Browse
	CABPRansom.exe	Get hash	malicious	Unknown	Browse
	MedMooc.exe	Get hash	malicious	Unknown	Browse

Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057850838.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedsengine.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2031031108.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140_1.dllT vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2033807578.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5DBus.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056064792.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqgif.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2041983489.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibEGL.dll. vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2030776654.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140.dllT vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056192074.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqicns.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056221586.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqicns.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056928352.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqsvg.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2038632375.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Svg.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056513023.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqjpeg.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057069645.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtga.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057608412.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqwebp.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2060500975.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqxdgdesktopportal.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2038817711.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5WebSockets.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055357295.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtaudio_wasapi.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055936180.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqsvgicon.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2036376967.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5PrintSupport.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2037412105.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5QmlModels.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2042022381.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibEGL.dll. vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057437458.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqwbmp.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055688142.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqgenericbearer.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055791942.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtuiotouchplugin.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055519714.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtaudio_windows.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2056325812.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqico.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2057223834.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtiff.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000000.00000003.2055166286.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamessleay32.dllH vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe	Binary or memory string: OriginalFilename vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3917014406.000000006F72C000.00000002.00000001.01000000.00000013.sdmp	Binary or memory string: OriginalFilename_asyncio.pyd. vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3907554840.0000000069866000.00000002.00000001.01000000.0000002E.sdmp	Binary or memory string: OriginalFilenamelibEGL.dll. vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3913233438.000000006BC2F000.00000002.00000001.01000000.0000001D.sdmp	Binary or memory string: OriginalFilename_sqlite3.pyd. vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3908757695.0000000069EBB000.00000002.00000001.01000000.0000002A.sdmp	Binary or memory string: OriginalFilenameQt5Multimedia.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3906018383.0000000068DBB000.00000002.00000001.01000000.00000034.sdmp	Binary or memory string: OriginalFilenameqjpeg.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3905046954.0000000068C86000.00000002.00000001.01000000.00000039.sdmp	Binary or memory string: OriginalFilenameqwbmp.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3906536973.0000000068DE8000.00000002.00000001.01000000.00000031.sdmp	Binary or memory string: OriginalFilenameqgif.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3905238009.0000000068CE4000.00000002.00000001.01000000.00000038.sdmp	Binary or memory string: OriginalFilenameqtiff.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3917436220.000000006F836000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3914922372.000000006C2AE000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3905599976.0000000068D3E000.00000002.00000001.01000000.00000036.sdmp	Binary or memory string: OriginalFilenameQt5Svg.dll( vs SecuriteInfo.com.Win32.Patched.24562.10289.exe
Source: SecuriteInfo.com.Win32.Patched.24562.10289.exe, 00000003.00000002.3918464652.000000006F911000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs SecuriteInfo.com.Win32.Patched.24562.10289.exe

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	454128
Entropy (8bit):	6.669498628019609
Encrypted:	false
SSDEEP:	12288:y9vcHNFaPZ2Jj/gMvpbUUtQgTCZuGre6gIo1hUgiW6QR7t5s03Ooc8dHkC2esrVx:ytcHNa2Jj/g4bUUtQgTn6g003Ooc8dHE
MD5:	ECEFF9C92E14B580EA84365F3D60F7DE
SHA1:	00699126456379FA48CB122E21B7F4731A72C57C
SHA-256:	265591A709A5DB413D73C95B538DA321EDEACB40059BDCEB142F997A3D458B49
SHA-512:	FD325D77EB2C30E1CD1B2D871986E057318C1BE911793521C7BF79FB2C5DC359CB7DB90C6D6C5711FEDD734B6B03117B8BAF241DFBD78585CF55A25983EC8727
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: fr#U0435#U0435#U041a#U041cS#U0410ut#U043e#U279cN#U0435t#U279cP#U043ert#U0430bl#U0435##U28e4.zip.7z, Detection: malicious, Browse Filename: SecuriteInfo.com.Win32.Patched.29806.7109.exe, Detection: malicious, Browse Filename: electrum-4.5.3-setup.exe, Detection: malicious, Browse Filename: electrum-4.5.3.exe, Detection: malicious, Browse Filename: BEwkwcQFOA.exe, Detection: malicious, Browse Filename: , Detection: malicious, Browse Filename: MedMooc.exe, Detection: malicious, Browse Filename: FileZilla_3.52.2_win64_sponsored-setup.exe, Detection: malicious, Browse Filename: f_026dfd.exe, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mw`...3...3...3C..3...3.t.3...3...36..3<c.2...3<c.2...3<c.2...3<c.2g..3<c.2...3<c.3...3<c.2...3Rich...3........PE..L.....t^.........."!.....:...................P......................................_Y....@A.........................z...................................A.......;...z..8...........................Xy..@....................v..@....................text....9.......:.................. ..`.data...t(...P.......>..............@....idata...............V..............@..@.didat..4............j..............@....rsrc................l..............@..@.reloc...;.......<...p..............@..B................................................................................................................................................................................................................................................................................

