i just checked virus total, and the factor that seems most likely to be flagging the false positives is the dns outreaches to obscure sites, however when searches they are shown to resolve to digicert sites. its likely flagged due to reaching out to outbound network for certifying software, and some sandbox environments recognize activity as trojan without verifying identity of outbound network.