Windows Analysis Report
apt66ext.log.exe

Overview

General Information

Sample name: apt66ext.log.exe
Analysis ID: 1467955
MD5: 494a19dc7e5eaa0e516ece245d2661de
SHA1: 37e1a6a7b9c2f85d563bfa44aabcabc26fd00fb5
SHA256: 7ff47dce0ad262f4c0818170213a2a5c97b098258f5b2e85b3df5a48eed05183
Infos:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: apt66ext.log.exe Virustotal: Detection: 15% Perma Link
Source: apt66ext.log.exe ReversingLabs: Detection: 18%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 99.2% probability
Source: apt66ext.log.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\qtmedia_audioengine.pdb++ source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtwebglplugin\plugins\platforms\qwebgl.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qoffscreen.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\dsengine.pdbdd" source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\dsengine.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\18\s\PCbuild\amd64\unicodedata.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtwebsockets\lib\Qt5WebSockets.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\qtmedia_audioengine.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtdeclarative\lib\Qt5QmlModels.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: placed in the .pdbrc file): source: staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: If a file ".pdbrc" exists in your home directory or in the current source: staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1773526734.000002F6F5C73000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1781108164.000002F6F5D11000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1774529668.000002F6F5D02000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb%% source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtdeclarative\lib\Qt5Quick.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtdeclarative\lib\Qt5QmlModels.pdb11 source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: vcruntime140.amd64.pdbGCTL source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdbRR source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb** source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: vcruntime140.amd64.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbBB source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platformthemes\qxdgdesktopportal.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\bob\openssl-1.0.2s\out32dll\ssleay32.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\printsupport\windowsprintersupport.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qminimal.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\wmfengine.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: -c are executed after commands from .pdbrc files. source: staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qoffscreen.pdbKK source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtwebsockets\lib\Qt5WebSockets.pdb00 source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Initial commands are read from .pdbrc files in your home directory source: staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\18\s\PCbuild\amd64\select.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\bob\openssl-1.0.2s\out32dll\ssleay32.pdbFF source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtwebglplugin\plugins\platforms\qwebgl.pdb11 source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\opencv-python\opencv-python\_skbuild\win-amd64-3.7\cmake-build\lib\python3\Release\cv2.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E559E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qminimal.pdbPP source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtdeclarative\lib\Qt5Qml.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: The standard debugger class (pdb.Pdb) is an example. source: staged_out.exe, 00000001.00000002.1799414113.000002F6F5C52000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5C24000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1774238528.000002F6F5C2A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\wmfengine.pdbLL' source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF761408370 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 0_2_00007FF761408370
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E7C6A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://.css
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E7C6A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://.jpg
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://aia.startssl.com/certs/ca.crt0
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://aia.startssl.com/certs/sca.code3.crt06
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://arxiv.org/abs/1805.10941.
Source: staged_out.exe, 00000001.00000002.1800435195.000002F6FE400000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://bugs.python.org/issue23606)
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://caffe.berkeleyvision.org
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://caffe.berkeleyvision.org/)
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://campar.in.tum.de/Chair/HandEyeCalibration).
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.476.5736&rep=rep1&type=pdf
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.131.6394
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.startssl.com/sca-code3.crl0#
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.startssl.com/sfsca.crl0f
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://digitalassets.lib.berkeley.edu/sdtr/ucb/text/34.pdf
Source: staged_out.exe, 00000001.00000003.1773526734.000002F6F5C73000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1781108164.000002F6F5D11000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1774529668.000002F6F5D02000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://docs.python.org/library/unittest.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://dx.doi.org/10.1016/j.cviu.2010.01.011
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://graphics.berkeley.edu/papers/Tao-SAN-2012-05/
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://homepages.inf.ed.ac.uk/rbf/HIPR2/hough.htm
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E7C6A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://html4/loose.dtd
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://kobesearch.cpan.org/htdocs/Math-Cephes/Math/Cephes.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://lear.inrialpes.fr/src/deepmatching/
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://mathworld.wolfram.com/BinomialDistribution.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://mathworld.wolfram.com/CauchyDistribution.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F563E000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://mathworld.wolfram.com/GammaDistribution.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://mathworld.wolfram.com/HypergeometricDistribution.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://mathworld.wolfram.com/LaplaceDistribution.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://mathworld.wolfram.com/LogisticDistribution.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://mathworld.wolfram.com/NegativeBinomialDistribution.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://mathworld.wolfram.com/NoncentralF-Distribution.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://mathworld.wolfram.com/PoissonDistribution.html
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://mathworld.wolfram.com/SincFunction.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0N
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0O
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.startssl.com00
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.startssl.com07
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.thawte.com0
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780639431.000002F6F55FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://pracrand.sourceforge.net/RNG_engines.txt
Source: staged_out.exe, 00000001.00000002.1800406406.000002F6FE3B0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://speleotrove.com/decimal/decarith.html
Source: staged_out.exe, 00000001.00000003.1780360749.000002F6F5E05000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799629414.000002F6F5E05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://tip.tcl.tk/48)
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://torch.ch
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://torch.ch/)
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: staged_out.exe, 00000001.00000002.1800249748.000002F6FE110000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ubuntuforums.org/showthread.php?t=1751455
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://underdestruction.com/2004/02/25/stackblur-2004.
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.ams.org/journals/mcom/1988-51-184/
Source: staged_out.exe, 00000001.00000002.1798386908.000002F6DD460000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.cs.tut.fi/~foi/GCF-BM3D/BM3D_TIP_2007.pdf
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.dai.ed.ac.uk/CVonline/LOCAL_COPIES/MANDUCHI1/Bilateral_Filtering.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.gdal.org)
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.gdal.org/formats_list.html)
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.gdal.org/ogr_formats.html).
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/
Source: staged_out.exe, 00000001.00000002.1798575140.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780639431.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/index.html
Source: staged_out.exe, 00000001.00000002.1798386908.000002F6DD460000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.ifp.illinois.edu/~vuongle2/helen/
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.inf.ufrgs.br/~eslgastal/DomainTransform/).
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.inf.ufrgs.br/~eslgastal/DomainTransform/).COLOR_SPACE_Lab_D75_2MORPH_CROSSCAP_PROP_DC1394
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.inference.org.uk/mackay/itila/
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.ipol.im/pub/algo/bcm_non_local_means_denoising
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.ipol.im/pub/algo/bcm_non_local_means_denoising/
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.ipol.im/pub/art/2011/ys-dct/
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/JUMP/
Source: staged_out.exe, 00000001.00000003.1773526734.000002F6F5C11000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.math.sfu.ca/~cbm/aands/
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.math.sfu.ca/~cbm/aands/page_379.htm
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1774203692.000002F6F5BFB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.math.sfu.ca/~cbm/aands/page_69.htm
Source: staged_out.exe, 00000001.00000003.1774938696.000002F6DB825000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.oasis-open.org/committees/documents.php
Source: staged_out.exe, 00000001.00000003.1774938696.000002F6DB825000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.oasis-open.org/committees/documents.php?wg_abbrev=office-formula
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.openssl.org/V
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.pcg-random.org/
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.pcg-random.org/posts/developing-a-seed_seq-alternative.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780639431.000002F6F55FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.pcg-random.org/posts/random-invertible-mapping-statistics.html
Source: staged_out.exe, 00000001.00000002.1799660023.000002F6F5E40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.python.org/dev/peps/pep-0205/
Source: staged_out.exe, 00000001.00000002.1797982505.000002F6DB610000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.python.org/download/releases/2.3/mro/.
Source: staged_out.exe, 00000001.00000002.1798575140.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780639431.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.scipy.org/not/real/data.txt
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.startssl.com/0P
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.startssl.com/policy0
Source: staged_out.exe, 00000001.00000002.1798575140.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780639431.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.xyz.edu/data
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmp String found in binary or memory: http://www.zlib.net/D
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://arxiv.org/abs/1704.04503
Source: staged_out.exe, 00000001.00000003.1780360749.000002F6F5E05000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799629414.000002F6F5E05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://askubuntu.com/questions/697397/python3-is-not-supporting-gtk-module
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dejavu-fonts.github.io/
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1798723673.000002F6F56EB000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780956819.000002F6F56EA000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://docs.python.org/library/string.html#format-specification-mini-language
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1781194704.000002F6F56E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://docs.scipy.org/doc/numpy/reference/c-api.generalized-ufuncs.html
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1798723673.000002F6F56EB000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780956819.000002F6F56EA000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://docs.scipy.org/doc/numpy/user/basics.io.genfromtxt.html
Source: staged_out.exe, 00000001.00000003.1773526734.000002F6F5C11000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://en.wik
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://engineering.purdue.edu/~malcolm/pct/CTI_Ch03.pdf
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gist.github.com/imneme/540829265469e673d045
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/NVIDIA/caffe.
Source: staged_out.exe, 00000001.00000002.1800406406.000002F6FE3B0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/asweigart/pygetwindow
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/baidut/BIMEF).
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/joblib/threadpoolctl
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/libsdl-org/SDL.git
Source: staged_out.exe, 00000001.00000002.1799792033.000002F6F5F70000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/numpy/numpy/issues/4763
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/opencv/opencv/issues/16736
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/opencv/opencv/issues/16739
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/opencv/opencv/issues/16739cv::MatOp_AddEx::assign
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/opencv/opencv/issues/19634
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/opencv/opencv/issues/19634cv::mjpeg::MjpegEncoder::MjpegEncodercv::mjpeg::MotionJ
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/opencv/opencv/issues/20833
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/opencv/opencv/issues/20833.
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/opencv/opencv/issues/20833DNN/OpenCL:
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/opencv/opencv/issues/21326
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/opencv/opencv/issues/21326cv::initOpenEXRD:
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/opencv/opencv/issues/5412.
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/opencv/opencv/issues/6293
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/opencv/opencv/issues/6293u-
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/opencv/opencv_contrib/blob/master/modules/text/samples/OCRHMM_transitions_table.x
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/opencv/opencv_contrib/blob/master/modules/text/samples/webcam_demo.cpp
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/opencv/opencv_contrib/issues/2235
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/opencv/opencv_contrib/issues/2235cv::text::extract_features(
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/openvinotoolkit/open_model_zoo/blob/master/models/public/yolo-v2-tiny-tf/yolo-v2-
Source: staged_out.exe, 00000001.00000002.1800221388.000002F6F60D0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/python-pillow/Pillow/
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F55C2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/python/cpython/blob/3.7/Objects/listsort.txt
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/torch/nn/blob/master/doc/module.md
Source: staged_out.exe, 00000001.00000003.1778498282.000002F6DAF56000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ipython.org
Source: staged_out.exe, 00000001.00000003.1774938696.000002F6DB825000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://numpy.org/devdocs/user/troubleshooting-importerror.html
Source: staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1798575140.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780639431.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1774938696.000002F6DB825000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://numpy.org/neps/nep-0032-remove-financial-functions.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://onnx.ai/
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://onnx.ai/)
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F55C2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://people.eecs.berkeley.edu/~wkahan/Mindless.pdf
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F55C2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://people.eecs.berkeley.edu/~wkahan/ieee754status/IEEE754.PDF
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pjreddie.com/darknet/
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pjreddie.com/darknet/)
Source: staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1798575140.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780639431.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1774938696.000002F6DB825000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pypi.org/project/numpy-financial.
Source: staged_out.exe, 00000001.00000002.1799660023.000002F6F5E40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://pypi.org/project/numpy-financial/).
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://scipy-cookbook.readthedocs.io/items/Ctypes.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://software.intel.com/openvino-toolkit)
Source: staged_out.exe, 00000001.00000002.1800249748.000002F6FE110000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://stackoverflow.com/questions/7648200/pip-install-pil-e-tickets-1-no-jpeg-png-support
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://stat.ethz.ch/~stahel/lognormal/bioscience.pdf
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://web.archive.org/web/20090423014010/http://www.brighton-webs.co.uk:80/distributions/wald.asp
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://web.archive.org/web/20090514091424/http://brighton-webs.co.uk:80/distributions/rayleigh.asp
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cs.hmc.edu/tr/hmc-cs-2014-0905.pdf
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.digicert.com/CPS0
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.itl.nist.gov/div898/handbook/eda/section3/eda3663.htm
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.itl.nist.gov/div898/handbook/eda/section3/eda3666.htm
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.itl.nist.gov/div898/software/dataplot/refman2/auxillar/powpdf.pdf
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.learnopencv.com/convex-hull-using-opencv-in-python-and-c/
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.learnopencv.com/convex-hull-using-opencv-in-python-and-c/cornersQualityOOOO
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F55FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.math.hmc.edu/~benjamin/papers/CombTrig.pdf
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mathworks.com/help/techdoc/ref/rank.html
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1798723673.000002F6F56EB000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780956819.000002F6F56EA000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.numpy.org/neps/nep-0001-npy-format.html
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.openblas.net/
Source: staged_out.exe, 00000001.00000002.1798235904.000002F6DB8D0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.pygame.org/contribute.html
Source: staged_out.exe, 00000001.00000002.1798235904.000002F6DB8D0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.pygame.org/docs/ref/color_list.html
Source: staged_out.exe, 00000001.00000003.1778498282.000002F6DAF56000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.scipy.org
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.tensorflow.org/
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.tensorflow.org/)
Installs a raw input device (often for capturing keystrokes)
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: GetRawInputData memstr_74d3f122-c
Detected potential crypto function
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7613FAC90 0_2_00007FF7613FAC90
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF76140F668 0_2_00007FF76140F668
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF761403E70 0_2_00007FF761403E70
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7613F7E70 0_2_00007FF7613F7E70
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7613F7A30 0_2_00007FF7613F7A30
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF761400E28 0_2_00007FF761400E28
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7613F2250 0_2_00007FF7613F2250
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7613F4250 0_2_00007FF7613F4250
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7613F3F00 0_2_00007FF7613F3F00
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7614002C0 0_2_00007FF7614002C0
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7614006C8 0_2_00007FF7614006C8
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7613F2D70 0_2_00007FF7613F2D70
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7613F8D80 0_2_00007FF7613F8D80
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF761407190 0_2_00007FF761407190
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7613F15A0 0_2_00007FF7613F15A0
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7614011C0 0_2_00007FF7614011C0
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7613F2080 0_2_00007FF7613F2080
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF761401C88 0_2_00007FF761401C88
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7613F9430 0_2_00007FF7613F9430
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF761401850 0_2_00007FF761401850
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF761406CFC 0_2_00007FF761406CFC
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7614004C4 0_2_00007FF7614004C4
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7613F2B60 0_2_00007FF7613F2B60
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF76140BB70 0_2_00007FF76140BB70
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF761408370 0_2_00007FF761408370
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7613F63F0 0_2_00007FF7613F63F0
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF76140C00C 0_2_00007FF76140C00C
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF761407810 0_2_00007FF761407810
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_62E8A2BB 1_2_62E8A2BB
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_62E8B3B0 1_2_62E8B3B0
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_62E81C90 1_2_62E81C90
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_62E83C40 1_2_62E83C40
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_62E82960 1_2_62E82960
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_62E82110 1_2_62E82110
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_62E83510 1_2_62E83510
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_67883FA0 1_2_67883FA0
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_678837D0 1_2_678837D0
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_67884BD0 1_2_67884BD0
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_67883BE0 1_2_67883BE0
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_67882300 1_2_67882300
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_67883320 1_2_67883320
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_67882E80 1_2_67882E80
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_67882A90 1_2_67882A90
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_67892EA0 1_2_67892EA0
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_67886EB0 1_2_67886EB0
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_6788DAE0 1_2_6788DAE0
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_67891AE0 1_2_67891AE0
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_67894200 1_2_67894200
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_6788C660 1_2_6788C660
Found potential string decryption / allocating functions
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: String function: 67895EA0 appears 37 times
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: String function: 67895E38 appears 77 times
PE file contains more sections than normal
Source: zlib1.dll.0.dr Static PE information: Number of sections : 12 > 10
Source: libfreetype-6.dll.0.dr Static PE information: Number of sections : 12 > 10
Source: libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.0.dr Static PE information: Number of sections : 19 > 10
Source: libpng16-16.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: sdl2_image.dll.0.dr Static PE information: Number of sections : 12 > 10
Source: sdl2_ttf.dll.0.dr Static PE information: Number of sections : 12 > 10
Source: libjpeg-9.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: sdl2_mixer.dll.0.dr Static PE information: Number of sections : 12 > 10
Source: cv2.pyd.0.dr Static PE information: Number of sections : 11 > 10
Source: sdl2.dll.0.dr Static PE information: Number of sections : 12 > 10
PE file does not import any functions
Source: python3.dll.0.dr Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: apt66ext.log.exe Binary or memory string: OriginalFilename vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameqjpeg.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameqsvg.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameqtga.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameqtiff.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameqwbmp.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameqwebp.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedsengine.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameqtmedia_audioengine.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamewmfengine.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameqminimal.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameqoffscreen.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameqwebgl.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameqwindows.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameqxdgdesktopportal.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamewindowsprintersupport.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameqwindowsvistastyle.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameQt5Widgets.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSDL2.dllR vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSDL_image.dllR vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSDL_mixer.dllR vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSDL_ttf.dllR vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameselect.pyd. vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamessleay32.dllH vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenametcl86.dllP vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenametk86.dllP vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameQt5Qml.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameQt5QmlModels.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameQt5Quick.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameQt5Svg.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameQt5WebSockets.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameqsvgicon.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameqgif.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameqicns.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameqico.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameunicodedata.pyd. vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamevcruntime140.dll^ vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamezlib1.dll* vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000000.1679952051.00007FF76142F000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamestaged_out.exe6 vs apt66ext.log.exe
Source: qt5core.dll.0.dr Static PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
Source: classification engine Classification label: mal52.winEXE@3/124@0/0
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7613FAC90 GetModuleFileNameW,GetLastError,FormatMessageA,SetConsoleCtrlHandler,GetLastError,FormatMessageA,CreateDirectoryW,CreateFileW,GetShortPathNameW,GetShortPathNameW,SetFilePointer,SetFilePointer,ReadFile,SetFilePointer,ReadFile,CreateDirectoryW,CreateFileW,WriteFile,FindCloseChangeNotification,MapAndLoad,UnMapAndLoad,CloseHandle,GetCurrentProcessId,SetEnvironmentVariableA,GetCommandLineW,CreateProcessW,CloseHandle,WaitForSingleObject,GetExitCodeProcess,CloseHandle, 0_2_00007FF7613FAC90
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294 Jump to behavior
Source: apt66ext.log.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\apt66ext.log.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: apt66ext.log.exe Virustotal: Detection: 15%
Source: apt66ext.log.exe ReversingLabs: Detection: 18%
Source: C:\Users\user\Desktop\apt66ext.log.exe File read: C:\Users\user\Desktop\apt66ext.log.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\apt66ext.log.exe "C:\Users\user\Desktop\apt66ext.log.exe"
Source: C:\Users\user\Desktop\apt66ext.log.exe Process created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe "C:\Users\user\Desktop\apt66ext.log.exe"
Source: C:\Users\user\Desktop\apt66ext.log.exe Process created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe "C:\Users\user\Desktop\apt66ext.log.exe" Jump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: python37.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: sdl2.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: sdl2_image.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: libpng16-16.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: libjpeg-9.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: zlib1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: sdl2_ttf.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: libfreetype-6.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: sdl2_mixer.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: libopenblas.wcdjnk7yvmpzq2me2zzhjjrj3jikndb7.gfortran-win_amd64.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: libcrypto-1_1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: tcl86t.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: tk86t.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: mfplat.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: mf.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: mfreadwrite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: mfcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: ksuser.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: rtworkq.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: apt66ext.log.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: apt66ext.log.exe Static file information: File size 55675088 > 1048576
Source: apt66ext.log.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: apt66ext.log.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: apt66ext.log.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: apt66ext.log.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: apt66ext.log.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: apt66ext.log.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: apt66ext.log.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: apt66ext.log.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\qtmedia_audioengine.pdb++ source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtwebglplugin\plugins\platforms\qwebgl.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qoffscreen.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\dsengine.pdbdd" source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\dsengine.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\18\s\PCbuild\amd64\unicodedata.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtwebsockets\lib\Qt5WebSockets.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\qtmedia_audioengine.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtdeclarative\lib\Qt5QmlModels.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: placed in the .pdbrc file): source: staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: If a file ".pdbrc" exists in your home directory or in the current source: staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1773526734.000002F6F5C73000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1781108164.000002F6F5D11000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1774529668.000002F6F5D02000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb%% source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtdeclarative\lib\Qt5Quick.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtdeclarative\lib\Qt5QmlModels.pdb11 source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: vcruntime140.amd64.pdbGCTL source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdbRR source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb** source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: vcruntime140.amd64.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbBB source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platformthemes\qxdgdesktopportal.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\bob\openssl-1.0.2s\out32dll\ssleay32.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\printsupport\windowsprintersupport.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qminimal.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\wmfengine.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: -c are executed after commands from .pdbrc files. source: staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qoffscreen.pdbKK source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtwebsockets\lib\Qt5WebSockets.pdb00 source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Initial commands are read from .pdbrc files in your home directory source: staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\18\s\PCbuild\amd64\select.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\bob\openssl-1.0.2s\out32dll\ssleay32.pdbFF source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtwebglplugin\plugins\platforms\qwebgl.pdb11 source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\opencv-python\opencv-python\_skbuild\win-amd64-3.7\cmake-build\lib\python3\Release\cv2.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E559E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qminimal.pdbPP source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtdeclarative\lib\Qt5Qml.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: The standard debugger class (pdb.Pdb) is an example. source: staged_out.exe, 00000001.00000002.1799414113.000002F6F5C52000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5C24000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1774238528.000002F6F5C2A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\wmfengine.pdbLL' source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: apt66ext.log.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: apt66ext.log.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: apt66ext.log.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: apt66ext.log.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: apt66ext.log.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
PE file contains sections with non-standard names
Source: apt66ext.log.exe Static PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.dr Static PE information: section name: .00cfg
Source: libfreetype-6.dll.0.dr Static PE information: section name: .xdata
Source: libjpeg-9.dll.0.dr Static PE information: section name: .xdata
Source: staged_out.exe.0.dr Static PE information: section name: _RDATA
Source: libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.0.dr Static PE information: section name: .xdata
Source: libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.0.dr Static PE information: section name: /4
Source: libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.0.dr Static PE information: section name: /19
Source: libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.0.dr Static PE information: section name: /31
Source: libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.0.dr Static PE information: section name: /45
Source: libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.0.dr Static PE information: section name: /57
Source: libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.0.dr Static PE information: section name: /70
Source: libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.0.dr Static PE information: section name: /81
Source: libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.0.dr Static PE information: section name: /92
Source: libpng16-16.dll.0.dr Static PE information: section name: .xdata
Source: libssl-1_1.dll.0.dr Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr Static PE information: section name: .didat
Source: qt5core.dll.0.dr Static PE information: section name: .qtmimed
Source: sdl2.dll.0.dr Static PE information: section name: .xdata
Source: sdl2_image.dll.0.dr Static PE information: section name: .xdata
Source: sdl2_mixer.dll.0.dr Static PE information: section name: .xdata
Source: sdl2_ttf.dll.0.dr Static PE information: section name: .xdata
Source: vcruntime140.dll.0.dr Static PE information: section name: _RDATA
Source: zlib1.dll.0.dr Static PE information: section name: .xdata
Source: qsvgicon.dll.0.dr Static PE information: section name: .qtmetad
Source: qgif.dll.0.dr Static PE information: section name: .qtmetad
Source: qicns.dll.0.dr Static PE information: section name: .qtmetad
Source: qico.dll.0.dr Static PE information: section name: .qtmetad
Source: qjpeg.dll.0.dr Static PE information: section name: .qtmetad
Source: qsvg.dll.0.dr Static PE information: section name: .qtmetad
Source: qtga.dll.0.dr Static PE information: section name: .qtmetad
Source: qtiff.dll.0.dr Static PE information: section name: .qtmetad
Source: qwbmp.dll.0.dr Static PE information: section name: .qtmetad
Source: qwebp.dll.0.dr Static PE information: section name: .qtmetad
Source: dsengine.dll.0.dr Static PE information: section name: .qtmetad
Source: qtmedia_audioengine.dll.0.dr Static PE information: section name: .qtmetad
Source: wmfengine.dll.0.dr Static PE information: section name: .qtmetad
Source: qminimal.dll.0.dr Static PE information: section name: .qtmetad
Source: qoffscreen.dll.0.dr Static PE information: section name: .qtmetad
Source: qwebgl.dll.0.dr Static PE information: section name: .qtmetad
Source: qwindows.dll.0.dr Static PE information: section name: .qtmetad
Source: qxdgdesktopportal.dll.0.dr Static PE information: section name: .qtmetad
Source: windowsprintersupport.dll.0.dr Static PE information: section name: .qtmetad
Source: qwindowsvistastyle.dll.0.dr Static PE information: section name: .qtmetad
Source: math.pyd.0.dr Static PE information: section name: _RDATA
Source: cv2.pyd.0.dr Static PE information: section name: IPPCODE
Source: cv2.pyd.0.dr Static PE information: section name: IPPDATA
Source: cv2.pyd.0.dr Static PE information: section name: _RDATA
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_62E9642E push rbx; ret 1_2_62E9642F
Drops PE files
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\mixer.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qsvg.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\printsupport\windowsprintersupport.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\concrt140.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5core.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_lzma.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\rect.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\rwobject.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qtga.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qwindows.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\surflock.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\QtWidgets.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imagingcms.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\joystick.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5websockets.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\sdl2_ttf.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libcrypto-1_1.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libfreetype-6.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5network.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_ctypes.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\image.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_decimal.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libeay32.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\time.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\mouse.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\mediaservice\dsengine.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\scrap.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\surface.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\fft\_pocketfft_internal.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\bufferproxy.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_mt19937.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libjpeg-9.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\transform.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libssl-1_1.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\display.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\font.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\iconengines\qsvgicon.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qico.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\linalg\lapack_lite.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\msvcp140.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_overlapped.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\sdl2.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qtiff.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qicns.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_sfc64.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_tkinter.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5dbus.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\_freetype.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platformthemes\qxdgdesktopportal.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\base.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5qml.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_webp.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qjpeg.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qwebp.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_elementtree.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\select.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\mediaservice\wmfengine.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libpng16-16.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5multimedia.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_generator.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\sip.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\mediaservice\qtmedia_audioengine.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\core\_multiarray_tests.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imagingft.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\mtrand.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_asyncio.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\pixelarray.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\color.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\ssleay32.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\styles\qwindowsvistastyle.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\QtGui.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\bit_generator.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\mixer_music.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\vcruntime140_1.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_common.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\constants.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_pcg64.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_philox.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\sdl2_image.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\pixelcopy.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\zlib1.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5quick.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5printsupport.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_socket.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\event.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_bz2.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qwbmp.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qoffscreen.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\cv2\cv2.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qminimal.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\key.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qgif.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\imageext.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pyexpat.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\mask.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_multiprocessing.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\python37.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5qmlmodels.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\sdl2_mixer.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imagingtk.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\linalg\_umath_linalg.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\draw.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\tcl86t.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\math.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\tk86t.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\msvcp140_1.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imaging.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\QtCore.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_queue.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\core\_multiarray_umath.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qwebgl.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_cffi_backend.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_ssl.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5widgets.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5gui.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5svg.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_bounded_integers.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\python3.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qsvg.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\mixer.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\printsupport\windowsprintersupport.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\concrt140.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5core.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_lzma.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\rect.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\rwobject.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qtga.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qwindows.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\surflock.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\QtWidgets.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imagingcms.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\joystick.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5websockets.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5network.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_ctypes.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\image.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_decimal.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libeay32.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\time.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\mouse.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\mediaservice\dsengine.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\scrap.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\surface.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\fft\_pocketfft_internal.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\bufferproxy.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_mt19937.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\transform.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libssl-1_1.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\display.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\font.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\iconengines\qsvgicon.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qico.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\linalg\lapack_lite.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\msvcp140.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_overlapped.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qtiff.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qicns.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_sfc64.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_tkinter.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5dbus.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\_freetype.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platformthemes\qxdgdesktopportal.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\base.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_webp.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5qml.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qjpeg.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qwebp.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_elementtree.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\select.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\mediaservice\wmfengine.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5multimedia.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_generator.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\sip.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\mediaservice\qtmedia_audioengine.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\core\_multiarray_tests.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imagingft.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\mtrand.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_asyncio.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\pixelarray.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\color.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\styles\qwindowsvistastyle.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\ssleay32.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\QtGui.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\bit_generator.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\mixer_music.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\vcruntime140_1.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_common.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\constants.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_pcg64.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_philox.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\pixelcopy.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5quick.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5printsupport.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\event.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_socket.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qwbmp.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_bz2.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qoffscreen.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\cv2\cv2.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qminimal.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\key.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qgif.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\imageext.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pyexpat.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\mask.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_multiprocessing.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\linalg\_umath_linalg.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imagingtk.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5qmlmodels.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\draw.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\math.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\msvcp140_1.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imaging.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\QtCore.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_queue.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\core\_multiarray_umath.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qwebgl.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_cffi_backend.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_ssl.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5widgets.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5gui.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5svg.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_bounded_integers.pyd Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\python3.dll Jump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF761408370 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 0_2_00007FF761408370
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7613FBD58 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7613FBD58
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF76140A11C GetProcessHeap, 0_2_00007FF76140A11C
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7613FBD58 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7613FBD58
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7613FB600 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00007FF7613FB600
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7614048F0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7614048F0
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7613FBF3C SetUnhandledExceptionFilter, 0_2_00007FF7613FBF3C
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Code function: 1_2_62E925B6 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort, 1_2_62E925B6
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7613F51C0 cpuid 0_2_00007FF7613F51C0
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Queries volume information: C:\Users\user\Desktop VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Queries volume information: C:\Users\user\Desktop VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Queries volume information: C:\Users\user\Desktop VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Queries volume information: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Queries volume information: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Queries volume information: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Queries volume information: C:\Users\user\Desktop VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Queries volume information: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Queries volume information: C:\Users\user\Desktop VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Queries volume information: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Queries volume information: C:\Users\user\Desktop VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Queries volume information: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Queries volume information: C:\Users\user\Desktop VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Queries volume information: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Queries volume information: C:\Users\user\Desktop VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Queries volume information: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exe Code function: 0_2_00007FF7613FA440 GetSystemTimeAsFileTime, 0_2_00007FF7613FA440
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1467955 Sample: apt66ext.log.exe Startdate: 05/07/2024 Architecture: WINDOWS Score: 52 19 Multi AV Scanner detection for submitted file 2->19 21 AI detected suspicious sample 2->21 6 apt66ext.log.exe 153 2->6         started        process3 file4 11 C:\Users\user\AppData\Local\...\zlib1.dll, PE32+ 6->11 dropped 13 C:\Users\user\AppData\...\vcruntime140_1.dll, PE32+ 6->13 dropped 15 C:\Users\user\AppData\...\vcruntime140.dll, PE32+ 6->15 dropped 17 120 other files (none is malicious) 6->17 dropped 9 staged_out.exe 6->9         started        process5
No contacted IP infos