File type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Entropy (8bit):	7.998115015420231
TrID:	Win32 Executable (generic) a (10002005/4) 99.53% InstallShield setup (43055/19) 0.43% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Win32.Patched.24562.10289.exe
File size:	47'764'104 bytes
MD5:	d430fb367b17fdd8a5f7fd72c16e0477
SHA1:	bd832259a3dd2e8d0c4e421bdf92c0a7b06f9049
SHA256:	3710df97f996f8f6390fa8b23bbafea03f2e7568bf00297f737324f380f06675
SHA512:	255c2888007b0236c70c74293995e23a78f921a6712abaffefccd4d4a85c5ce1a3d1d7e40e60fc3fcfc194c979e9d4497860f4572b75b16d8d55304bfc18652f
SSDEEP:	786432:MF8WWxUd9d1LRphkc3FphiWGlso5EYWAFPMUcgDB2hREoBdImGIcmdK1RdiG+udQ:MF8WWxU9ddRzFphiZd5EXUcgD4hAIzsY
TLSH:	8CA733C68DB20073F422057BACD5FDF1873E12E8AB76842BDA39045765BBCE1195263B
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n05[........../....#.j........................@..........................`.......C.....................................

Entrypoint:	0x4014b0
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DEBUG_STRIPPED
DLL Characteristics:
Time Stamp:	0x5B35306E [Thu Jun 28 19:01:02 2018 UTC]
TLS Callbacks:	0x40d830, 0x40d7e0
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	e9d858bf5cc2b22933333fd98518c716

Signature Valid:	true
Signature Issuer:	CN=GoGetSSL G4 CS RSA4096 SHA256 2022 CA-1, O=EnVers Group SIA, C=LV
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	08/05/2024 02:00:00 08/05/2025 01:59:59
Subject Chain	CN=Electrum Technologies GmbH, O=Electrum Technologies GmbH, L=Berlin, S=Berlin, C=DE
Version:	3
Thumbprint MD5:	147702A38DDFCC9690E07814BB328522
Thumbprint SHA-1:	BFF7076B4C517AEE0E3D2CCAA7F894C2399010CF
Thumbprint SHA-256:	2FC8F7385221D01B0010390F40A0653A72CF36EFE729B8FF21FBF8F1C458385F
Serial:	0207B0D2256E682FD464B51556AD55A7

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x31000	0x10dc	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x35000	0x10148	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x2d8aa68	0x2820
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x1d9e4	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x31304	0x278	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x16844	0x16a00	bfa94cc0c6fba6cfbec218f12bae7497	False	0.49559737569060774	data	6.147093437333147	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x18000	0x7c	0x200	5f248157483c9031b1f144a8f35a67cd	False	0.158203125	data	1.0951453424827384	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x19000	0x5ab8	0x5c00	aacd1e7ef1965ac5f96b9f65821eebe5	False	0.4833984375	data	6.42318523882154	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
/4	0x1f000	0x282c	0x2a00	5ade56e21c5cc0870eed26c14dc73992	False	0.31156994047619047	data	4.885403344130252	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.bss	0x22000	0xecb4	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x31000	0x10dc	0x1200	1a0f376f0f1923d8b6ac09985cd92d62	False	0.3878038194444444	PGP symmetric key encrypted data - Plaintext or unencrypted data	5.130264530707902	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.CRT	0x33000	0x34	0x200	3d6d77b813b142a365114d8d26628b28	False	0.0703125	Matlab v4 mat-file (little endian) \220\327@, numeric, rows 4198704, columns 0	0.2709192282599745	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x34000	0x8	0x200	bf619eac0cdf3f68d496ea9344137e8b	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x35000	0x11000	0x10200	3b12c52c6e1917222adab677428556b6	False	0.6228197674418605	data	6.0401874871081915	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x35208	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	0.38853790613718414
RT_ICON	0x35ab0	0x6d06	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9946255822285919
RT_ICON	0x3c7b8	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 0	0.2696622579121398
RT_ICON	0x409e0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	0.34315352697095436
RT_ICON	0x42f88	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	0.38672607879924953
RT_ICON	0x44030	0x6b8	Device independent bitmap graphic, 20 x 40 x 32, image size 0	0.5866279069767442
RT_ICON	0x446e8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	0.5328014184397163
RT_GROUP_ICON	0x44b50	0x68	data	0.7596153846153846
RT_MANIFEST	0x44bb8	0x590	XML 1.0 document, ASCII text, with CRLF line terminators	0.44662921348314605

DLL	Import
ADVAPI32.dll	ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetTokenInformation, OpenProcessToken
COMCTL32.DLL	LoadIconMetric
GDI32.dll	CreateFontIndirectW, DeleteObject, SelectObject
KERNEL32.dll	CloseHandle, CreateDirectoryW, CreateProcessW, DeleteCriticalSection, EnterCriticalSection, ExpandEnvironmentStringsW, FindClose, FindFirstFileExW, FormatMessageW, FreeLibrary, GetCommandLineW, GetCurrentProcess, GetEnvironmentVariableW, GetExitCodeProcess, GetLastError, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleW, GetProcAddress, GetStartupInfoW, GetTempPathW, InitializeCriticalSection, IsDBCSLeadByteEx, LeaveCriticalSection, LoadLibraryA, LoadLibraryExW, LocalFree, MulDiv, MultiByteToWideChar, SetConsoleCtrlHandler, SetDllDirectoryW, SetEnvironmentVariableW, SetUnhandledExceptionFilter, Sleep, TlsGetValue, VirtualProtect, VirtualQuery, WaitForSingleObject, WideCharToMultiByte
msvcrt.dll	__argc, __lconv_init, __mb_cur_max, __p__commode, __p__fmode, __p__wcmdln, __set_app_type, __setusermatherr, __wargv, __wgetmainargs, __winitenv, _amsg_exit, _cexit, _errno, _filelengthi64, _fileno, _findclose, _get_osfhandle, _initterm, _iob, _lock, _onexit, _setmode, _snwprintf, fwprintf, _unlock, _wcsdup, _wfopen, _wfullpath, _wputenv_s, _wremove, _wrmdir, _wtempnam, abort, atoi, calloc, clearerr, exit, fclose, feof, ferror, fflush, fgetpos, fprintf, fputc, fputwc, fread, free, fsetpos, fwrite, iswctype, localeconv, malloc, mbstowcs, memcmp, memcpy, memset, perror, realloc, setbuf, setlocale, signal, strcat, strchr, strcmp, strcpy, strerror, strlen, strncat, strncmp, strncpy, strtok, vfprintf, wcscat, wcschr, wcscmp, wcscpy, wcslen, wcsncpy, wcstombs, _wstat, _wfindnext, _wfindfirst, _stat, _wcsdup, _strdup, _getpid, _fileno
USER32.dll	CreateWindowExW, DestroyIcon, DialogBoxIndirectParamW, DrawTextW, EndDialog, GetClientRect, GetDC, GetDialogBaseUnits, GetWindowLongW, InvalidateRect, MessageBoxA, MessageBoxW, MoveWindow, ReleaseDC, SendMessageW, SetWindowLongW, SystemParametersInfoW

Target ID:	0
Start time:	14:38:21
Start date:	05/09/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe"
Imagebase:	0x400000
File size:	47'764'104 bytes
MD5 hash:	D430FB367B17FDD8A5F7FD72C16E0477
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	14:38:38
Start date:	05/09/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Patched.24562.10289.exe"
Imagebase:	0x400000
File size:	47'764'104 bytes
MD5 hash:	D430FB367B17FDD8A5F7FD72C16E0477
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	4
Start time:	14:38:42
Start date:	05/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c "ver"
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	6
Start time:	14:38:43
Start date:	05/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c "ver"
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	8
Start time:	14:38:45
Start date:	05/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c fsutil sparse setflag "C:\Users\user\AppData\Roaming\Electrum\blockchain_headers" 1
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Execution Coverage:	1.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	9.5%
Total number of Nodes:	1395
Total number of Limit Nodes:	36

Execution Coverage:	0.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	369
Total number of Limit Nodes:	28

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Win32.Patched.24562.10289.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Cryptography

Compliance

Spreading

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\MSVCP140.dll

C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\MSVCP140_1.dll

C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Core.dll

C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5DBus.dll

C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Gui.dll

C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Multimedia.dll

C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Network.dll

C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5PrintSupport.dll

C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Qml.dll

C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5QmlModels.dll

C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Quick.dll

C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Svg.dll

C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5WebSockets.dll

C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\Qt5Widgets.dll

C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\d3dcompiler_47.dll

C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\libEGL.dll

C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\libGLESv2.dll

C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\libeay32.dll

C:\Users\user\AppData\Local\Temp\_MEI42682\PyQt5\Qt5\bin\opengl32sw.dll

Windows Analysis Report
SecuriteInfo.com.Win32.Patched.24562.10289.exe

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre