Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
apt66ext.log.exe

Overview

General Information

Sample name:apt66ext.log.exe
Analysis ID:1467955
MD5:494a19dc7e5eaa0e516ece245d2661de
SHA1:37e1a6a7b9c2f85d563bfa44aabcabc26fd00fb5
SHA256:7ff47dce0ad262f4c0818170213a2a5c97b098258f5b2e85b3df5a48eed05183
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • apt66ext.log.exe (PID: 7328 cmdline: "C:\Users\user\Desktop\apt66ext.log.exe" MD5: 494A19DC7E5EAA0E516ECE245D2661DE)
    • staged_out.exe (PID: 7408 cmdline: "C:\Users\user\Desktop\apt66ext.log.exe" MD5: D735279B3606F59AAD13FAB2AA9E9CD5)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: apt66ext.log.exeVirustotal: Detection: 15%Perma Link
Source: apt66ext.log.exeReversingLabs: Detection: 18%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.2% probability
Source: apt66ext.log.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\qtmedia_audioengine.pdb++ source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtwebglplugin\plugins\platforms\qwebgl.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qoffscreen.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\dsengine.pdbdd" source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\dsengine.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\18\s\PCbuild\amd64\unicodedata.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtwebsockets\lib\Qt5WebSockets.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\qtmedia_audioengine.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtdeclarative\lib\Qt5QmlModels.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: placed in the .pdbrc file): source: staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: If a file ".pdbrc" exists in your home directory or in the current source: staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1773526734.000002F6F5C73000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1781108164.000002F6F5D11000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1774529668.000002F6F5D02000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb%% source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtdeclarative\lib\Qt5Quick.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtdeclarative\lib\Qt5QmlModels.pdb11 source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: vcruntime140.amd64.pdbGCTL source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdbRR source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb** source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: vcruntime140.amd64.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbBB source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platformthemes\qxdgdesktopportal.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\bob\openssl-1.0.2s\out32dll\ssleay32.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\printsupport\windowsprintersupport.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qminimal.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\wmfengine.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: -c are executed after commands from .pdbrc files. source: staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qoffscreen.pdbKK source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtwebsockets\lib\Qt5WebSockets.pdb00 source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Initial commands are read from .pdbrc files in your home directory source: staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\18\s\PCbuild\amd64\select.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\bob\openssl-1.0.2s\out32dll\ssleay32.pdbFF source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtwebglplugin\plugins\platforms\qwebgl.pdb11 source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\opencv-python\opencv-python\_skbuild\win-amd64-3.7\cmake-build\lib\python3\Release\cv2.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E559E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qminimal.pdbPP source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtdeclarative\lib\Qt5Qml.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: The standard debugger class (pdb.Pdb) is an example. source: staged_out.exe, 00000001.00000002.1799414113.000002F6F5C52000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5C24000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1774238528.000002F6F5C2A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\wmfengine.pdbLL' source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF761408370 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF761408370
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E7C6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.css
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E7C6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.jpg
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aia.startssl.com/certs/ca.crt0
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aia.startssl.com/certs/sca.code3.crt06
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://arxiv.org/abs/1805.10941.
Source: staged_out.exe, 00000001.00000002.1800435195.000002F6FE400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue23606)
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://caffe.berkeleyvision.org
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://caffe.berkeleyvision.org/)
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://campar.in.tum.de/Chair/HandEyeCalibration).
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.476.5736&rep=rep1&type=pdf
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.131.6394
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.startssl.com/sca-code3.crl0#
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.startssl.com/sfsca.crl0f
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://digitalassets.lib.berkeley.edu/sdtr/ucb/text/34.pdf
Source: staged_out.exe, 00000001.00000003.1773526734.000002F6F5C73000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1781108164.000002F6F5D11000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1774529668.000002F6F5D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/unittest.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dx.doi.org/10.1016/j.cviu.2010.01.011
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://graphics.berkeley.edu/papers/Tao-SAN-2012-05/
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://homepages.inf.ed.ac.uk/rbf/HIPR2/hough.htm
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E7C6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kobesearch.cpan.org/htdocs/Math-Cephes/Math/Cephes.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lear.inrialpes.fr/src/deepmatching/
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/BinomialDistribution.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/CauchyDistribution.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F563E000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/GammaDistribution.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/HypergeometricDistribution.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/LaplaceDistribution.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/LogisticDistribution.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/NegativeBinomialDistribution.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/NoncentralF-Distribution.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/PoissonDistribution.html
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/SincFunction.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.startssl.com00
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.startssl.com07
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780639431.000002F6F55FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pracrand.sourceforge.net/RNG_engines.txt
Source: staged_out.exe, 00000001.00000002.1800406406.000002F6FE3B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://speleotrove.com/decimal/decarith.html
Source: staged_out.exe, 00000001.00000003.1780360749.000002F6F5E05000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799629414.000002F6F5E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tip.tcl.tk/48)
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://torch.ch
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://torch.ch/)
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: staged_out.exe, 00000001.00000002.1800249748.000002F6FE110000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ubuntuforums.org/showthread.php?t=1751455
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://underdestruction.com/2004/02/25/stackblur-2004.
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ams.org/journals/mcom/1988-51-184/
Source: staged_out.exe, 00000001.00000002.1798386908.000002F6DD460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.tut.fi/~foi/GCF-BM3D/BM3D_TIP_2007.pdf
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dai.ed.ac.uk/CVonline/LOCAL_COPIES/MANDUCHI1/Bilateral_Filtering.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gdal.org)
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gdal.org/formats_list.html)
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gdal.org/ogr_formats.html).
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F560D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/
Source: staged_out.exe, 00000001.00000002.1798575140.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780639431.000002F6F560D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/index.html
Source: staged_out.exe, 00000001.00000002.1798386908.000002F6DD460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ifp.illinois.edu/~vuongle2/helen/
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inf.ufrgs.br/~eslgastal/DomainTransform/).
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inf.ufrgs.br/~eslgastal/DomainTransform/).COLOR_SPACE_Lab_D75_2MORPH_CROSSCAP_PROP_DC1394
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inference.org.uk/mackay/itila/
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ipol.im/pub/algo/bcm_non_local_means_denoising
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ipol.im/pub/algo/bcm_non_local_means_denoising/
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ipol.im/pub/art/2011/ys-dct/
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/JUMP/
Source: staged_out.exe, 00000001.00000003.1773526734.000002F6F5C11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.math.sfu.ca/~cbm/aands/
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.math.sfu.ca/~cbm/aands/page_379.htm
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1774203692.000002F6F5BFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.math.sfu.ca/~cbm/aands/page_69.htm
Source: staged_out.exe, 00000001.00000003.1774938696.000002F6DB825000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oasis-open.org/committees/documents.php
Source: staged_out.exe, 00000001.00000003.1774938696.000002F6DB825000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oasis-open.org/committees/documents.php?wg_abbrev=office-formula
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/V
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pcg-random.org/
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pcg-random.org/posts/developing-a-seed_seq-alternative.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780639431.000002F6F55FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pcg-random.org/posts/random-invertible-mapping-statistics.html
Source: staged_out.exe, 00000001.00000002.1799660023.000002F6F5E40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/dev/peps/pep-0205/
Source: staged_out.exe, 00000001.00000002.1797982505.000002F6DB610000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/download/releases/2.3/mro/.
Source: staged_out.exe, 00000001.00000002.1798575140.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780639431.000002F6F560D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.scipy.org/not/real/data.txt
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.startssl.com/0P
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.startssl.com/policy0
Source: staged_out.exe, 00000001.00000002.1798575140.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780639431.000002F6F560D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xyz.edu/data
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpString found in binary or memory: http://www.zlib.net/D
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arxiv.org/abs/1704.04503
Source: staged_out.exe, 00000001.00000003.1780360749.000002F6F5E05000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799629414.000002F6F5E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://askubuntu.com/questions/697397/python3-is-not-supporting-gtk-module
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dejavu-fonts.github.io/
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1798723673.000002F6F56EB000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780956819.000002F6F56EA000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/library/string.html#format-specification-mini-language
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1781194704.000002F6F56E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.scipy.org/doc/numpy/reference/c-api.generalized-ufuncs.html
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1798723673.000002F6F56EB000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780956819.000002F6F56EA000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.scipy.org/doc/numpy/user/basics.io.genfromtxt.html
Source: staged_out.exe, 00000001.00000003.1773526734.000002F6F5C11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://en.wik
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://engineering.purdue.edu/~malcolm/pct/CTI_Ch03.pdf
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/imneme/540829265469e673d045
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/NVIDIA/caffe.
Source: staged_out.exe, 00000001.00000002.1800406406.000002F6FE3B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/asweigart/pygetwindow
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/baidut/BIMEF).
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/joblib/threadpoolctl
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/libsdl-org/SDL.git
Source: staged_out.exe, 00000001.00000002.1799792033.000002F6F5F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/numpy/numpy/issues/4763
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/16736
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/16739
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/16739cv::MatOp_AddEx::assign
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/19634
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/19634cv::mjpeg::MjpegEncoder::MjpegEncodercv::mjpeg::MotionJ
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/20833
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/20833.
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/20833DNN/OpenCL:
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/21326
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/21326cv::initOpenEXRD:
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/5412.
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/6293
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/6293u-
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/opencv/opencv_contrib/blob/master/modules/text/samples/OCRHMM_transitions_table.x
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/opencv/opencv_contrib/blob/master/modules/text/samples/webcam_demo.cpp
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/opencv/opencv_contrib/issues/2235
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/opencv/opencv_contrib/issues/2235cv::text::extract_features(
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/openvinotoolkit/open_model_zoo/blob/master/models/public/yolo-v2-tiny-tf/yolo-v2-
Source: staged_out.exe, 00000001.00000002.1800221388.000002F6F60D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-pillow/Pillow/
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F55C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.7/Objects/listsort.txt
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/torch/nn/blob/master/doc/module.md
Source: staged_out.exe, 00000001.00000003.1778498282.000002F6DAF56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipython.org
Source: staged_out.exe, 00000001.00000003.1774938696.000002F6DB825000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://numpy.org/devdocs/user/troubleshooting-importerror.html
Source: staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1798575140.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780639431.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1774938696.000002F6DB825000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://numpy.org/neps/nep-0032-remove-financial-functions.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://onnx.ai/
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://onnx.ai/)
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F55C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://people.eecs.berkeley.edu/~wkahan/Mindless.pdf
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F55C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://people.eecs.berkeley.edu/~wkahan/ieee754status/IEEE754.PDF
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pjreddie.com/darknet/
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pjreddie.com/darknet/)
Source: staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1798575140.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780639431.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1774938696.000002F6DB825000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/numpy-financial.
Source: staged_out.exe, 00000001.00000002.1799660023.000002F6F5E40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/numpy-financial/).
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scipy-cookbook.readthedocs.io/items/Ctypes.html
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://software.intel.com/openvino-toolkit)
Source: staged_out.exe, 00000001.00000002.1800249748.000002F6FE110000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/7648200/pip-install-pil-e-tickets-1-no-jpeg-png-support
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stat.ethz.ch/~stahel/lognormal/bioscience.pdf
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20090423014010/http://www.brighton-webs.co.uk:80/distributions/wald.asp
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20090514091424/http://brighton-webs.co.uk:80/distributions/rayleigh.asp
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cs.hmc.edu/tr/hmc-cs-2014-0905.pdf
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp, apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.itl.nist.gov/div898/handbook/eda/section3/eda3663.htm
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.itl.nist.gov/div898/handbook/eda/section3/eda3666.htm
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.itl.nist.gov/div898/software/dataplot/refman2/auxillar/powpdf.pdf
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.learnopencv.com/convex-hull-using-opencv-in-python-and-c/
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.learnopencv.com/convex-hull-using-opencv-in-python-and-c/cornersQualityOOOO
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F55FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.math.hmc.edu/~benjamin/papers/CombTrig.pdf
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mathworks.com/help/techdoc/ref/rank.html
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1798723673.000002F6F56EB000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780956819.000002F6F56EA000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.numpy.org/neps/nep-0001-npy-format.html
Source: staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.openblas.net/
Source: staged_out.exe, 00000001.00000002.1798235904.000002F6DB8D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.pygame.org/contribute.html
Source: staged_out.exe, 00000001.00000002.1798235904.000002F6DB8D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.pygame.org/docs/ref/color_list.html
Source: staged_out.exe, 00000001.00000003.1778498282.000002F6DAF56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.scipy.org
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.tensorflow.org/
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.tensorflow.org/)
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_74d3f122-c
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7613FAC900_2_00007FF7613FAC90
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF76140F6680_2_00007FF76140F668
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF761403E700_2_00007FF761403E70
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7613F7E700_2_00007FF7613F7E70
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7613F7A300_2_00007FF7613F7A30
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF761400E280_2_00007FF761400E28
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7613F22500_2_00007FF7613F2250
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7613F42500_2_00007FF7613F4250
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7613F3F000_2_00007FF7613F3F00
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7614002C00_2_00007FF7614002C0
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7614006C80_2_00007FF7614006C8
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7613F2D700_2_00007FF7613F2D70
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7613F8D800_2_00007FF7613F8D80
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7614071900_2_00007FF761407190
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7613F15A00_2_00007FF7613F15A0
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7614011C00_2_00007FF7614011C0
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7613F20800_2_00007FF7613F2080
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF761401C880_2_00007FF761401C88
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7613F94300_2_00007FF7613F9430
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7614018500_2_00007FF761401850
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF761406CFC0_2_00007FF761406CFC
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7614004C40_2_00007FF7614004C4
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7613F2B600_2_00007FF7613F2B60
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF76140BB700_2_00007FF76140BB70
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7614083700_2_00007FF761408370
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7613F63F00_2_00007FF7613F63F0
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF76140C00C0_2_00007FF76140C00C
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7614078100_2_00007FF761407810
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_62E8A2BB1_2_62E8A2BB
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_62E8B3B01_2_62E8B3B0
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_62E81C901_2_62E81C90
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_62E83C401_2_62E83C40
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_62E829601_2_62E82960
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_62E821101_2_62E82110
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_62E835101_2_62E83510
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_67883FA01_2_67883FA0
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_678837D01_2_678837D0
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_67884BD01_2_67884BD0
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_67883BE01_2_67883BE0
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_678823001_2_67882300
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_678833201_2_67883320
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_67882E801_2_67882E80
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_67882A901_2_67882A90
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_67892EA01_2_67892EA0
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_67886EB01_2_67886EB0
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_6788DAE01_2_6788DAE0
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_67891AE01_2_67891AE0
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_678942001_2_67894200
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_6788C6601_2_6788C660
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: String function: 67895EA0 appears 37 times
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: String function: 67895E38 appears 77 times
Source: zlib1.dll.0.drStatic PE information: Number of sections : 12 > 10
Source: libfreetype-6.dll.0.drStatic PE information: Number of sections : 12 > 10
Source: libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.0.drStatic PE information: Number of sections : 19 > 10
Source: libpng16-16.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: sdl2_image.dll.0.drStatic PE information: Number of sections : 12 > 10
Source: sdl2_ttf.dll.0.drStatic PE information: Number of sections : 12 > 10
Source: libjpeg-9.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: sdl2_mixer.dll.0.drStatic PE information: Number of sections : 12 > 10
Source: cv2.pyd.0.drStatic PE information: Number of sections : 11 > 10
Source: sdl2.dll.0.drStatic PE information: Number of sections : 12 > 10
Source: python3.dll.0.drStatic PE information: No import functions for PE file found
Source: apt66ext.log.exeBinary or memory string: OriginalFilename vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqjpeg.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqsvg.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqtga.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqtiff.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqwbmp.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqwebp.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedsengine.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqtmedia_audioengine.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewmfengine.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqminimal.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqoffscreen.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqwebgl.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqwindows.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqxdgdesktopportal.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewindowsprintersupport.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqwindowsvistastyle.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5Widgets.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSDL2.dllR vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSDL_image.dllR vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSDL_mixer.dllR vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSDL_ttf.dllR vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamessleay32.dllH vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenametcl86.dllP vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenametk86.dllP vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5Qml.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5QmlModels.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5Quick.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5Svg.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5WebSockets.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqsvgicon.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqgif.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqicns.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqico.dll( vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamezlib1.dll* vs apt66ext.log.exe
Source: apt66ext.log.exe, 00000000.00000000.1679952051.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamestaged_out.exe6 vs apt66ext.log.exe
Source: qt5core.dll.0.drStatic PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
Source: classification engineClassification label: mal52.winEXE@3/124@0/0
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7613FAC90 GetModuleFileNameW,GetLastError,FormatMessageA,SetConsoleCtrlHandler,GetLastError,FormatMessageA,CreateDirectoryW,CreateFileW,GetShortPathNameW,GetShortPathNameW,SetFilePointer,SetFilePointer,ReadFile,SetFilePointer,ReadFile,CreateDirectoryW,CreateFileW,WriteFile,FindCloseChangeNotification,MapAndLoad,UnMapAndLoad,CloseHandle,GetCurrentProcessId,SetEnvironmentVariableA,GetCommandLineW,CreateProcessW,CloseHandle,WaitForSingleObject,GetExitCodeProcess,CloseHandle,0_2_00007FF7613FAC90
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294Jump to behavior
Source: apt66ext.log.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\apt66ext.log.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: apt66ext.log.exeVirustotal: Detection: 15%
Source: apt66ext.log.exeReversingLabs: Detection: 18%
Source: C:\Users\user\Desktop\apt66ext.log.exeFile read: C:\Users\user\Desktop\apt66ext.log.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\apt66ext.log.exe "C:\Users\user\Desktop\apt66ext.log.exe"
Source: C:\Users\user\Desktop\apt66ext.log.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe "C:\Users\user\Desktop\apt66ext.log.exe"
Source: C:\Users\user\Desktop\apt66ext.log.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe "C:\Users\user\Desktop\apt66ext.log.exe"Jump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: python37.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: sdl2.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: sdl2_image.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: libpng16-16.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: libjpeg-9.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: zlib1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: sdl2_ttf.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: libfreetype-6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: sdl2_mixer.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: libopenblas.wcdjnk7yvmpzq2me2zzhjjrj3jikndb7.gfortran-win_amd64.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: tcl86t.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: tk86t.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: mfplat.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: mf.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: mfreadwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: mfcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: ksuser.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: rtworkq.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: apt66ext.log.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: apt66ext.log.exeStatic file information: File size 55675088 > 1048576
Source: apt66ext.log.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: apt66ext.log.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: apt66ext.log.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: apt66ext.log.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: apt66ext.log.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: apt66ext.log.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: apt66ext.log.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: apt66ext.log.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\qtmedia_audioengine.pdb++ source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtwebglplugin\plugins\platforms\qwebgl.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qoffscreen.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\dsengine.pdbdd" source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\dsengine.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\18\s\PCbuild\amd64\unicodedata.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtwebsockets\lib\Qt5WebSockets.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\qtmedia_audioengine.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtdeclarative\lib\Qt5QmlModels.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: placed in the .pdbrc file): source: staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: If a file ".pdbrc" exists in your home directory or in the current source: staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1773526734.000002F6F5C73000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1781108164.000002F6F5D11000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1774529668.000002F6F5D02000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb%% source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtdeclarative\lib\Qt5Quick.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtdeclarative\lib\Qt5QmlModels.pdb11 source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: vcruntime140.amd64.pdbGCTL source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdbRR source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb** source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: vcruntime140.amd64.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbBB source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platformthemes\qxdgdesktopportal.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\bob\openssl-1.0.2s\out32dll\ssleay32.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\printsupport\windowsprintersupport.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qminimal.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\wmfengine.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: -c are executed after commands from .pdbrc files. source: staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qoffscreen.pdbKK source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E866A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtwebsockets\lib\Qt5WebSockets.pdb00 source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Initial commands are read from .pdbrc files in your home directory source: staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\18\s\PCbuild\amd64\select.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\bob\openssl-1.0.2s\out32dll\ssleay32.pdbFF source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtwebglplugin\plugins\platforms\qwebgl.pdb11 source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\opencv-python\opencv-python\_skbuild\win-amd64-3.7\cmake-build\lib\python3\Release\cv2.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E559E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qminimal.pdbPP source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtdeclarative\lib\Qt5Qml.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E685A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: The standard debugger class (pdb.Pdb) is an example. source: staged_out.exe, 00000001.00000002.1799414113.000002F6F5C52000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5C24000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1774238528.000002F6F5C2A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtmultimedia\plugins\mediaservice\wmfengine.pdbLL' source: apt66ext.log.exe, 00000000.00000003.1754631444.00000237E8936000.00000004.00000020.00020000.00000000.sdmp
Source: apt66ext.log.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: apt66ext.log.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: apt66ext.log.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: apt66ext.log.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: apt66ext.log.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: apt66ext.log.exeStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: libfreetype-6.dll.0.drStatic PE information: section name: .xdata
Source: libjpeg-9.dll.0.drStatic PE information: section name: .xdata
Source: staged_out.exe.0.drStatic PE information: section name: _RDATA
Source: libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.0.drStatic PE information: section name: .xdata
Source: libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.0.drStatic PE information: section name: /4
Source: libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.0.drStatic PE information: section name: /19
Source: libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.0.drStatic PE information: section name: /31
Source: libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.0.drStatic PE information: section name: /45
Source: libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.0.drStatic PE information: section name: /57
Source: libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.0.drStatic PE information: section name: /70
Source: libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.0.drStatic PE information: section name: /81
Source: libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.0.drStatic PE information: section name: /92
Source: libpng16-16.dll.0.drStatic PE information: section name: .xdata
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: msvcp140.dll.0.drStatic PE information: section name: .didat
Source: qt5core.dll.0.drStatic PE information: section name: .qtmimed
Source: sdl2.dll.0.drStatic PE information: section name: .xdata
Source: sdl2_image.dll.0.drStatic PE information: section name: .xdata
Source: sdl2_mixer.dll.0.drStatic PE information: section name: .xdata
Source: sdl2_ttf.dll.0.drStatic PE information: section name: .xdata
Source: vcruntime140.dll.0.drStatic PE information: section name: _RDATA
Source: zlib1.dll.0.drStatic PE information: section name: .xdata
Source: qsvgicon.dll.0.drStatic PE information: section name: .qtmetad
Source: qgif.dll.0.drStatic PE information: section name: .qtmetad
Source: qicns.dll.0.drStatic PE information: section name: .qtmetad
Source: qico.dll.0.drStatic PE information: section name: .qtmetad
Source: qjpeg.dll.0.drStatic PE information: section name: .qtmetad
Source: qsvg.dll.0.drStatic PE information: section name: .qtmetad
Source: qtga.dll.0.drStatic PE information: section name: .qtmetad
Source: qtiff.dll.0.drStatic PE information: section name: .qtmetad
Source: qwbmp.dll.0.drStatic PE information: section name: .qtmetad
Source: qwebp.dll.0.drStatic PE information: section name: .qtmetad
Source: dsengine.dll.0.drStatic PE information: section name: .qtmetad
Source: qtmedia_audioengine.dll.0.drStatic PE information: section name: .qtmetad
Source: wmfengine.dll.0.drStatic PE information: section name: .qtmetad
Source: qminimal.dll.0.drStatic PE information: section name: .qtmetad
Source: qoffscreen.dll.0.drStatic PE information: section name: .qtmetad
Source: qwebgl.dll.0.drStatic PE information: section name: .qtmetad
Source: qwindows.dll.0.drStatic PE information: section name: .qtmetad
Source: qxdgdesktopportal.dll.0.drStatic PE information: section name: .qtmetad
Source: windowsprintersupport.dll.0.drStatic PE information: section name: .qtmetad
Source: qwindowsvistastyle.dll.0.drStatic PE information: section name: .qtmetad
Source: math.pyd.0.drStatic PE information: section name: _RDATA
Source: cv2.pyd.0.drStatic PE information: section name: IPPCODE
Source: cv2.pyd.0.drStatic PE information: section name: IPPDATA
Source: cv2.pyd.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_62E9642E push rbx; ret 1_2_62E9642F
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\mixer.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qsvg.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\printsupport\windowsprintersupport.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\concrt140.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5core.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\rect.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\rwobject.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qtga.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\surflock.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\QtWidgets.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imagingcms.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\joystick.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5websockets.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\sdl2_ttf.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libfreetype-6.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5network.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\image.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libeay32.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\time.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\mouse.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\mediaservice\dsengine.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\scrap.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\surface.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\fft\_pocketfft_internal.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\bufferproxy.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_mt19937.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libjpeg-9.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\transform.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\display.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\font.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\iconengines\qsvgicon.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qico.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\linalg\lapack_lite.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\msvcp140.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\sdl2.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qtiff.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qicns.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_sfc64.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_tkinter.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5dbus.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\_freetype.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platformthemes\qxdgdesktopportal.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\base.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5qml.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_webp.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qwebp.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_elementtree.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\select.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\mediaservice\wmfengine.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libpng16-16.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5multimedia.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_generator.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\sip.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\mediaservice\qtmedia_audioengine.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\core\_multiarray_tests.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imagingft.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\mtrand.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\pixelarray.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\color.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\ssleay32.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\styles\qwindowsvistastyle.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\QtGui.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\bit_generator.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\mixer_music.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\vcruntime140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_common.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\constants.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_pcg64.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_philox.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\sdl2_image.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\pixelcopy.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\zlib1.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5quick.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5printsupport.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\event.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qwbmp.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qoffscreen.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\cv2\cv2.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qminimal.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\key.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qgif.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\imageext.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\mask.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\python37.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5qmlmodels.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\sdl2_mixer.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imagingtk.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\linalg\_umath_linalg.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\draw.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\tcl86t.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\math.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\tk86t.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\msvcp140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imaging.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\QtCore.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\core\_multiarray_umath.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qwebgl.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_cffi_backend.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5widgets.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5gui.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5svg.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_bounded_integers.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\vcruntime140.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qsvg.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\mixer.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\printsupport\windowsprintersupport.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\concrt140.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5core.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\rect.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\rwobject.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qtga.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\surflock.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\QtWidgets.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imagingcms.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\joystick.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5websockets.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5network.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\image.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libeay32.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\time.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\mouse.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\mediaservice\dsengine.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\scrap.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\surface.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\fft\_pocketfft_internal.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\bufferproxy.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_mt19937.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\transform.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\display.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\font.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\iconengines\qsvgicon.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qico.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\linalg\lapack_lite.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\msvcp140.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qtiff.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qicns.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_sfc64.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_tkinter.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5dbus.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\_freetype.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platformthemes\qxdgdesktopportal.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\base.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_webp.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5qml.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qwebp.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_elementtree.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\select.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\mediaservice\wmfengine.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5multimedia.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_generator.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\sip.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\mediaservice\qtmedia_audioengine.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\core\_multiarray_tests.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imagingft.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\mtrand.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\pixelarray.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\color.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\styles\qwindowsvistastyle.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\ssleay32.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\QtGui.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\bit_generator.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\mixer_music.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\vcruntime140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_common.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\constants.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_pcg64.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_philox.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\pixelcopy.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5quick.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5printsupport.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\event.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qwbmp.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qoffscreen.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\cv2\cv2.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qminimal.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\key.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qgif.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\imageext.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\mask.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\linalg\_umath_linalg.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imagingtk.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5qmlmodels.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\draw.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\math.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\msvcp140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imaging.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\QtCore.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\core\_multiarray_umath.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qwebgl.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_cffi_backend.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5widgets.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5gui.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5svg.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_bounded_integers.pydJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\apt66ext.log.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF761408370 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF761408370
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7613FBD58 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7613FBD58
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF76140A11C GetProcessHeap,0_2_00007FF76140A11C
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7613FBD58 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7613FBD58
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7613FB600 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7613FB600
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7614048F0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7614048F0
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7613FBF3C SetUnhandledExceptionFilter,0_2_00007FF7613FBF3C
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeCode function: 1_2_62E925B6 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,1_2_62E925B6
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7613F51C0 cpuid 0_2_00007FF7613F51C0
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\apt66ext.log.exeCode function: 0_2_00007FF7613FA440 GetSystemTimeAsFileTime,0_2_00007FF7613FA440
Source: C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Software Packing		11
Input Capture		1
System Time Discovery		Remote Services11
Input Capture		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory2
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS24
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
apt66ext.log.exe15%VirustotalBrowse
apt66ext.log.exe18%ReversingLabsWin64.Trojan.Generic

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imaging.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imagingcms.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imagingft.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imagingtk.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_webp.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\QtCore.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\QtGui.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\QtWidgets.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\iconengines\qsvgicon.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qgif.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qicns.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qico.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qjpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qsvg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qtga.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qtiff.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qwbmp.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qwebp.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\mediaservice\dsengine.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\mediaservice\qtmedia_audioengine.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\mediaservice\wmfengine.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qminimal.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qoffscreen.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qwebgl.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qwindows.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platformthemes\qxdgdesktopportal.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\printsupport\windowsprintersupport.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\styles\qwindowsvistastyle.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\sip.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_asyncio.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_cffi_backend.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_elementtree.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_multiprocessing.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_overlapped.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_tkinter.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\concrt140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\cv2\cv2.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://schemas.xmlsoap.org/wsdl/0%URL Reputationsafe
https://github.com/joblib/threadpoolctl0%Avira URL Cloudsafe
http://caffe.berkeleyvision.org/)0%Avira URL Cloudsafe
https://docs.scipy.org/doc/numpy/user/basics.io.genfromtxt.html0%Avira URL Cloudsafe
http://www.scipy.org/not/real/data.txt0%Avira URL Cloudsafe
https://onnx.ai/)0%Avira URL Cloudsafe
http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/JUMP/0%Avira URL Cloudsafe
https://docs.python.org/library/string.html#format-specification-mini-language0%Avira URL Cloudsafe
http://torch.ch/)0%Avira URL Cloudsafe
https://github.com/opencv/opencv/issues/19634cv::mjpeg::MjpegEncoder::MjpegEncodercv::mjpeg::MotionJ0%Avira URL Cloudsafe
https://web.archive.org/web/20090514091424/http://brighton-webs.co.uk:80/distributions/rayleigh.asp0%Avira URL Cloudsafe
http://mathworld.wolfram.com/NoncentralF-Distribution.html0%Avira URL Cloudsafe
http://www.dai.ed.ac.uk/CVonline/LOCAL_COPIES/MANDUCHI1/Bilateral_Filtering.html0%Avira URL Cloudsafe
https://numpy.org/neps/nep-0032-remove-financial-functions.html0%Avira URL Cloudsafe
https://gist.github.com/imneme/540829265469e673d0450%Avira URL Cloudsafe
http://docs.python.org/library/unittest.html0%Avira URL Cloudsafe
https://docs.scipy.org/doc/numpy/reference/c-api.generalized-ufuncs.html0%Avira URL Cloudsafe
http://www.math.sfu.ca/~cbm/aands/page_69.htm0%Avira URL Cloudsafe
https://github.com/opencv/opencv/issues/62930%Avira URL Cloudsafe
http://www.python.org/download/releases/2.3/mro/.0%Avira URL Cloudsafe
https://github.com/opencv/opencv/issues/167390%Avira URL Cloudsafe
https://github.com/opencv/opencv/issues/167360%Avira URL Cloudsafe
https://www.math.hmc.edu/~benjamin/papers/CombTrig.pdf0%Avira URL Cloudsafe
http://crl.startssl.com/sfsca.crl0f0%Avira URL Cloudsafe
https://www.scipy.org0%Avira URL Cloudsafe
https://github.com/torch/nn/blob/master/doc/module.md0%Avira URL Cloudsafe
http://mathworld.wolfram.com/LaplaceDistribution.html0%Avira URL Cloudsafe
http://crl.startssl.com/sca-code3.crl0#0%Avira URL Cloudsafe
http://www.inf.ufrgs.br/~eslgastal/DomainTransform/).0%Avira URL Cloudsafe
https://github.com/opencv/opencv/issues/208330%Avira URL Cloudsafe
https://github.com/baidut/BIMEF).0%Avira URL Cloudsafe
https://ipython.org0%Avira URL Cloudsafe
http://speleotrove.com/decimal/decarith.html0%Avira URL Cloudsafe
http://www.python.org/dev/peps/pep-0205/0%Avira URL Cloudsafe
http://torch.ch0%Avira URL Cloudsafe
http://www.gdal.org/ogr_formats.html).0%Avira URL Cloudsafe
https://en.wik0%Avira URL Cloudsafe
http://arxiv.org/abs/1805.10941.0%Avira URL Cloudsafe
https://numpy.org/devdocs/user/troubleshooting-importerror.html0%Avira URL Cloudsafe
https://stackoverflow.com/questions/7648200/pip-install-pil-e-tickets-1-no-jpeg-png-support0%Avira URL Cloudsafe
https://www.tensorflow.org/)0%Avira URL Cloudsafe
https://www.itl.nist.gov/div898/handbook/eda/section3/eda3666.htm0%Avira URL Cloudsafe
https://github.com/python-pillow/Pillow/0%Avira URL Cloudsafe
http://mathworld.wolfram.com/NegativeBinomialDistribution.html0%Avira URL Cloudsafe
https://github.com/opencv/opencv_contrib/blob/master/modules/text/samples/OCRHMM_transitions_table.x0%Avira URL Cloudsafe
http://www.math.sfu.ca/~cbm/aands/0%Avira URL Cloudsafe
https://www.itl.nist.gov/div898/software/dataplot/refman2/auxillar/powpdf.pdf0%Avira URL Cloudsafe
http://www.ams.org/journals/mcom/1988-51-184/0%Avira URL Cloudsafe
https://www.pygame.org/docs/ref/color_list.html0%Avira URL Cloudsafe
https://www.pygame.org/contribute.html0%Avira URL Cloudsafe
http://www.cl.cam.ac.uk/~mgk25/iso-time.html0%Avira URL Cloudsafe
http://www.oasis-open.org/committees/documents.php0%Avira URL Cloudsafe
http://www.pcg-random.org/posts/developing-a-seed_seq-alternative.html0%Avira URL Cloudsafe
http://www.startssl.com/policy00%Avira URL Cloudsafe
https://people.eecs.berkeley.edu/~wkahan/Mindless.pdf0%Avira URL Cloudsafe
https://github.com/opencv/opencv_contrib/issues/22350%Avira URL Cloudsafe
http://campar.in.tum.de/Chair/HandEyeCalibration).0%Avira URL Cloudsafe
https://github.com/numpy/numpy/issues/47630%Avira URL Cloudsafe
https://web.archive.org/web/20090423014010/http://www.brighton-webs.co.uk:80/distributions/wald.asp0%Avira URL Cloudsafe
http://mathworld.wolfram.com/CauchyDistribution.html0%Avira URL Cloudsafe
http://mathworld.wolfram.com/HypergeometricDistribution.html0%Avira URL Cloudsafe
http://mathworld.wolfram.com/PoissonDistribution.html0%Avira URL Cloudsafe
http://mathworld.wolfram.com/SincFunction.html0%Avira URL Cloudsafe
http://www.inf.ufrgs.br/~eslgastal/DomainTransform/).COLOR_SPACE_Lab_D75_2MORPH_CROSSCAP_PROP_DC13940%Avira URL Cloudsafe
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.476.5736&rep=rep1&type=pdf0%Avira URL Cloudsafe
http://graphics.berkeley.edu/papers/Tao-SAN-2012-05/0%Avira URL Cloudsafe
http://www.zlib.net/D0%Avira URL Cloudsafe
http://www.startssl.com/0P0%Avira URL Cloudsafe
http://homepages.inf.ed.ac.uk/rbf/HIPR2/hough.htm0%Avira URL Cloudsafe
http://www.ifp.illinois.edu/~vuongle2/helen/0%Avira URL Cloudsafe
https://github.com/NVIDIA/caffe.0%Avira URL Cloudsafe
https://onnx.ai/0%Avira URL Cloudsafe
https://software.intel.com/openvino-toolkit)0%Avira URL Cloudsafe
http://underdestruction.com/2004/02/25/stackblur-2004.0%Avira URL Cloudsafe
https://askubuntu.com/questions/697397/python3-is-not-supporting-gtk-module0%Avira URL Cloudsafe
http://caffe.berkeleyvision.org0%Avira URL Cloudsafe
https://github.com/opencv/opencv_contrib/blob/master/modules/text/samples/webcam_demo.cpp0%Avira URL Cloudsafe
https://pypi.org/project/numpy-financial.0%Avira URL Cloudsafe
http://bugs.python.org/issue23606)0%Avira URL Cloudsafe
https://github.com/opencv/opencv/issues/196340%Avira URL Cloudsafe
https://www.numpy.org/neps/nep-0001-npy-format.html0%Avira URL Cloudsafe
https://engineering.purdue.edu/~malcolm/pct/CTI_Ch03.pdf0%Avira URL Cloudsafe
http://html4/loose.dtd0%Avira URL Cloudsafe
http://www.inference.org.uk/mackay/itila/0%Avira URL Cloudsafe
http://mathworld.wolfram.com/BinomialDistribution.html0%Avira URL Cloudsafe
https://github.com/opencv/opencv/issues/21326cv::initOpenEXRD:0%Avira URL Cloudsafe
https://pypi.org/project/numpy-financial/).0%Avira URL Cloudsafe
https://www.learnopencv.com/convex-hull-using-opencv-in-python-and-c/cornersQualityOOOO0%Avira URL Cloudsafe
https://github.com/libsdl-org/SDL.git0%Avira URL Cloudsafe
https://github.com/asweigart/pygetwindow0%Avira URL Cloudsafe
http://kobesearch.cpan.org/htdocs/Math-Cephes/Math/Cephes.html0%Avira URL Cloudsafe
http://www.openssl.org/V0%Avira URL Cloudsafe
https://scipy-cookbook.readthedocs.io/items/Ctypes.html0%Avira URL Cloudsafe
http://dx.doi.org/10.1016/j.cviu.2010.01.0110%Avira URL Cloudsafe
http://www.oasis-open.org/committees/documents.php?wg_abbrev=office-formula0%Avira URL Cloudsafe
https://www.mathworks.com/help/techdoc/ref/rank.html0%Avira URL Cloudsafe
http://.css0%Avira URL Cloudsafe
http://www.xyz.edu/data0%Avira URL Cloudsafe
http://www.cs.tut.fi/~foi/GCF-BM3D/BM3D_TIP_2007.pdf0%Avira URL Cloudsafe
https://www.tensorflow.org/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://github.com/joblib/threadpoolctlstaged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://onnx.ai/)apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://caffe.berkeleyvision.org/)apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.scipy.org/not/real/data.txtstaged_out.exe, 00000001.00000002.1798575140.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780639431.000002F6F560D000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://docs.scipy.org/doc/numpy/user/basics.io.genfromtxt.htmlstaged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1798723673.000002F6F56EB000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780956819.000002F6F56EA000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/JUMP/apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://docs.python.org/library/string.html#format-specification-mini-languagestaged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1798723673.000002F6F56EB000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780956819.000002F6F56EA000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://torch.ch/)apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/opencv/opencv/issues/19634cv::mjpeg::MjpegEncoder::MjpegEncodercv::mjpeg::MotionJapt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://web.archive.org/web/20090514091424/http://brighton-webs.co.uk:80/distributions/rayleigh.aspapt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://mathworld.wolfram.com/NoncentralF-Distribution.htmlapt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.dai.ed.ac.uk/CVonline/LOCAL_COPIES/MANDUCHI1/Bilateral_Filtering.htmlapt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://gist.github.com/imneme/540829265469e673d045apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://numpy.org/neps/nep-0032-remove-financial-functions.htmlstaged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1798575140.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780639431.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1774938696.000002F6DB825000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://docs.python.org/library/unittest.htmlstaged_out.exe, 00000001.00000003.1773526734.000002F6F5C73000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1781108164.000002F6F5D11000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1774529668.000002F6F5D02000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://docs.scipy.org/doc/numpy/reference/c-api.generalized-ufuncs.htmlstaged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1781194704.000002F6F56E7000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.math.sfu.ca/~cbm/aands/page_69.htmapt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1774203692.000002F6F5BFB000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/opencv/opencv/issues/6293apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.python.org/download/releases/2.3/mro/.staged_out.exe, 00000001.00000002.1797982505.000002F6DB610000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/opencv/opencv/issues/16739apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/opencv/opencv/issues/16736apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.math.hmc.edu/~benjamin/papers/CombTrig.pdfstaged_out.exe, 00000001.00000003.1780639431.000002F6F55FA000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://crl.startssl.com/sfsca.crl0fapt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.scipy.orgstaged_out.exe, 00000001.00000003.1778498282.000002F6DAF56000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/torch/nn/blob/master/doc/module.mdapt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://mathworld.wolfram.com/LaplaceDistribution.htmlapt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://crl.startssl.com/sca-code3.crl0#apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.inf.ufrgs.br/~eslgastal/DomainTransform/).apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/opencv/opencv/issues/20833apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/baidut/BIMEF).apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://ipython.orgstaged_out.exe, 00000001.00000003.1778498282.000002F6DAF56000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://speleotrove.com/decimal/decarith.htmlstaged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.python.org/dev/peps/pep-0205/staged_out.exe, 00000001.00000002.1799660023.000002F6F5E40000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://torch.chapt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.gdal.org/ogr_formats.html).apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://en.wikstaged_out.exe, 00000001.00000003.1773526734.000002F6F5C11000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://arxiv.org/abs/1805.10941.apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://numpy.org/devdocs/user/troubleshooting-importerror.htmlstaged_out.exe, 00000001.00000003.1774938696.000002F6DB825000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://stackoverflow.com/questions/7648200/pip-install-pil-e-tickets-1-no-jpeg-png-supportstaged_out.exe, 00000001.00000002.1800249748.000002F6FE110000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.tensorflow.org/)apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.itl.nist.gov/div898/handbook/eda/section3/eda3666.htmapt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/python-pillow/Pillow/staged_out.exe, 00000001.00000002.1800221388.000002F6F60D0000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://mathworld.wolfram.com/NegativeBinomialDistribution.htmlapt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/opencv/opencv_contrib/blob/master/modules/text/samples/OCRHMM_transitions_table.xapt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.math.sfu.ca/~cbm/aands/staged_out.exe, 00000001.00000003.1773526734.000002F6F5C11000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.itl.nist.gov/div898/software/dataplot/refman2/auxillar/powpdf.pdfapt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.ams.org/journals/mcom/1988-51-184/staged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.pygame.org/docs/ref/color_list.htmlstaged_out.exe, 00000001.00000002.1798235904.000002F6DB8D0000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.pygame.org/contribute.htmlstaged_out.exe, 00000001.00000002.1798235904.000002F6DB8D0000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlstaged_out.exe, 00000001.00000002.1798386908.000002F6DD460000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.oasis-open.org/committees/documents.phpstaged_out.exe, 00000001.00000003.1774938696.000002F6DB825000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.pcg-random.org/posts/developing-a-seed_seq-alternative.htmlapt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.startssl.com/policy0apt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://people.eecs.berkeley.edu/~wkahan/Mindless.pdfstaged_out.exe, 00000001.00000003.1780639431.000002F6F55C2000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/opencv/opencv_contrib/issues/2235apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://campar.in.tum.de/Chair/HandEyeCalibration).apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/numpy/numpy/issues/4763staged_out.exe, 00000001.00000002.1799792033.000002F6F5F70000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://web.archive.org/web/20090423014010/http://www.brighton-webs.co.uk:80/distributions/wald.aspapt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://mathworld.wolfram.com/CauchyDistribution.htmlapt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://mathworld.wolfram.com/HypergeometricDistribution.htmlapt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://mathworld.wolfram.com/PoissonDistribution.htmlapt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://mathworld.wolfram.com/SincFunction.htmlstaged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.inf.ufrgs.br/~eslgastal/DomainTransform/).COLOR_SPACE_Lab_D75_2MORPH_CROSSCAP_PROP_DC1394apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.476.5736&rep=rep1&type=pdfapt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://graphics.berkeley.edu/papers/Tao-SAN-2012-05/apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.zlib.net/Dapt66ext.log.exe, 00000000.00000003.1754631444.00000237E79FA000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.startssl.com/0Papt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://homepages.inf.ed.ac.uk/rbf/HIPR2/hough.htmapt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://schemas.xmlsoap.org/wsdl/staged_out.exe, 00000001.00000002.1800406406.000002F6FE3B0000.00000004.00001000.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.ifp.illinois.edu/~vuongle2/helen/apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/NVIDIA/caffe.apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://onnx.ai/apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://software.intel.com/openvino-toolkit)apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://underdestruction.com/2004/02/25/stackblur-2004.apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://caffe.berkeleyvision.orgapt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://askubuntu.com/questions/697397/python3-is-not-supporting-gtk-modulestaged_out.exe, 00000001.00000003.1780360749.000002F6F5E05000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799629414.000002F6F5E05000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/opencv/opencv_contrib/blob/master/modules/text/samples/webcam_demo.cppapt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://pypi.org/project/numpy-financial.staged_out.exe, 00000001.00000003.1778458741.000002F6F5AC7000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1772975022.000002F6F5A73000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1798575140.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780639431.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1774938696.000002F6DB825000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://bugs.python.org/issue23606)staged_out.exe, 00000001.00000002.1800435195.000002F6FE400000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/opencv/opencv/issues/19634apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.numpy.org/neps/nep-0001-npy-format.htmlstaged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1798723673.000002F6F56EB000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780956819.000002F6F56EA000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://engineering.purdue.edu/~malcolm/pct/CTI_Ch03.pdfapt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://html4/loose.dtdapt66ext.log.exe, 00000000.00000003.1754631444.00000237E7C6A000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.inference.org.uk/mackay/itila/apt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://mathworld.wolfram.com/BinomialDistribution.htmlapt66ext.log.exe, 00000000.00000003.1754631444.00000237E6482000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000002.1799234574.000002F6F5BA5000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/opencv/opencv/issues/21326cv::initOpenEXRD:apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://pypi.org/project/numpy-financial/).staged_out.exe, 00000001.00000002.1799660023.000002F6F5E40000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.learnopencv.com/convex-hull-using-opencv-in-python-and-c/cornersQualityOOOOapt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/libsdl-org/SDL.gitapt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/asweigart/pygetwindowstaged_out.exe, 00000001.00000002.1800406406.000002F6FE3B0000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://kobesearch.cpan.org/htdocs/Math-Cephes/Math/Cephes.htmlstaged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.openssl.org/Vapt66ext.log.exe, 00000000.00000003.1754631444.00000237E725A000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://scipy-cookbook.readthedocs.io/items/Ctypes.htmlstaged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://dx.doi.org/10.1016/j.cviu.2010.01.011apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.oasis-open.org/committees/documents.php?wg_abbrev=office-formulastaged_out.exe, 00000001.00000003.1774938696.000002F6DB825000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.mathworks.com/help/techdoc/ref/rank.htmlstaged_out.exe, 00000001.00000003.1780639431.000002F6F5642000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1778843039.000002F6F5642000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://.cssapt66ext.log.exe, 00000000.00000003.1754631444.00000237E7C6A000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.xyz.edu/datastaged_out.exe, 00000001.00000002.1798575140.000002F6F560D000.00000004.00000020.00020000.00000000.sdmp, staged_out.exe, 00000001.00000003.1780639431.000002F6F560D000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.cs.tut.fi/~foi/GCF-BM3D/BM3D_TIP_2007.pdfapt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.tensorflow.org/apt66ext.log.exe, 00000000.00000003.1754631444.00000237E4536000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1467955
Start date and time:2024-07-05 06:44:11 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 8m 50s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:7
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:apt66ext.log.exe
Detection:MAL
Classification:mal52.winEXE@3/124@0/0
EGA Information:Failed
HCA Information:Failed
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imaging.pydSecuriteInfo.com.Win64.DropperX-gen.9519.23032.exeGet hashmaliciousUnknownBrowse
    SecuriteInfo.com.Win64.DropperX-gen.9519.23032.exeGet hashmaliciousBazaLoaderBrowse
      C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imagingft.pydSecuriteInfo.com.Win64.DropperX-gen.9519.23032.exeGet hashmaliciousUnknownBrowse
        SecuriteInfo.com.Win64.DropperX-gen.9519.23032.exeGet hashmaliciousBazaLoaderBrowse
          C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imagingtk.pydSecuriteInfo.com.Win64.DropperX-gen.9519.23032.exeGet hashmaliciousUnknownBrowse
            SecuriteInfo.com.Win64.DropperX-gen.9519.23032.exeGet hashmaliciousBazaLoaderBrowse
              C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imagingcms.pydSecuriteInfo.com.Win64.DropperX-gen.9519.23032.exeGet hashmaliciousUnknownBrowse
                SecuriteInfo.com.Win64.DropperX-gen.9519.23032.exeGet hashmaliciousBazaLoaderBrowse

                  Created / dropped Files

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imaging.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):2428928
                  Entropy (8bit):6.459337580131227
                  Encrypted:false
                  SSDEEP:49152:koa4DDDK7v1T+bKpf6/ulLrLrLrLKg+JYWjHBF7:1K7v1TWX2q
                  MD5:AACDB8C5BC88D687244E39CFC7A0B855
                  SHA1:F47344BAEE73A89300A278C6797B29A49D5B924C
                  SHA-256:6D21AC76315885570BDCBF7B54CDD212E430F4CA2708F6F641EB5F6FEEAFC6E2
                  SHA-512:FE5ED4F93776D1608BFEA4C96D155C043E1B1A920B210672B3511FF070F48538B3C6EBA6D1F1F5A3C296B748346DACAD22649C676C958BF7E867B7D96C99E85F
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Joe Sandbox View:
                  • Filename: SecuriteInfo.com.Win64.DropperX-gen.9519.23032.exe, Detection: malicious, Browse
                  • Filename: SecuriteInfo.com.Win64.DropperX-gen.9519.23032.exe, Detection: malicious, Browse
                  Reputation:low
                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......<..1x.}bx.}bx.}bq..bh.}b..|cz.}b...b|.}b..xcu.}b..ycp.}b..~c|.}b.|cz.}b3.|c..}bx.|bp.}bx.}bc.}b..yc..}b..uc2.}b..}cy.}b...by.}b...cy.}bRichx.}b........................PE..d.....ec.........." ...!.............9........................................%...........`..........................................Z#.`...0[#......P%......P$..............`%.D.....!...............................!.@...............(............................text...x........................... ..`.rdata..............................@..@.data.........#......b#.............@....pdata.......P$.......#.............@..@.rsrc........P%.......$.............@..@.reloc..D....`%.......$.............@..B........................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imagingcms.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):257536
                  Entropy (8bit):6.280201200423917
                  Encrypted:false
                  SSDEEP:6144:kFuq195UQ/b/8yRI7O4T9HFLg9uP1+74/LgHmPr9qvZqhLanLTLzLfqeqwL1Je0s:kFuqL5UfT9HFLg9uP1+74/LgHmPr9qvK
                  MD5:74277F3293C7B0D3E882EA2DE1D1CF1E
                  SHA1:4C8E0611A315A9BB4B7829989EC0115B65E679E9
                  SHA-256:00BCFE359DB03A33DF453FF0DE146BFF038419AC65D5CB5055FFF5ED19A56259
                  SHA-512:6DCC56EF0C3C4ED6286FCE212112764C9D0B38980783A2F348A3FCE0CC7CD0B7E75D388508484CD585493C645D3CC150B22D5FB9E41A4BD4CFDEA0E8441AE909
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Joe Sandbox View:
                  • Filename: SecuriteInfo.com.Win64.DropperX-gen.9519.23032.exe, Detection: malicious, Browse
                  • Filename: SecuriteInfo.com.Win64.DropperX-gen.9519.23032.exe, Detection: malicious, Browse
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D....b...b...b....R..b.......b......b......b......b...<...b..K....b...b..lb......b.......b....>..b......b..Rich.b..........................PE..d.....ec.........." ...!..... ...............................................0............`.........................................0...d.................................... .......E...............................D..@...............`............................text...(........................... ..`.rdata.............................@..@.data....F.......@...v..............@....pdata...........0..................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imagingft.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):1652736
                  Entropy (8bit):6.766846496259483
                  Encrypted:false
                  SSDEEP:24576:RGxm3UN0DyIeCzhYTUrU55IUYcEe7/t8fV7MZgyzcO0PEXbZ5Ap4Xfo45:ox4SfC2TUO5HCI/et+gytfo4
                  MD5:C399B12E90D2560998FBE4BAAA1C2520
                  SHA1:075B5788F9B24385041B46BFBFCDB8B813063D8B
                  SHA-256:EDB2750798F931782A39F68177594BE7B61D5DE8D2D72CC2DA56EE481235A91B
                  SHA-512:2D395BE849E2CE8AC25EEE756CA6CAA9C1D1AD7C4D5157AD0D31D9442C765A3D7ACDCAE36BB37AD72724967D078908B316D491E6F8FF6B960B8F7D982903928C
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Joe Sandbox View:
                  • Filename: SecuriteInfo.com.Win64.DropperX-gen.9519.23032.exe, Detection: malicious, Browse
                  • Filename: SecuriteInfo.com.Win64.DropperX-gen.9519.23032.exe, Detection: malicious, Browse
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........pn...........i.....&j......i.....&j.....&j.....&j.....&j......O........(...(j.....(j.....(j.....(j.....(j.....(j.....Rich............PE..d.....ec.........." ...!.....@............................................................`..........................................1..d....2.......`.......................p..h...p...............................0...@............... ............................text............................... ..`.rdata...0.......2..................@..@.data....+...P...$...2..............@....pdata...............V..............@..@.rsrc........`.......(..............@..@.reloc..h....p.......*..............@..B........................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_imagingtk.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):15872
                  Entropy (8bit):5.016426536954842
                  Encrypted:false
                  SSDEEP:192:dLWyIXW4r4fhDBg3hB2tCIpg7or9edH58IPpElVysUA4ckgT1G:dL7IXr45DBg3hB2V9eswpsVyZA2gTQ
                  MD5:B61513E865CE6A68D13BE4CD2460B5AD
                  SHA1:CBA64C5713D6D9D6267B4BFBF9BB2882CFAF174E
                  SHA-256:32E29A8FF928D60D4E469796485A4F086E56CD7D6FA82793CBE5F4B2BF76742C
                  SHA-512:94BD51836FE14DE22BCA9BCBC214C39B690DE1C077925FC4A93660912D2390EF57CB989A82C6BC2C9F82381D77905686960358CA3DFBE532DC6FE3E7022630AB
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Joe Sandbox View:
                  • Filename: SecuriteInfo.com.Win64.DropperX-gen.9519.23032.exe, Detection: malicious, Browse
                  • Filename: SecuriteInfo.com.Win64.DropperX-gen.9519.23032.exe, Detection: malicious, Browse
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........i..:..:..:...:..:F..;..:F..;..:F..;..:F..;..:l.;..:..;..:..:.:H..;..:H..;..:H.l:..:H..;..:Rich..:........................PE..d.....ec.........." ...!.....$............................................................`..........................................9..d...T:.......p.......`..................<...p3..............................02..@............0..x............................text............................... ..`.rdata..z....0....... ..............@..@.data...8....P.......2..............@....pdata.......`.......6..............@..@.rsrc........p.......:..............@..@.reloc..<............<..............@..B................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PIL\_webp.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):531456
                  Entropy (8bit):6.580984741686164
                  Encrypted:false
                  SSDEEP:12288:wyN9n89fa3Z6utaazqLrLrLrLaCCKVtNaIKJQIJzK:wV9ypLqLrLrLrLaCCKEIyQIJzK
                  MD5:AA29985595759F7C02529650F6C35F1B
                  SHA1:A859D0549379050C7CEC8B285A3BA802E8E71566
                  SHA-256:47F85EE8BC271D79AC383C285EF026C7040B94AF8E67A5832138EEF8FC595CBD
                  SHA-512:55AD17D7280B626A8B026470DB8A86C2DE05B137D9A923A37E6FE87169F682347E715D2EFFDE820ED58A6352CDFC396B64DA9B704085763FDAD30F6C7B7FABFD
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0Qw.Q?$.Q?$.Q?$.).$.Q?$C*>%.Q?$.)>%.Q?$C*:%.Q?$C*;%.Q?$C*<%.Q?$i.>%.Q?$.Q>$.Q?$M*;%.Q?$M*7%.Q?$M*?%.Q?$M*.$.Q?$M*=%.Q?$Rich.Q?$........PE..d.....ec.........." ...!.................................................................`.........................................P...X............p....... ...M...................R...............................Q..@............................................text............................... ..`.rdata..~...........................@..@.data....7..........................@....pdata...M... ...N..................@..@.rsrc........p......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\QtCore.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):2467840
                  Entropy (8bit):6.240133820704683
                  Encrypted:false
                  SSDEEP:49152:aWYt+wPbTcSKSCcHFpXEqzhDarD9HDXTk5am3QSQK4ZAzYI+1ZdAEDGmtV/U3bwN:jSKSCcHFpXEqzhDarD9HDXTk5am3QSQO
                  MD5:1DA7B606380B624274E7E3C5F25209BC
                  SHA1:695949EAB1548E05FB10DA421626EF95B03D5B89
                  SHA-256:203BB6236F23F57AD8CDAB5BBF4537A4ABBC0B0879CF2893A8DC930E679DD846
                  SHA-512:43E4CDE7B3CF2F57991C169B1B9AD90334187A41B7784F37660D146252B1C6BD2E98CF86210F938967653773F29619CF0CE038A99184E3D44F734223D05C0B93
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Reputation:moderate, very likely benign file
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........^..0..0..0.....0...1...0...1...0...5..0...4..0...3..0.M.1...0.E.1...0..1.!.0...5..0...0..0...2..0.Rich.0.........................PE..d...3..c.........." .....B..........HF........................................&...........`.............................................L...L.................#..............`%.....`.......................b..(....`..8............`...o...........................text....A.......B.................. ..`.rdata...o...`...p...F..............@..@.data...(...........................@....pdata........#......<#.............@..@.reloc......`%.......%.............@..B........................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\QtGui.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):2482688
                  Entropy (8bit):6.233473435581707
                  Encrypted:false
                  SSDEEP:49152:eq1Bdy8kK+zqwXSkaGV0COyxNkFAEfYoyWbP:dLdiznbTjO
                  MD5:3A9A1CD6F3A0EFE67B5994B82D7C4E21
                  SHA1:E4009EB322A235C7B739777B4385906A238E7B37
                  SHA-256:2CA28D29EC4F2F50B4CCC70C7D6399B314151BC38852833D2D30097773BB1C00
                  SHA-512:13BCA36D9BFBE7AD6B43818E5AFC4FF940ADCCC8273DB00052B1466339258C4A0D47B2E126278F43CB24A0E608A08CF39A92379375CE011E156DE1546A286C15
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........wE.S.+OS.+OS.+OZn.OW.+O.c*NQ.+O.~*NQ.+O.c.NG.+O.c/N[.+O.c(NP.+O.m*NQ.+O.f*NV.+OS.*O..+O.c.NX.+O.c+NR.+O.c)NR.+ORichS.+O........................PE..d...R..c.........." .........J...............................................@&...........`.............................................L...L.................#...............%.....`...................................8................z...........................text............................... ..`.rdata..V...........................@..@.data...(z...p...^...N..............@....pdata........#.......#.............@..@.reloc........%.......%.............@..B........................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\QtWidgets.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):5092864
                  Entropy (8bit):6.251608446485404
                  Encrypted:false
                  SSDEEP:49152:I6qnQByIoLSo7MMVjv7pekxL3UNmN61ZA+gca6xSdJzqNQ9SbBanj1Mxf5uJa:WxI/kMaz7YsgNDG90+VimCOa
                  MD5:9E4B668C64D9E7A6C59BEBE4B0D6D7C0
                  SHA1:75C70834E631014296F893F5584B18EA20AC1EC3
                  SHA-256:E4A06FE65B02C568DB984771FB9A46EA95A8E4353EA85C942F954CBA02DEC635
                  SHA-512:8D18D5F640EFE4631E4E43A1EF4BB458613C598C88574DC3C3BCFA8C0B8C7CBBF4950CF6F6BB31B49914DC45523A2376AC9178939164D93BDDD670BAD5386D66
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0...^..^..^.....^..._..^..._..^...[..^...Z..^...]..^..._..^..._..^.._..^.X.[..^.X.^..^.X.\..^.Rich..^.................PE..d...m..c.........." ......,...!.......,.......................................N...........`..........................................t;.T...Du;..............0H..t............L..O...7..............................7.8.............,.`............................text...(.,.......,................. ..`.rdata..F.....,.......,.............@..@.data....9....@.......@.............@....pdata...t...0H..t....G.............@..@.reloc...O....L..P...fL.............@..B................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\iconengines\qsvgicon.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):41968
                  Entropy (8bit):6.0993566622860635
                  Encrypted:false
                  SSDEEP:768:VPs5g31JfDgej5JZmA0ZsEEC6lmn+4FdDGimUf2hr:VkC31ee7ZmA+sEEC6lmn+4FOUfc
                  MD5:313F89994F3FEA8F67A48EE13359F4BA
                  SHA1:8C7D4509A0CAA1164CC9415F44735B885A2F3270
                  SHA-256:42DDE60BEFCF1D9F96B8366A9988626B97D7D0D829EBEA32F756D6ECD9EA99A8
                  SHA-512:06E5026F5DB929F242104A503F0D501A9C1DC92973DD0E91D2DAF5B277D190082DE8D37ACE7EDF643C70AA98BB3D670DEFE04CE89B483DA4F34E629F8ED5FECF
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n.:*..i*..i*..i#.Ei...i...h(..i>..h(..i...h8..i...h-..i...h(..i...h-..i*..i...i...h(..i...h+..i..)i+..i...h+..iRich*..i........................PE..d......_.........." .....@...F.......F..............................................C.....`..........................................g..x...hh..........H...........................xX..T....................Z..(....X..0............P...............................text....>.......@.................. ..`.rdata...3...P...4...D..............@..@.data................x..............@....pdata...............z..............@..@.qtmetadj...........................@..P.rsrc...H...........................@..@.reloc..............................@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qgif.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):39408
                  Entropy (8bit):6.0316011626259405
                  Encrypted:false
                  SSDEEP:768:ygk2hM0GskFtvPCjEIxh8eDzFyPddeeGvnhotdDGPUf2he:yN2a05kfPOEMaeDzFkddeFnhotOUfh
                  MD5:52FD90E34FE8DED8E197B532BD622EF7
                  SHA1:834E280E00BAE48A9E509A7DC909BEA3169BDCE2
                  SHA-256:36174DD4C5F37C5F065C7A26E0AC65C4C3A41FDC0416882AF856A23A5D03BB9D
                  SHA-512:EF3FB3770808B3690C11A18316B0C1C56C80198C1B1910E8AA198DF8281BA4E13DC9A6179BB93A379AD849304F6BB934F23E6BBD3D258B274CC31856DE0FC12B
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3..3..3..KA.3..o\..3..X..3..o\..3..o\..3..o\..3.."C..3..3...3.."C..3.."C..3.."C-.3.."C..3..Rich.3..........PE..d...H._.........." .....@...B.......E...............................................^....`..........................................f..t....f..........@............~..............HW..T....................X..(....W..0............P...............................text...k?.......@.................. ..`.rdata..&)...P...*...D..............@..@.data...(............n..............@....pdata...............p..............@..@.qtmetads............v..............@..P.rsrc...@............x..............@..@.reloc...............|..............@..B........................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qicns.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):45040
                  Entropy (8bit):6.016125225197622
                  Encrypted:false
                  SSDEEP:768:vEip0IlhxTDxut3dnm8IyAmQQ3ydJouEAkNypTAO0tfC3apmsdDG9Uf2hU:vxvXxgVIyA23ydJlEATpTAO0tfCKpms/
                  MD5:AD84AF4D585643FF94BFA6DE672B3284
                  SHA1:5D2DF51028FBEB7F6B52C02ADD702BC3FA781E08
                  SHA-256:F4A229A082D16F80016F366156A2B951550F1E9DF6D4177323BBEDD92A429909
                  SHA-512:B68D83A4A1928EB3390DEB9340CB27B8A3EB221C2E0BE86211EF318B4DD34B37531CA347C73CCE79A640C5B06FBD325E10F8C37E0CEE2581F22ABFBFF5CC0D55
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................a....Q........Q......Q......Q......................................Rich...........PE..d......_.........." .....B...N.......G...............................................&....`.............................................t...$...........@...........................xp..T....................r..(....p..0............`...............................text....@.......B.................. ..`.rdata...9...`...:...F..............@..@.data...............................@....pdata..............................@..@.qtmetadx...........................@..P.rsrc...@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qico.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):38384
                  Entropy (8bit):5.957072398645384
                  Encrypted:false
                  SSDEEP:768:zBXBEfQiAzC9Oh5AS7a3Z5OGrTDeV9mp7nnsWdDGgYUf2hi/:8JAzuOhy3zOGrTDeV9mp7nnsWjYUfz
                  MD5:A9ABD4329CA364D4F430EDDCB471BE59
                  SHA1:C00A629419509929507A05AEBB706562C837E337
                  SHA-256:1982A635DB9652304131C9C6FF9A693E70241600D2EF22B354962AA37997DE0B
                  SHA-512:004EA8AE07C1A18B0B461A069409E4061D90401C8555DD23DBF164A08E96732F7126305134BFAF8B65B0406315F218E05B5F0F00BEDB840FB993D648CE996756
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........u.G...G...G...N...C......E...S...E......R......O......D.......B...G...........D.......F.......F.......F...RichG...................PE..d...H._.........." .....4...H.......9....................................................`..........................................h..t...th..........@............z..............(X..T....................Y..(....X..0............P..8............................text....2.......4.................. ..`.rdata..B/...P...0...8..............@..@.data...h............h..............@....pdata...............l..............@..@.qtmetad.............r..............@..P.rsrc...@............t..............@..@.reloc...............x..............@..B................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qjpeg.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):421360
                  Entropy (8bit):5.7491063936821405
                  Encrypted:false
                  SSDEEP:6144:USgOWz1eW38u9tyh6fpGUasBKTrsXWwMmH1l3JM5hn0uEfB4:USPQTnastBRB4
                  MD5:16ABCCEB70BA20E73858E8F1912C05CD
                  SHA1:4B3A32B166AB5BBBEE229790FDAE9CBC84F936BA
                  SHA-256:FB4E980CB5FAFA8A4CD4239329AED93F7C32ED939C94B61FB2DF657F3C6AD158
                  SHA-512:3E5C83967BF31C9B7F1720059DD51AA4338E518B076B0461541C781B076135E9CB9CBCEB13A8EC9217104517FBCC356BDD3FFACA7956D1C939E43988151F6273
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Iv"...L...L...L..o....L..xM...L..|M...L.......L..xI...L..xH...L..xO...L..gM...L...M...L..gH.?.L..gI...L..gL...L..g....L..gN...L.Rich..L.........PE..d...o._.........." .....b...........i...............................................g....`.............................................t...............@....`.......R..............h...T.......................(.......0...............@............................text....`.......b.................. ..`.rdata..J............f..............@..@.data...8....P.......(..............@....pdata.......`... ...*..............@..@.qtmetad.............J..............@..P.rsrc...@............L..............@..@.reloc...............P..............@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qsvg.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):32240
                  Entropy (8bit):5.978149408776758
                  Encrypted:false
                  SSDEEP:768:uOVKDlJJVlTuLiMtsKVG7TSdDG9Uf2h4e:hVgJVlTuL/tsKVG7TSQUfre
                  MD5:C0DE135782FA0235A0EA8E97898EAF2A
                  SHA1:FCF5FD99239BF4E0B17B128B0EBEC144C7A17DE2
                  SHA-256:B3498F0A10AC4CB42CF7213DB4944A34594FF36C78C50A0F249C9085D1B1FF39
                  SHA-512:7BD5F90CCAB3CF50C55EAF14F7EF21E05D3C893FA7AC9846C6CA98D6E6D177263AC5EB8A85A34501BCFCA0DA7F0B6C39769726F4090FCA2231EE64869B81CF0B
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x>...P...P...P..a...P.&vQ...P..rQ...P.&vU...P.&vT...P.&vS...P.kiQ...P...Q.n.P.kiU...P.kiP...P.ki....P.kiR...P.Rich..P.........PE..d......_.........." .....$...B......D)....................................................`.........................................PU..t....U..........@............b...............G..T....................I..(...PH..0............@..(............................text....".......$.................. ..`.rdata...+...@...,...(..............@..@.data...8....p.......T..............@....pdata...............V..............@..@.qtmetad.............Z..............@..P.rsrc...@............\..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qtga.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):31728
                  Entropy (8bit):5.865766652452823
                  Encrypted:false
                  SSDEEP:768:1lGALluUEAQATWQ79Z2Y8Ar+dDG2vUf2hF:TZl/EH8WQ794Y8Ar+hvUfm
                  MD5:A913276FA25D2E6FD999940454C23093
                  SHA1:785B7BC7110218EC0E659C0E5ACE9520AA451615
                  SHA-256:5B641DEC81AEC1CF7AC0CCE9FC067BB642FBD32DA138A36E3BDAC3BB5B36C37A
                  SHA-512:CEBE48E6E6C5CDF8FC339560751813B8DE11D2471A3DAB7D648DF5B313D85735889D4E704E8EEC0AD1084AB43BE0EBDFBACD038AEAC46D7A951EFB3A7CE838EB
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F ._'N._'N._'N.V_.Y'N..HO.]'N.KLO.]'N..HK.M'N..HJ.W'N..HM.\'N..WO.Z'N._'O.4'N..WK.\'N..WN.^'N..W..^'N..WL.^'N.Rich_'N.........................PE..d......_.........." ....."...@.......'..............................................7.....`..........................................W..t...dX..........@.......`....`..............(I..T....................J..(....I..0............@..h............................text...[!.......".................. ..`.rdata...)...@...*...&..............@..@.data........p.......P..............@....pdata..`............T..............@..@.qtmetadu............X..............@..P.rsrc...@............Z..............@..@.reloc...............^..............@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qtiff.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):390128
                  Entropy (8bit):5.724665470266677
                  Encrypted:false
                  SSDEEP:6144:V0jqHiFBaRe0GPAKwP15e7xrEEEEEEN024Rx/3tkYiHUASQbs/l7OanYoOgyV:0qqwP15bx/q7/yyV
                  MD5:9C0ACF12D3D25384868DCD81C787F382
                  SHA1:C6E877ABA3FB3D2F21D86BE300E753E23BB0B74E
                  SHA-256:825174429CED6B3DAB18115DBC6C9DA07BF5248C86EC1BD5C0DCAECA93B4C22D
                  SHA-512:45594FA3C5D7C4F26325927BB8D51B0B88E162E3F5E7B7F39A5D72437606383E9FDC8F83A77F814E45AFF254914514AE52C1D840A6C7B98767F362ED3F4FC5BD
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................E....q............q......q......q......<.............<......<......<......<.)....<......Rich....................PE..d......_.........." .....(..........D-.......................................0............`.............................................t...4...........@........%........... ..(....d..T................... f..(....d..0............@..0............................text....&.......(.................. ..`.rdata...v...@...x...,..............@..@.data...(...........................@....pdata...%.......&..................@..@.qtmetad............................@..P.rsrc...@...........................@..@.reloc..(.... ......................@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qwbmp.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):30192
                  Entropy (8bit):5.938644231596902
                  Encrypted:false
                  SSDEEP:768:EfEM3S46JE2X/xBZ76pC5J6GdDGZUf2h4:63S3JE2PHZ76pC5J6GEUfn
                  MD5:68919381E3C64E956D05863339F5C68C
                  SHA1:CE0A2AD1F1A46B61CB298CEC5AA0B25FF2C12992
                  SHA-256:0F05969FB926A62A338782B32446EA3E28E4BFBFFC0DBD25ED303FAB3404ABAC
                  SHA-512:6222A3818157F6BCD793291A6C0380EF8C6B93ECEA2E0C9A767D9D9163461B541AFAF8C6B21C5A020F01C95C6EE9B2B74B358BA18DA120F520E87E24B20836AA
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]...<.I.<.I.<.I.D%I.<.I.S.H.<.I.W.H.<.I.S.H.<.I.S.H.<.I.S.H.<.IYL.H.<.I.<.I.<.IYL.H.<.IYL.H.<.IYLII.<.IYL.H.<.IRich.<.I........PE..d......_.........." ..... ...8.......'....................................................`......................................... D..t....D..........@....p..T....Z...............6..T...................p8..(...@7..0............0..p............................text............ .................. ..`.rdata..d&...0...(...$..............@..@.data........`.......L..............@....pdata..T....p.......N..............@..@.qtmetad~............R..............@..P.rsrc...@............T..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\imageformats\qwebp.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):510448
                  Entropy (8bit):6.605517748735854
                  Encrypted:false
                  SSDEEP:12288:bPTjgdqdsvh+LrLrLrL5/y4DVHAsqx3hXS+oPZQqRaYG:jT5sMLrLrLrL5q4dAsaOFo
                  MD5:308E4565C3C5646F9ABD77885B07358E
                  SHA1:71CB8047A9EF0CDB3EE27428726CACD063BB95B7
                  SHA-256:6E37ACD0D357871F92B7FDE7206C904C734CAA02F94544DF646957DF8C4987AF
                  SHA-512:FFAEECFAE097D5E9D1186522BD8D29C95CE48B87583624EB6D0D52BD19E36DB2860A557E19F0A05847458605A9A540C2A9899D53D36A6B7FD5BF0AD86AF88124
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................a....s........s......s......s....>.........>......>.....>....>......>....Rich...................PE..d......_.........." .....B..........tH.......................................0......`q....`..........................................W..t....W..........@.......0H........... ......h...T.......................(.......0............`...............................text...[@.......B.................. ..`.rdata..J....`.......F..............@..@.data....'...........X..............@....pdata..0H.......J...\..............@..@.qtmetadv...........................@..P.rsrc...@...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\mediaservice\dsengine.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):301040
                  Entropy (8bit):6.15513142093455
                  Encrypted:false
                  SSDEEP:6144:+t6LjqQ5qwlL5536MDPlk1B9/f9EQlK13EsOyo+FRrzu:+sLWQwwT53dJA+FRrzu
                  MD5:9EC42E2D5C802162CFF74A037917AE94
                  SHA1:73E7A721AE946A1AE7443E047589620C71FF99AB
                  SHA-256:3539AA922FCC946C8AF2BDBABF10B0260B9CC14AD62EA331D29766B170D1D3D4
                  SHA-512:407BB599B654FCD8BF4FD0E724CC4FED6318A655838B7B8A027938CADDEF9604D4CCEE665DDE799C0C74B21D910462D38EF7E8E82237B420221B32DBC02B7128
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......0^B.t?,.t?,.t?,.}G..~?,.P).g?,.P(.|?,.P/.w?,.P-.p?,..O-.~?,.`T(.r?,.`T).u?,.`T-.c?,.t?-..=,..O).6?,..O,.u?,..O..u?,..O..u?,.Richt?,.........................PE..d...l.._.........." ................l................................................1....`.............................................x...(...........H....`..D1...|..................T..................../..(...p...0............................................text............................... ..`.rdata...o.......p..................@..@.data... 2... ...*..................@....pdata..D1...`...2...:..............@..@.qtmetad.............l..............@..P.rsrc...H............n..............@..@.reloc...............r..............@..B........................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\mediaservice\qtmedia_audioengine.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):68080
                  Entropy (8bit):5.915530709928927
                  Encrypted:false
                  SSDEEP:1536:CX+k4JfQEzxmtbtXd8UxpzFV03X8GhCMIZm4XUfo:CyJBxm3XKUHzGhCMIZf/
                  MD5:71A4564FA2B8755E43FB6D5D6AFE9763
                  SHA1:4A58F92BD8153860B0D89B7AC068CF7E5AA1040A
                  SHA-256:1E8DC7E376664B17A5356E53CFB5BB7CFF148E05A5B96923EF59E2C29ADA28FD
                  SHA-512:4D15E0D04D184A7B59E0DF97BB96EFE14AA76E57148727166351A1C010B141CE22ACC92F17F8C45791E0CD8374FB45ED3F95311524A7F11E2F336D934452425F
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........GA.&/..&/..&/..^...&/.QI...&/..M...&/.QI*..&/.QI+..&/.QI,..&/..V...&/..&...'/..V*..&/..V/..&/..V..&/..V-..&/.Rich.&/.........................PE..d......_.........." .....b..........th.......................................@............`.......................................................... ..X....................0..$.......T.......................(...p...0............................................text....a.......b.................. ..`.rdata..Fh.......j...f..............@..@.data...x...........................@....pdata..............................@..@.qtmetad............................@..P.rsrc...X.... ......................@..@.reloc..$....0......................@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\mediaservice\wmfengine.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):208368
                  Entropy (8bit):6.0609445635731305
                  Encrypted:false
                  SSDEEP:3072:W4vMUHhXLy+Duac3hiMGY3XQtjNjFiUipnrNg9KoHosdi:2eySuaQxejN4UipnrNg9XHoei
                  MD5:BB6F3C46B003B34FD189C58B2C39962B
                  SHA1:3CFFF78FBA6497BC1FD2C2AD4BE494E97254E898
                  SHA-256:7E76A6B05EA7919A17C90591AA406E4F4835BB6478B5E43FC683C18F251EA96F
                  SHA-512:DCE7BB4DD739251168F697C58B9F96DD883ADABC1D9A89B601C0D58C12D587F61F1D0A4215F66D3E6E6108778E4082F230043FB2D417CD4908754E58A0E1140A
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......h.fQ,...,...,...%...*......(......$....../......9...8...-.......&...8...-...8...-...8...+...8...;...,...................-.......-.......-...Rich,...........PE..d...X.._.........." .........d...............................................`............`.........................................0p..x....p.......@..H........ ...........P..x...X...T.......................(.......0............................................text...;........................... ..`.rdata..............................@..@.data....%....... ..................@....pdata... ......."..................@..@.qtmetad.....0......................@..P.rsrc...H....@......................@..@.reloc..x....P......................@..B........................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qminimal.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):844784
                  Entropy (8bit):6.625808732261156
                  Encrypted:false
                  SSDEEP:12288:y6MhioHKQ1ra8HT+bkMY8zKI4kwU7dFOTTYfEWmTxbwTlWc:BMhioHKQp+bkjAjwGdFSZtbwBd
                  MD5:2F6D88F8EC3047DEAF174002228219AB
                  SHA1:EB7242BB0FE74EA78A17D39C76310A7CDD1603A8
                  SHA-256:05D1E7364DD2A672DF3CA44DD6FD85BED3D3DC239DCFE29BFB464F10B4DAA628
                  SHA-512:0A895BA11C81AF14B5BD1A04A450D6DCCA531063307C9EF076E9C47BD15F4438837C5D425CAEE2150F3259691F971D6EE61154748D06D29E4E77DA3110053B54
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#\..B2..B2..B2..:...B2..-3..B2.F....B2..-7..B2..-6..B2..-1..B2..)6..B2.^23..B2..)3..B2..B3.@2.^26..B2.^27..B2.^22..B2.^2...B2.^20..B2.Rich.B2.........PE..d...N._.........." ......................................................... ............`......................................... ...x.......@.......H....`..H.......................T.......................(.......0...............(............................text...;........................... ..`.rdata...C.......D..................@..@.data...H....@......."..............@....pdata..H....`.......0..............@..@.qtmetad............................@..P.rsrc...H...........................@..@.reloc..............................@..B................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qoffscreen.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):754672
                  Entropy (8bit):6.6323155845799695
                  Encrypted:false
                  SSDEEP:12288:/HpBmyVIRZ3Tck83vEgex5aebusGMIlhLfEWmpCJkl:/HpB63TckUcLaHMITAZmW
                  MD5:6407499918557594916C6AB1FFEF1E99
                  SHA1:5A57C6B3FFD51FC5688D5A28436AD2C2E70D3976
                  SHA-256:54097626FAAE718A4BC8E436C85B4DED8F8FB7051B2B9563A29AEE4ED5C32B7B
                  SHA-512:8E8ABB563A508E7E75241B9720A0E7AE9C1A59DD23788C74E4ED32A028721F56546792D6CCA326F3D6AA0A62FDEDC63BF41B8B74187215CD3B26439F40233F4D
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m..T..KT..KT..K]t7K@..K.c.JV..K@g.JV..K.cKU..K.c.JA..K.c.J\..K.c.JP..K.|.JQ..KT..K...K.|.Js..K.|.JS..K.|.JU..K.|[KU..K.|.JU..KRichT..K........PE..d...R._.........." ................L.....................................................`.............................................x...8...........H....... s...h..........p.......T................... ...(.......0...............@............................text............................... ..`.rdata..............................@..@.data...............................@....pdata.. s.......t..................@..@.qtmetad.............T..............@..P.rsrc...H............V..............@..@.reloc..p............Z..............@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qwebgl.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):482288
                  Entropy (8bit):6.152380961313931
                  Encrypted:false
                  SSDEEP:6144:WO/vyK+DtyaHlIMDhg5WEOvAwKB2VaaHeqRw/yVfYu4UnCA6DEjeYchcD+1Zy2:bKtHOWg5OvAwK0NYu4AShcD+1U2
                  MD5:1EDCB08C16D30516483A4CBB7D81E062
                  SHA1:4760915F1B90194760100304B8469A3B2E97E2BC
                  SHA-256:9C3B2FA2383EEED92BB5810BDCF893AE30FA654A30B453AB2E49A95E1CCF1631
                  SHA-512:0A923495210B2DC6EB1ACEDAF76D57B07D72D56108FD718BD0368D2C2E78AE7AC848B90D90C8393320A3D800A38E87796965AFD84DA8C1DF6C6B244D533F0F39
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........gM..#...#...#..~....#.ei&...#.ei'...#.ei ...#..m'...#.ei"...#.(v"...#..m"...#..."...#.(v&...#.(v#...#.(v...#.(v!...#.Rich..#.................PE..d......_.........." .....R...........;....................................................`..........................................m..t...Dn..T.......@....@...=...@..............0...T.......................(.......0............p..(............................text...{Q.......R.................. ..`.rdata..:....p.......V..............@..@.data...H....0......................@....pdata...=...@...>..................@..@.qtmetadz............2..............@..P.rsrc...@............4..............@..@.reloc...............8..............@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platforms\qwindows.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):1477104
                  Entropy (8bit):6.575113537540671
                  Encrypted:false
                  SSDEEP:24576:4mCSPJrAbXEEuV9Hw2SoYFo3HdxjEgqJkLdLu5qpmZuhg/A2b:nPlIEEuV9Hw2SFFWHdWZsdmqja/A2b
                  MD5:4931FCD0E86C4D4F83128DC74E01EAAD
                  SHA1:AC1D0242D36896D4DDA53B95812F11692E87D8DF
                  SHA-256:3333BA244C97264E3BD19DB5953EFA80A6E47AACED9D337AC3287EC718162B85
                  SHA-512:0396BCCDA43856950AFE4E7B16E0F95D4D48B87473DC90CF029E6DDFD0777E1192C307CFE424EAE6FB61C1B479F0BA1EF1E4269A69C843311A37252CF817D84D
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......i...-...-...-...$.%.9.....q.,......8......%......)......+...9......9..,......)..........9..8...-..........d......,.....I.,......,...Rich-...........PE..d....._.........." .....,...h......4+..............................................n.....`.............................................x...(...........H............n..........X....r..T...................Pt..(... s..0............@...5...........................text..._+.......,.................. ..`.rdata.......@.......0..............@..@.data....m...@...D...(..............@....pdata...............l..............@..@.qtmetad.............J..............@..P.rsrc...H............L..............@..@.reloc..X............P..............@..B........................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\platformthemes\qxdgdesktopportal.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):68592
                  Entropy (8bit):6.125954940500008
                  Encrypted:false
                  SSDEEP:1536:Nt4B1RLj3S6TtH2sweUH+Hz6/4+D6VFsfvUfO:AB1RHFdoeUs6/4O6VFSZ
                  MD5:F66F6E9EDA956F72E3BB113407035E61
                  SHA1:97328524DA8E82F5F92878F1C0421B38ECEC1E6C
                  SHA-256:E23FBC1BEC6CEEDFA9FD305606A460D9CAC5D43A66D19C0DE36E27632FDDD952
                  SHA-512:7FF76E83C8D82016AB6BD349F10405F30DEEBE97E8347C6762EB71A40009F9A2978A0D8D0C054CF7A3D2D377563F6A21B97DDEFD50A9AC932D43CC124D7C4918
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o...o...o...f...k......m...{..m......~......h......m......h...o..........k......n.....~.n......n...Richo...........................PE..d...V._.........." .....z...t......T........................................@.......b....`......................................... ................ ..X....................0..4.......T.......................(...p...0...............x............................text....y.......z.................. ..`.rdata...Z.......\...~..............@..@.data...............................@....pdata..............................@..@.qtmetad............................@..P.rsrc...X.... ......................@..@.reloc..4....0......................@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\printsupport\windowsprintersupport.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):55280
                  Entropy (8bit):6.083938612859037
                  Encrypted:false
                  SSDEEP:768:PY5ff1eZ5yUgg+mpYPyU6bZAnhdbfLLAARljIFuzdDG9Uf2hFc:PY5X1ez9DYaUQZAnhJz8ARljmuzAUf1
                  MD5:07D7D4B65F5EB33051320DF66BD943A9
                  SHA1:9A89ECF02137394BDDDE6F3D4E455AFE1BC1FA53
                  SHA-256:C7A1BBF4EA6A74888E71F7199373C9920017199B41F624267EAD151EB8CF99B6
                  SHA-512:E58DC1BC6243907EB7BBECFF1CF697C1384C9F3FCBFA8B28EB4920E71B701901A4F20F889E19CDEFB953A194D7E1D1F9EAA197E1B740075BB06AE05D3ACE15AF
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................P....x......x......x......x......5..................5......5......5.<....5......Rich............................PE..d...K._.........." .....Z...`.......`.............................................../....`.........................................0...................`.......4...................h~..T.......................(....~..0............p..`............................text...1Y.......Z.................. ..`.rdata...F...p...H...^..............@..@.data...............................@....pdata..4...........................@..@.qtmetad............................@..P.rsrc...`...........................@..@.reloc..............................@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\qt-plugins\styles\qwindowsvistastyle.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):144368
                  Entropy (8bit):6.294675868932723
                  Encrypted:false
                  SSDEEP:3072:rrjwZ43rCOtrBk7wcR0l7wBlaL6BtIEt51T0Nhkqg8FoQY:7hZu9R0l7wFBtIEt51T0Nuqg8JY
                  MD5:53A85F51054B7D58D8AD7C36975ACB96
                  SHA1:893A757CA01472A96FB913D436AA9F8CFB2A297F
                  SHA-256:D9B21182952682FE7BA63AF1DF24E23ACE592C35B3F31ECEEF9F0EABEB5881B9
                  SHA-512:35957964213B41F1F21B860B03458404FBF11DAF03D102FBEA8C2B2F249050CEFBB348EDC3F22D8ECC3CB8ABFDC44215C2DC9DA029B4F93A7F40197BD0C16960
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R._...1]..1]..1]..]..1]..0\..1]..5\..1]..2\..1]..4\..1]..0\..1]..0\..1]..0]..1]..4\..1]..1\..1]...]..1]..3\..1]Rich..1]........................PE..d...`._.........." .....\...........`.......................................`......wJ....`................................................. ........@..X.... ...............P.........T...................`...(...0...0............p...............................text....Z.......\.................. ..`.rdata......p.......`..............@..@.data...............................@....pdata....... ......................@..@.qtmetadm....0......................@..P.rsrc...X....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\PyQt5\sip.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):121344
                  Entropy (8bit):6.013239668983001
                  Encrypted:false
                  SSDEEP:3072:ffo4ygrnRYa5v7Wbj8F4HwSvQxoodR89X1f:44yQOa5jWnW4wSoPR2f
                  MD5:3C3ECB577008D8C505C48D1136139886
                  SHA1:15A08DAA51035EB4C7E2931A22FA2475118F95D6
                  SHA-256:4E42894C6335229782AE2FD1C5FE59F571FA4C7CD2C0EE7543C7A320333E46F2
                  SHA-512:EF220EBCF27E6F607AD4F22A6BAEC1FE88345D3B3274826F76C5A5715A26F6A96032E69E30A0464BF91B9409B3588769F8CD907D34EF5179AC25409A82BA60F8
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................................../.........y.....y.....y.`...y.....Rich..........................PE..d....+8d.........." .....N...........R....................................... ............`.........................................0...T...........................................P...............................p...8............`...............................text....M.......N.................. ..`.rdata...R...`...T...R..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_asyncio.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):73744
                  Entropy (8bit):5.899692891859365
                  Encrypted:false
                  SSDEEP:1536:P/NHFMdDgugn5BHr/1Rq6mMxnBGpI8snaqy27:X/485x1Rq6mgncpI8snaw7
                  MD5:3A9762EE38BFAC66D381270C80D8B787
                  SHA1:44036D492A5BB4A8EDFC5DDF3EE84772C74A77ED
                  SHA-256:9531365763F8BBFF9FA7E18EABEFE866F99EA4B8E127B265A8952E16217C61E1
                  SHA-512:4AFE20524D3043FC526C585C2E5589F4505FDBF4B2011577A595AA836423484BAB18A9F5F4DB82D204A3506DBC55923CFBEF1B0F4DAD54FE2DC2A771CD1F632E
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u...1l..1l..1l..8.B.3l...2..3l...2..3l...2..;l...2..;l..2..2l..j...3l..1l..Hl..2..0l..2..0l..2..0l..2..0l..Rich1l..................PE..d...r.:_.........." .....r...........Y.......................................P............`......................................... ...P...p...d....0.......................@..`...`...T............................................................................text...gp.......r.................. ..`.rdata..t:.......<...v..............@..@.data....7.......2..................@....pdata..............................@..@.gfids....... ......................@..@.rsrc........0......................@..@.reloc..`....@......................@..B................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_bz2.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):94736
                  Entropy (8bit):6.337586298062742
                  Encrypted:false
                  SSDEEP:1536:DGb6DBCvurMRnQhVx8/Nlv+SSm9YmFN87Xgq4ToV+dypRI84VAyE:abfXyg7pp9TC7Xgq4ToV+kRI84VY
                  MD5:CF77513525FC652BAD6C7F85E192E94B
                  SHA1:23EC3BB9CDC356500EC192CAC16906864D5E9A81
                  SHA-256:8BCE02E8D44003C5301608B1722F7E26AADA2A03D731FA92A48C124DB40E2E41
                  SHA-512:DBC1BA8794CE2D027145C78B7E1FC842FFBABB090ABF9C29044657BDECD44396014B4F7C2B896DE18AAD6CFA113A4841A9CA567E501A6247832B205FE39584A9
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e.l..k?..k?..k?.|.?..k?.Zj>..k?B..?..k?.Zh>..k?.Zn>..k?.Zo>..k?vZj>..k?.lj>..k?..j?..k?vZc>..k?vZk>..k?vZ.?..k?vZi>..k?Rich..k?........PE..d...z.:_.........." .........j......$...............................................<6....`........................................../..H...80...............`.......X..................T............................................................................text............................... ..`.rdata...;.......<..................@..@.data........@.......0..............@....pdata.......`.......>..............@..@.gfids.......p.......H..............@..@.rsrc................J..............@..@.reloc...............V..............@..B................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_cffi_backend.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):181760
                  Entropy (8bit):6.199103831906969
                  Encrypted:false
                  SSDEEP:3072:fuDhqvb8EFiB2SAxCapLigdLnqH1nWShafSmnS791/9d9CdhjkhneKGg:fuDcz8EFfSAxzigdWnW1fSWWmhjkhneU
                  MD5:DACCB97B9214BB1366ED40AD583679A2
                  SHA1:89554E638B62BE5F388C9BDD35D9DAF53A240E0C
                  SHA-256:B714423D9CAD42E67937531F2634001A870F8BE2BF413EACFC9F73EF391A7915
                  SHA-512:99FD5C80372D878F722E4BCB1B8C8C737600961D3A9DFFC3E8277E024AAAC8648C64825820E20DA1AB9AD9180501218C6D796AF1905D8845D41C6DBB4C6EBAB0
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........C..CC..CC..CJ.OCO..C...BA..C%.!CG..C...BH..C...BK..C...BG..C...BG..C..B@..CC..C...C...BG..CJ.ICB..C...BB..C..#CB..C...BB..CRichC..C................PE..d.....b.........." .........>......p........................................@............`.........................................PQ..h....Q....... ..........`............0.......7...............................7..8............................................text............................... ..`.rdata..............................@..@.data...H....p...T...T..............@....pdata..`...........................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_ctypes.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):132624
                  Entropy (8bit):5.962671714439977
                  Encrypted:false
                  SSDEEP:1536:bRyGuR/8oD9tR2yHBIjxBaVGTODsAR04D0RfUGpd0/b8aMgiadI8VPEye:bcDd8oM+kBVQ/8f5pdObL7dI8VPG
                  MD5:5E869EEBB6169CE66225EB6725D5BE4A
                  SHA1:747887DA0D7AB152E1D54608C430E78192D5A788
                  SHA-256:430F1886CAF059F05CDE6EB2E8D96FEB25982749A151231E471E4B8D7F54F173
                  SHA-512:FEB6888BB61E271B1670317435EE8653DEDD559263788FBF9A7766BC952DEFD7A43E7C3D9F539673C262ABEDD97B0C4DD707F0F5339B1C1570DB4E25DA804A16
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........$\.kw\.kw\.kwU..wZ.kwg.jv^.kwg.hv_.kwg.nvV.kwg.ovV.kw..jv^.kw..ov].kw..jv[.kw\.jw..kw..hv].kw..cvT.kw..kv].kw..w].kw..iv].kwRich\.kw........................PE..d...r.:_.........." .........................................................@....../G....`.......................................................... .......................0.......e..T............................f...............0...............................text............................... ..`.rdata..pq...0...r..................@..@.data....9.......4..................@....pdata..............................@..@.gfids..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_decimal.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):267280
                  Entropy (8bit):6.490803702039132
                  Encrypted:false
                  SSDEEP:6144:16wN+Xkv3Pt2R4ihr6iboTfWebtedJ/gqWya38LWuAxR:U4ExW4oTdoC3R
                  MD5:75A0542682D8F534F4A1BA48EB32218F
                  SHA1:A9B878F45B575A0502003EBCFE3D6EB9AC7DD126
                  SHA-256:5767525D2CDD2A89DE97A11784EC0769C30935302C135F087B09894F8865BE8B
                  SHA-512:4682B8E4A81F7EFFC89D580DCA10CCFCCEBE562C2745626833CD5818DE9753C3A1E064A47C7DDC4676B6E1C7071C484156FABE98E423E625BB5D2C2B843C33DE
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q#!.0Mr.0Mr.0Mr.H.r.0Mr.nLs.0Mr.nNs.0Mr.nHs.0Mr.nIs.0Mr.nLs.0Mr.XLs.0Mr.0Lr?0Mr.nNs.0Mr.n@s.0Mr.nMs.0Mr.n.r.0Mr.nOs.0MrRich.0Mr........PE..d...q.:_.........." .........R...............................................@......&5....`.........................................P8..P....8....... ..........|/...........0...... ...T............................................................................text...8........................... ..`.rdata..2...........................@..@.data...h....P...|...:..............@....pdata..|/.......0..................@..@.gfids..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_elementtree.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):207888
                  Entropy (8bit):6.299632329784148
                  Encrypted:false
                  SSDEEP:3072:eA5zdNfn+gUP4DoqYjDn0sYwtk9/h337lm2Fad8u2JyoMMMMMMF4S1jzhI8AfC:eAxL/+gUPJjD0sYw6nBmRQye1jz3
                  MD5:7D0C4AB57FDC1BD30C0E8E42CCC2AA35
                  SHA1:81BFF07B6B5DD843E2227A3E8054500CFEC65983
                  SHA-256:EE8C4A8FE8EAA918A4FEE353D46F4191BD161582098B400C33220847D84797DB
                  SHA-512:56AE9F10DE02E7C777673814128D0252B47D001D2EDC74BFF9D85D7B0B6538B6F4D3D163E301DFB31429EC1EEEFEE550A72D6E424F20E10EB63C28DB0E69FBBE
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b..B&oo.&oo.&oo./...*oo..1n.$oo..1l.$oo..1j.,oo..1k.,oo..1n.$oo.}.n.%oo.&on..oo..1g."oo..1o.'oo..1..'oo..1m.'oo.Rich&oo.........................PE..d...v.:_.........." .....0...........-.......................................P............`.............................................X...........0...........%...........@..4....}..T...........................P~...............@...............................text...s........0.................. ..`.rdata.......@.......4..............@..@.data...............................@....pdata...%.......&..................@..@.gfids....... ......................@..@.rsrc........0......................@..@.reloc..4....@......................@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_hashlib.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):38928
                  Entropy (8bit):5.959951673192366
                  Encrypted:false
                  SSDEEP:768:AyvaHXGH0o9MBl7nqHQ03dpI8sIZhWDG4yfkO:UKnyBlmHQadpI8sIZcyMO
                  MD5:B32CB9615A9BADA55E8F20DCEA2FBF48
                  SHA1:A9C6E2D44B07B31C898A6D83B7093BF90915062D
                  SHA-256:CA4F433A68C3921526F31F46D8A45709B946BBD40F04A4CFC6C245CB9EE0EAB5
                  SHA-512:5C583292DE2BA33A3FC1129DFB4E2429FF2A30EEAF9C0BCFF6CCA487921F0CA02C3002B24353832504C3EEC96A7B2C507F455B18717BCD11B239BBBBD79FADBE
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%_..a>..a>..a>..hF^.c>..Z`..c>..Z`..c>..Z`..k>..Z`..k>...`..c>..:V..c>...W..b>..a>..8>...`..`>...`..`>...`2.`>...`..`>..Richa>..................PE..d...y.:_.........." .....6...J.......4....................................................`..........................................e..P...`e..x....................~..............0[..T............................[...............P...............................text....5.......6.................. ..`.rdata..p ...P..."...:..............@..@.data...0............\..............@....pdata...............h..............@..@.gfids...............n..............@..@.rsrc................p..............@..@.reloc...............|..............@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_lzma.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):176144
                  Entropy (8bit):6.6945247495968045
                  Encrypted:false
                  SSDEEP:3072:KCvUDHEIzx6yBexOV3fNDjGTtDlQxueKd03DV8tv9XIGIPExZJV9mNoA2v1kqnfE:tvUtdBexOlNDk+xTKg8tlJKyXYOAC1Lc
                  MD5:5FBB728A3B3ABBDD830033586183A206
                  SHA1:066FDE2FA80485C4F22E0552A4D433584D672A54
                  SHA-256:F9BC6036D9E4D57D08848418367743FB608434C04434AB07DA9DABE4725F9A9B
                  SHA-512:31E7C9FE9D8680378F8E3EA4473461BA830DF2D80A3E24E5D02A106128D048430E5D5558C0B99EC51C3D1892C76E4BAA14D63D1EC1FC6B1728858AA2A255B2FB
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........).o.z.o.z.o.z..7z.o.z.1.{.o.z.1.{.o.z.1.{.o.z.1.{.o.zi1.{.o.z...{.o.z.o.z.o.zi1.{.o.zi1.{.o.zi1[z.o.zi1.{.o.zRich.o.z........................PE..d.....:_.........." ................H.....................................................`.........................................PW..L....W..x...............t...............@....3..T............................4...............................................text...#........................... ..`.rdata..............................@..@.data........p.......T..............@....pdata..t............n..............@..@.gfids..............................@..@.rsrc...............................@..@.reloc..@...........................@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_multiprocessing.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):29712
                  Entropy (8bit):5.960619050057232
                  Encrypted:false
                  SSDEEP:384:iPzxbi1duybZ93GDXIV0Y5FoTewHJ4nhB/5I8kBLheX1nYPLxDG4y8SNu7:imeIxo6wuH/5I8kthelWDG4ya7
                  MD5:3CF091905D3CC49070B0C39848F0D48B
                  SHA1:888716F84768545A3B21B36CA0BE2D52D22F9F8A
                  SHA-256:7A0A1D04A326E21636A08F5F9772625F8B07BA1CE3FB2C78052BEC3CF795704A
                  SHA-512:A9BDD51EBE1DE8CA36EF89B1A6BA9AA213A414C9F6C23819DF3A8F702ACDC6B53F0B096A813B3E93BC4E380791B404276CF2D89A0DE26AAC9A412BCFE49FF4F5
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................%............................}...............}.....}.....}.I....}.....Rich...................PE..d...t.:_.........." ....."...:....... ...................................................`..........................................O..`...`O..x....... ....p..`....Z..............`G..T............................G...............@...............................text.... .......".................. ..`.rdata..J....@.......&..............@..@.data...`....`.......@..............@....pdata..`....p.......F..............@..@.gfids...............J..............@..@.rsrc... ............L..............@..@.reloc...............X..............@..B................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_overlapped.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):46096
                  Entropy (8bit):5.925988445470974
                  Encrypted:false
                  SSDEEP:768:U4ljYOwns/tk8iin8alqEahsMJrrnoYIJVI8JtAWDG4yCO:TjtKPsMJrUVI8JtNyp
                  MD5:F22850F077950F7566B4C6C15A184BF3
                  SHA1:E200F6BA1378CAEED367C9A365B13232919F1DFA
                  SHA-256:EFE043D0FC7C922968F44469FD70FDBB49569D8CA8AF82AAEA796F5B687F5660
                  SHA-512:9799823371169D85D8A1DC95378C4ABD74A09C88A0A32F65F25B77D8E31A9321C9877E13B0A5F0E7E9C30976DA6ADAB0D084A8F07EC6070701146E9C29FBF00B
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................z........................5.........................5......5......5......5......Rich............................PE..d...v.:_.........." .....<...`......8/....................................................`.........................................pn..X....n.......................................W..T...........................pW...............P..p............................text..._:.......<.................. ..`.rdata...+...P...,...@..............@..@.data...H............l..............@....pdata...............~..............@..@.gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_queue.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):28176
                  Entropy (8bit):5.982244926544283
                  Encrypted:false
                  SSDEEP:384:lDZ54qTq9Qe//7vWXhTR/cEI6rgdI8qU8nYPLxDG4y8HmsuEyo:p4qwQ0WRtS6rgdI8qU8WDG4y6XuEyo
                  MD5:C0A70188685E44E73576E3CD63FC1F68
                  SHA1:36F88CA5C1DDA929B932D656368515E851AEB175
                  SHA-256:E499824D58570C3130BA8EF1AC2D503E71F916C634B2708CC22E95C223F83D0A
                  SHA-512:B9168BF1B98DA4A9DFD7B1B040E1214FD69E8DFC2019774890291703AB48075C791CC27AF5D735220BD25C47643F098820563DC537748471765AFF164B00A4AA
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......kUe./4../4../4..&L..-4...j..-4...j..-4...j..%4...j..&4..j..,4..t\..-4../4...4..j...4..j...4..j...4..j...4..Rich/4..........................PE..d...t.:_.........." .........8......8.....................................................`..........................................:..L....;..d............`.......T..........l... 4..T............................4...............0...............................text...s........................... ..`.rdata.. ....0......."..............@..@.data........P.......6..............@....pdata.......`.......@..............@..@.gfids.......p.......D..............@..@.rsrc................F..............@..@.reloc..l............R..............@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_socket.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):76816
                  Entropy (8bit):6.0942584309558985
                  Encrypted:false
                  SSDEEP:1536:vG/A9Fu5OEPenRXk5d2jw/hEdFcvY+RgOmkcH7dI8VwYyo:e/Anu5OEPenRXRjw/h0FcvYcgOmkcbdV
                  MD5:8EA18D0EEAE9044C278D2EA7A1DBAE36
                  SHA1:DE210842DA8CB1CB14318789575D65117D14E728
                  SHA-256:9822C258A9D25062E51EAFC45D62ED19722E0450A212668F6737EB3BFE3A41C2
                  SHA-512:D275CE71D422CFAACEF1220DC1F35AFBA14B38A205623E3652766DB11621B2A1D80C5D0FB0A7DF19402EBE48603E76B8F8852F6CBFF95A181D33E797476029F0
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%A..K...K...K......K..J...K..H...K..N...K..O...K.G.J...K...J...K...J.A.K.G.C...K.G.K...K.G.....K.G.I...K.Rich..K.........PE..d...~.:_.........." .....x...........v.......................................`....... ....`.........................................0...P............@....... ...............P.........T...........................@................................................text...cw.......x.................. ..`.rdata..bA.......B...|..............@..@.data....=.......8..................@....pdata....... ......................@..@.gfids.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_ssl.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):120848
                  Entropy (8bit):6.015568704435241
                  Encrypted:false
                  SSDEEP:3072:B9+/8UxGzqHYjeS0Woia4TMpi6EPQNvURI847uHV:b+UUxGiY8Wo1UVV
                  MD5:5A393BB4F3AE499541356E57A766EB6A
                  SHA1:908F68F4EA1A754FD31EDB662332CF0DF238CF9A
                  SHA-256:B6593B3AF0E993FD5043A7EAB327409F4BF8CDCD8336ACA97DBE6325AEFDB047
                  SHA-512:958584FD4EFAA5DD301CBCECBFC8927F9D2CAEC9E2826B2AF9257C5EEFB4B0B81DBBADBD3C1D867F56705C854284666F98D428DC2377CCC49F8E1F9BBBED158F
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a...............x2......^.......^.......^.......^......k^......Zi.......h..............k^......k^......k^^.....k^......Rich....................PE..d.....:_.........." .....................................................................`..........................................;..d...T<..................................h....%..T............................&..................8............................text...s........................... ..`.rdata..r...........................@..@.data....N...p...J...P..............@....pdata..............................@..@.gfids..............................@..@.rsrc...............................@..@.reloc..h...........................@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\_tkinter.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):69648
                  Entropy (8bit):6.022045168499411
                  Encrypted:false
                  SSDEEP:1536:wZSaB9UmU+YBYGnmmwe06hcvfyRiDpI8sS1yh:wZSDoe0FvfyRiDpI8sSo
                  MD5:09F66528018FFEF916899845D6632307
                  SHA1:CF9DDAD46180EF05A306DCB05FDB6F24912A69CE
                  SHA-256:34D89FE378FC10351D127FB85427449F31595ECCF9F5D17760B36709DD1449B9
                  SHA-512:ED406792D8A533DB71BD71859EDBB2C69A828937757AFEC1A83FD1EACB1E5E6EC9AFE3AA5E796FA1F518578F6D64FF19D64F64C9601760B7600A383EFE82B3DE
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9.r{}..(}..(}..(t..({..(F..)...(F..)...(F..)v..(F..)w..(..)...(&..)...(...)x..(}..(...(..)...(..)|..(..(|..(..)|..(Rich}..(........................PE..d.....:_.........." .....~...|......HP.......................................P.......P....`.........................................P...P............0..........,............@......P...T............................................................................text...S}.......~.................. ..`.rdata...C.......D..................@..@.data...h...........................@....pdata..,...........................@..@.gfids....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\concrt140.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):317208
                  Entropy (8bit):6.325295618585691
                  Encrypted:false
                  SSDEEP:6144:2VwR2xhiXuz1BxUBE0I3umFKuLHqvqNXV4rnWzgCEcl:Vs9zGEj3saz7l
                  MD5:F3C9F61B9E1B25C9DE8D817D3D1C02D7
                  SHA1:DAB244AC19C66BB5A7BAE0AEE6E3EA280C30F364
                  SHA-256:1F072A6DC98CD882C542208E7A8FE4FBE5239781588F17C005A2607FDFE62D5D
                  SHA-512:8A6CF1E91A15B5A1DB52880258F3A39F6CC3BED72E79598F7A10661DD9ED28D369499F585225EB016A2F0B7EDDADE096BA80083DB301B68DEB173FADDE3B9619
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......xFo.<'..<'..<'.....>'..5_..6'...H..;'..<'...'...H..4'...H..8'...H..h'...H..='...H..='...H..='..Rich<'..........................PE..d.....t^.........." ................`...............................................;g....`A.............................................M...................p...6.......A......l....3..8........................... 4..0............................................text...,........................... ..`.rdata..*2.......4..................@..@.data....?...0...8..................@....pdata...6...p...8...N..............@..@.rsrc...............................@..@.reloc..l...........................@..B................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\cv2\cv2.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):87928320
                  Entropy (8bit):6.741890175139891
                  Encrypted:false
                  SSDEEP:393216:ZH7PCXZQzJy4TWVv2/Eidszo7ARI5WEzq8E0vSH3nKBuT8CpX8GxWaHLiAUmYuk4:SQzJDWVv6dYReGxH3KB2XzhE2/sHs
                  MD5:8A6BD62E33C8359CDCA4F9B06C4F4E47
                  SHA1:27E229566B5759327AB08854B8EE6969770AA76B
                  SHA-256:92DAF05BC35D5AE15F6110EE45204973A83B9DF22AB5B449A5158BA33403D9AF
                  SHA-512:32AAAA9ED0DD63068C7B064A943D96A00CDE3F4D76F5D56DCC609C04A0C81C851F5587A801553AA952CBC810EAA7589CA0FA70F9E1D0D4B39A8EEC9BB382B918
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........N..t N.t N.t N.)$O.t N.)#O.t N.)%O't N.)'O.t N...N.t N4*#O.t N4*%O.t N4*$O.t N.)&O.t N..N.w N.t N.S N.)!O.t N,*$OEt N3*!O.t N.t!N.u N,*%O.p N,* O.t N,*.N.t N,*"O.t NRich.t N........PE..d...@..c.........." ................8GM.......................................`...........`..........................................-..........@.....].......<..D........... ].`.....x.T.....................x.(... .x.................(............................text............................... ..`IPPCODE............................. ..`.rdata...c[......d[.................@..@.data....`0.. ...v..................@....pdata...D....<..F...|..............@..@.tls..........Z.......8.............@...IPPDATA..N....Z..P....8.............@....gfids..l....@[.......9.............@..@_RDATA.......`[......*9.............@..@.rsrc.........].......:.............@..@.reloc..`.... ].......:.

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libcrypto-1_1.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):3399200
                  Entropy (8bit):6.094152840203032
                  Encrypted:false
                  SSDEEP:98304:R3+YyRoAK2rXHsoz5O8M1CPwDv3uFh+r:t9yWAK2zsozZM1CPwDv3uFh+r
                  MD5:CC4CBF715966CDCAD95A1E6C95592B3D
                  SHA1:D5873FEA9C084BCC753D1C93B2D0716257BEA7C3
                  SHA-256:594303E2CE6A4A02439054C84592791BF4AB0B7C12E9BBDB4B040E27251521F1
                  SHA-512:3B5AF9FBBC915D172648C2B0B513B5D2151F940CCF54C23148CD303E6660395F180981B148202BEF76F5209ACC53B8953B1CB067546F90389A6AA300C1FBE477
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............K..K..K..;K..K...J..K...J..K...J..K...J..K...J..K..Kb.Kd..J..Kd..J..Kd..J..Kd.WK..Kd..J..KRich..K........................PE..d......^.........." .....R$..........r.......................................`4......~4...`.........................................`...hg...3.@.....3.|.....1.......3. .....3..O...m,.8............................m,...............3..............................text...GQ$......R$................. ..`.rdata.......p$......V$.............@..@.data....z...P1..,...41.............@....pdata..P.....1......`1.............@..@.idata...#....3..$....3.............@..@.00cfg........3......@3.............@..@.rsrc...|.....3......B3.............@..@.reloc..fx....3..z...J3.............@..B................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libeay32.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):1988608
                  Entropy (8bit):6.7573278120063724
                  Encrypted:false
                  SSDEEP:49152:iIGHW0Tlp28IQfPxwmUie+7IdlmQIU6iShqjQPPjWW8:ijHKqfw0v+qqjQDWW8
                  MD5:5F7617F3EC354FBAE5092AB5F0BB8F2A
                  SHA1:4DF4E9D48C5DB0C1D170ABD19F3A2FC7ACA4615A
                  SHA-256:44DCA66A470DCCA1BF9E6C1F22B4FE2175C4D9E796884CDD61D8536F013416EA
                  SHA-512:2F499C164DE92338874D6E1FD4FF790AD1083D71E3069E985B9E29800CDD4AF4340C56928C1AAD38F4ED69120F6A4BA747B8562BD6F01A09E7A58302D9545480
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l...l...l....i..l.......l.......l.......l.......l.......l...l..bl...l...l..m....n..m....l..m....l..m....l..Rich.l..........PE..d...<..].........." .....p...........w....................................................`.........................................0X..........h....P..H....0...............`...B..py..T............................y.................. ............................text...so.......p.................. ..`.rdata..R............t..............@..@.data........ ......................@....pdata.......0......................@..@.rsrc...H....P......................@..@.reloc...B...`...D..................@..B................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libfreetype-6.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):586240
                  Entropy (8bit):6.4460699567644255
                  Encrypted:false
                  SSDEEP:12288:w7AvRbpuflWqWyhb/e+AUCnGqI3qoTF1OgfEWm:w7AWVhbm+AWqc5uZ
                  MD5:42AB9DD5740879C8A0913047149D3A60
                  SHA1:D117EF70D0100615B5D50FB555345545E823235B
                  SHA-256:8E263FD9257E8E83BAFDA0C943184A498C07424C4D558321FDB48C9A197E58A4
                  SHA-512:5C0656521815CB504A1E840FD0163B0EB10D6B7237DBB76C6BDBF66388111667FB1D4FE78C2BBE8D00D377CF150200142CE7E33CB5434960F69A77899322B417
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....j.....................j.............................p......d7........ .............................................. ..T....P.......p...:...........`.............................. @..(...................p".. ............................text...xh.......j..................`.P`.data...P............n..............@.P..rdata..p............p..............@.`@.pdata...:...p...<...F..............@.0@.xdata..(9.......:..................@.0@.bss..................................`..edata..............................@.0@.idata..T.... ......................@.0..CRT....X....0......................@.@..tls....h....@......................@.`..rsrc........P......................@.0..reloc.......`......................@.0B................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libjpeg-9.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):244224
                  Entropy (8bit):6.389441331010228
                  Encrypted:false
                  SSDEEP:6144:I7wNZIYb0maLgCaqrWqg7EdP8J1dJHoFaeghCbBL:I7we7gCaqrWqg7EdP8jpY
                  MD5:C540308D4A8E6289C40753FDD3E1C960
                  SHA1:1B84170212CA51970F794C967465CA7E84000D0E
                  SHA-256:3A224AF540C96574800F5E9ACF64B2CDFB9060E727919EC14FBD187A9B5BFE69
                  SHA-512:1DADC6B92DE9AF998F83FAF216D2AB6483B2DEA7CDEA3387AC846E924ADBF624F36F8093DAF5CEE6010FEA7F3556A5E2FCAC494DBC87B5A55CE564C9CD76F92B
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...........................i.............................@................ .................................................................x............0.............................. ..(...................<................................text............................... .P`.data........ ......................@.P..rdata...J...0...L..................@.`@.pdata..x............b..............@.0@.xdata...............x..............@.0@.bss....P.............................`..edata..............................@.0@.idata..............................@.0..CRT....X...........................@.@..tls....h.... ......................@.`..reloc.......0......................@.0B........................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):34369888
                  Entropy (8bit):6.3382421612060815
                  Encrypted:false
                  SSDEEP:196608:fGLtguCargPguXVwK+UMidpW9fkSWweAY/CZoEeV8Vb13w6y1WftYk5kscxQfEGP:UksJf2OF
                  MD5:1B45722EC0556E13EBA6DB83F383E692
                  SHA1:A3BE5C6E4E92CCB250FA325A7FA4CBC35E9124F3
                  SHA-256:BD94E2467FE06C5D13BACF7451E13EF18BB876A4E78493D7E9B7600835DBB0AB
                  SHA-512:66DBA1F77BE1A1EC71195A7CFCA4612C4232C69AE7248FBCDE58F1A12060BF814F1CF274F6C50D51D82BB09AAD477C1741E1B1A3D50369588CEB01B708DB89B9
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......_..........& .............z..0......... g....................................;/........ .............................................P..t................#...............H...........................Z..(...................(U...............................text...x...........................`..`.data...0..........................@.`..rdata..............................@.`@.pdata...#.......$..................@.0@.xdata..h!......."..................@.0@.bss.....z...0........................`..edata.............................@.0@.idata..t....P......................@.0..CRT....`....p......................@.@..tls................................@.@..reloc...H.......J..................@.0B/4......p...........................@.PB/19.................................@..B/31...... ......."...v..............@..B/45......M.......N..................@..B/57.....

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libpng16-16.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):210944
                  Entropy (8bit):6.4218776738200525
                  Encrypted:false
                  SSDEEP:3072:VatMOImapxER0/vnm2mjq61IJJT1fX0yuWUQstxZw2TnzFEY5IQ:VatMOImapaR03nmnYJV1cjtnwunw
                  MD5:3A26CD3F92436747D2285DCEF1FAE67F
                  SHA1:E3D1403BE06BEB32FC8DC7E8A58C31E18B586A70
                  SHA-256:E688B4A4D18F4B6CCC99C6CA4980F51218CB825610775192D9B60B2F05EFF2D5
                  SHA-512:73D651F063246723807D837811EAD30E3FACA8CB0581603F264C28FEA1B2BDB6D874A73C1288C7770E95463786D6945B065D4CA1CF553E08220AEA4E78A6F37F
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....v...4.................h.............................................. ......................................`..........H...............0...............|........................... ...(...................................................text...hu.......v..................`.P`.data................z..............@.P..rdata..`V.......X...|..............@.`@.pdata..0...........................@.0@.xdata....... ......................@.0@.bss.... ....@........................`..edata.......`......................@.0@.idata..H............&..............@.0..CRT....X............2..............@.@..tls....h............4..............@.`..reloc..|............6..............@.0B........................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\libssl-1_1.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):689184
                  Entropy (8bit):5.526574117413294
                  Encrypted:false
                  SSDEEP:12288:1SurcFFRd4l6NCNH98PikxqceDotbA/nJspatQM5eJpAJfeMw4o8s6U2lvz:1KWZH98PiRLsAtf8AmMHogU2lvz
                  MD5:BC778F33480148EFA5D62B2EC85AAA7D
                  SHA1:B1EC87CBD8BC4398C6EBB26549961C8AAB53D855
                  SHA-256:9D4CF1C03629F92662FC8D7E3F1094A7FC93CB41634994464B853DF8036AF843
                  SHA-512:80C1DD9D0179E6CC5F33EB62D05576A350AF78B5170BFDF2ECDA16F1D8C3C2D0E991A5534A113361AE62079FB165FFF2344EFD1B43031F1A7BFDA696552EE173
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E......T...T...T...T...TS.U...TZ.U...TS.U...TS.U...TS.U...T..U...T...T.T..U-..T..U...T..uT...T..U...TRich...T........PE..d......^.........." .....(...H.......%..............................................H.....`..............................................N..85..........s........K...j.. .......L.......8............................................ ..8............................text....&.......(.................. ..`.rdata...%...@...&...,..............@..@.data...!M...p...D...R..............@....pdata..TT.......V..................@..@.idata...V... ...X..................@..@.00cfg...............D..............@..@.rsrc...s............F..............@..@.reloc..5............N..............@..B................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\msvcp140.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):590112
                  Entropy (8bit):6.461874649448891
                  Encrypted:false
                  SSDEEP:12288:xI88L4Wu4+oJ+xc39ax5Ms4ETs3rxSvYcRkdQEKZm+jWodEEVh51:xD89rxZfQEKZm+jWodEEP5
                  MD5:01B946A2EDC5CC166DE018DBB754B69C
                  SHA1:DBE09B7B9AB2D1A61EF63395111D2EB9B04F0A46
                  SHA-256:88F55D86B50B0A7E55E71AD2D8F7552146BA26E927230DAF2E26AD3A971973C5
                  SHA-512:65DC3F32FAF30E62DFDECB72775DF870AF4C3A32A0BF576ED1AAAE4B16AC6897B62B19E01DC2BF46F46FBE3F475C061F79CBE987EDA583FEE1817070779860E5
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........LS..-=..-=..-=.....-=..U...-=..-<.k-=.gB<..-=.gB9..-=.gB>..-=.gB8.=-=.gB=..-=.gB..-=.gB?..-=.Rich.-=.........PE..d.....t^.........." .....@..........."...............................................z....`A.........................................j..h....D..,...............L;...... A......(...@...8...............................0............P.......f..@....................text...,>.......@.................. ..`.rdata..r....P.......D..............@..@.data....:...`..."...N..............@....pdata..L;.......<...p..............@..@.didat..h...........................@....rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\msvcp140_1.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):31728
                  Entropy (8bit):6.499754548353504
                  Encrypted:false
                  SSDEEP:384:rOY/H1SbuIqnX8ndnWc95gW3C8c+pBj0HRN7bULkcyHRN7rxTO6iuQl9xiv:yYIBqnMdxxWd4urv
                  MD5:0FE6D52EB94C848FE258DC0EC9FF4C11
                  SHA1:95CC74C64AB80785F3893D61A73B8A958D24DA29
                  SHA-256:446C48C1224C289BD3080087FE15D6759416D64F4136ADDF30086ABD5415D83F
                  SHA-512:C39A134210E314627B0F2072F4FFC9B2CE060D44D3365D11D8C1FE908B3B9403EBDD6F33E67D556BD052338D0ED3D5F16B54D628E8290FD3A155F55D36019A86
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>.{.zl..zl..zl......xl..s...~l.....}l.....xl..zl..Ql......l.....il.....{l.....{l.....{l..Richzl..................PE..d.....t^.........." .........$......p.....................................................`A........................................p>..L....?..x....p.......`..X....:...A......p...P3..8............................3..0............0..@............................text............................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata..X....`.......0..............@..@.rsrc........p.......4..............@..@.reloc..p............8..............@..B........................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\core\_multiarray_tests.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):106496
                  Entropy (8bit):6.192836538611655
                  Encrypted:false
                  SSDEEP:1536:3lSGe/2iH80GUjTyKjT0k2MqIAP2u8vP0TU3s:Vh+GUjTybkpAPp8rs
                  MD5:790FE3D0CE7EFA7ADCD93AE3607B26E8
                  SHA1:C76A4F99FBCE99A63FB853EBF73F8DB1E2DF2946
                  SHA-256:25A240D1217DF88CDF3A8E4A24A40D6B6D3ECC18FD2E33CDD0E84609B1F944E7
                  SHA-512:14B469593353590AEF3F4904363DD13D80AD785833326BAF144CA484F231F7B1DA0152ABEF6A6BA1D725AD1D7B6989A1788222B370B5D99894CDD9D5773016B3
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............|..|..|...G..|.....|.....|.*....|.....|.....|.....|.."..|..|.`|.....|.....|.....|...+..|.....|.Rich.|.................PE..d......_.........." .....6...l............................................................`..........................................p.......q..................L...............T....Y...............................Z...............P...............................text...c4.......6.................. ..`.rdata..<4...P...6...:..............@..@.data....!...........p..............@....pdata..L...........................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\core\_multiarray_umath.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):2769920
                  Entropy (8bit):6.537308891583725
                  Encrypted:false
                  SSDEEP:49152:/M/cze8S47oWNoUvqUEwdr8yzux14CtFrTyz4/V:WjAqw
                  MD5:9330A90D64EE9C286DEF485B7CEA59C6
                  SHA1:2B2B8EE50F6D51856CC3A6AF53DAEB3E4DBA52D4
                  SHA-256:4F1D6F33FF92E20B39A77BA3B7B92A5E7AD0AC75E8855DCA792F49635FAB41DA
                  SHA-512:2DF93157A4623D48C9A4B742C7912D8DDE18DE5777CC689F412DAEDE9E3C7BAB5276DDB1D8034A30CAB174AB3A25F14EC58A219F6C3BA8C58F2E5AB7839817CF
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........y..x*..x*..x*..*..x*..y+..x*..y+..x*CP.*..x*..}+..x*..|+..x*..{+..x*w.y+..x*x.y+..x*..y*..x*x.p+..x*x.x+..x*x..*..x*x.z+..x*Rich..x*........PE..d......_.........." ..........................................................,...........`..........................................".p...`."......P,.......*.H............`,.4".... ............................... ................. ............................text...#........................... ..`.rdata..F...........................@..@.data...0.....".......".............@....pdata..H.....*......d(.............@..@.rsrc........P,.......*.............@..@.reloc..4"...`,..$... *.............@..B................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\fft\_pocketfft_internal.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):112640
                  Entropy (8bit):6.177330572145835
                  Encrypted:false
                  SSDEEP:3072:LA/0iIoEsbAqVXfPkZpQd47ryh8J+s6dY+b6IDaY+Y:8/0SbAukZpQd47GK+HFF8
                  MD5:3A33F279076E9800565CA8363B06C0DA
                  SHA1:3D7EE1491BDDD80B3C4C850AB3B708D12D445F37
                  SHA-256:72FBE745FC7F4D92820024B4FDF62F520A7F6E924D2817CE1728EBB059BB2D08
                  SHA-512:51FB4434D7B934870AB1A23461444F7F97598365EA423CE143A5A3EB35045B3C8BF7D128544F5C537BFB80084441AA7DD0486637B44629CA005D0A40ADE3176D
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......RV...7...7...7...O...7..D_...7..sQ...7..D_...7..D_...7..D_...7...i...7...7.."7...^...7...^...7...^...7...^...7..Rich.7..........PE..d......_.........." .........8......d.....................................................`.........................................`...t......................T...............,...0...............................P................................................text...S........................... ..`.rdata..<........ ..................@..@.data...............................@....pdata..T...........................@..@.rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\linalg\_umath_linalg.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):153600
                  Entropy (8bit):6.419120291258942
                  Encrypted:false
                  SSDEEP:1536:CYlNH+NrvsGeowHRMfrdC8+43FxV0cVZpyd0Rse8SzNXw8Y4ngIBdWweH:CYlNSs9owHut+wFxV0K98nmgIBdhg
                  MD5:E6CAA96C3F48EFE9CE3472F26B219562
                  SHA1:20A50BE130C8E5C2A84E818CB31EA70FB94A835C
                  SHA-256:77AA8BFF598695DE66A884CF9D8949A4BA6D6E2CD9FBBF690F2C81619DB50CD4
                  SHA-512:90AF523F99DFC56CAB1816EC3E4A666CD9E1E1B14754375B923F4E0ACD8AEA6F14334463C66ABBA11FE44F67F4E0DE5E335E1DE6E12A738F96BC2D23202CF41E
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O..............V=......F.......H......,.i......F.......F.......F.......p.......G..........q....G.......G.......G.......GQ......G......Rich............PE..d......_.........." .........v...........................................................`.........................................@-..h....-...............`..................p...p...................................................(............................text............................... ..`.rdata...=.......>..................@..@.data........@.......&..............@....pdata.......`.......>..............@..@.rsrc................T..............@..@.reloc..p............V..............@..B........................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\linalg\lapack_lite.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):21504
                  Entropy (8bit):5.530414151250272
                  Encrypted:false
                  SSDEEP:384:7FhVUSXgPqAEqjxkcHPA3mrrAnvx0cMYmhw:nVU2gPXjxDnonv4Ymh
                  MD5:3051473794F5F8B157EF916D923D777E
                  SHA1:96E2F8DFEFB9F62CB3E9169DCC42E66186112F0B
                  SHA-256:ED298D41C9602CA2D7B76AE1F1F3BC04943DA737CEEFA3EFA622879790996841
                  SHA-512:EF27D84E24BD5C1E49DB8507DD0948CC8B4C96817C135E360217F5008D741E48F7EBF3A011D4422DC636B866C8387C60A071E92FCD1C49936D057E88FFE7508C
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f.j...j...j...c...h...8o..h....a..h...8o..a...8o..b...8o..h....Y..h....n..i...j...W....n..k....n..k....nx.k....n..k...Richj...........PE..d......_.........." .........(......d.....................................................`..........................................G..d...TH..x....p.......`..(...............@...PB..............................pB...............@...............................text....-.......................... ..`.rdata..P....@.......2..............@..@.data...h....P.......B..............@....pdata..(....`.......L..............@..@.rsrc........p.......P..............@..@.reloc..@............R..............@..B........................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_bounded_integers.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):238592
                  Entropy (8bit):6.483806960130266
                  Encrypted:false
                  SSDEEP:3072:T0na8Au2nW0p9zutrqKU+Xlsmbbsgm7A+4oUxph/Vjzutz3A1TQysg36yt:Ia1nx9z4+w1sibb5X/VjmjwTQc6
                  MD5:D99AF2345A02F03A1384B6E2CF5E470D
                  SHA1:0B7F2E8416269C31C90D3050FBF11628B714A172
                  SHA-256:A08B096A2FE82D807B99083F75473EFB9AEB90868F52C8C9A54DFF63ACD13DBA
                  SHA-512:C878519670AFF0D102021FCCEF476905E61294EF7E557343380D35B545A753BB4CCB2C16A613BC0A709BE3377987769107513F444C46C16E62DAD6636777E717
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A.Y. ... ... ...X%.. ...H... ...F... ...H... ...H... ...H... ...~... ... ..3 ...I... ...I... ...I... ...II.. ...I... ..Rich. ..........PE..d......_.........." .................b....................................................`..........................................c......|k..x...............................H....C...............................C...............................................text...C........................... ..`.rdata.............................@..@.data....5....... ...n..............@....pdata..............................@..@.rsrc...............................@..@.reloc..H...........................@..B........................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_common.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):178688
                  Entropy (8bit):6.1540655505257815
                  Encrypted:false
                  SSDEEP:1536:2l2nUZt60F7ZVKAFbICNLDS7r01ngRnMA1ask7VcqKsljTuOaFb8+MFZgDXpcPCM:2lOG1vK2bICvyO+1kFJaFbJXpcPC
                  MD5:C85312DF912E34A8FD4BDF336454ECC1
                  SHA1:AF8A9D8ACE9A0D776CBE183A9D10A919044687B5
                  SHA-256:FBC9FD657DF78DCE9313D8DC1834148AE73187300347FD1B82306052562BD6C3
                  SHA-512:E619EADAABCC1D5AE287CA0EE1C2F1F5C8232C779A2375CE9FB2AD7CA0A07511188F8DEA42D3A8E0F47B2D04E59DEF8D7F131A94916308E4EB894E986B016519
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R...........P.........................................X.........N...W......W......W.<....W......Rich...........PE..d......_.........." .....4..........d.....................................................`.........................................@q..\....q..d...............................H....]...............................]...............P...............................text...S3.......4.................. ..`.rdata...5...P...6...8..............@..@.data....K.......:...n..............@....pdata..............................@..@.rsrc...............................@..@.reloc..H...........................@..B................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_generator.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):646144
                  Entropy (8bit):6.316831567097614
                  Encrypted:false
                  SSDEEP:6144:ra4JYWEkB0sQbOn+aQWo+pWJ46dtjwT+SiSySxeiS+WXSMd5S5SyS/9SZSaSriSg:W4uobowWJDjw56xQrDRM0BsavJ
                  MD5:E866BDFB77120B036DCF2CAC7405C853
                  SHA1:8EE87BB0E91C9FCB7A6C1F971D115ED4DA8EE913
                  SHA-256:30B7992723BDFAC4E4E54585101F356E4A2B816C4AA1B31E8D2E5255ACC50FA2
                  SHA-512:4138935A96717F3935A571303643EB1CC529BC318EC4C15B7446E006ED6648AAFE74934412F9F45AD9FE25086F073755DB73C80F5952C131F49768D3F672905E
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*c..n.{.n.{.n.{.gz..f.{.<jz.l.{..dz.l.{.<j~.b.{.<j..f.{.<jx.l.{..\z.m.{.n.z..{..k..k.{..ks.o.{..k{.o.{..k..o.{..ky.o.{.Richn.{.................PE..d......_.........." .........x.......m.......................................@............`.............................................x............ ...........%...........0......`................................................... ............................text.............................. ..`.rdata..............................@..@.data........@......................@....pdata...%.......&..................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_mt19937.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):77824
                  Entropy (8bit):6.169423227466293
                  Encrypted:false
                  SSDEEP:1536:bSANk9+gY7gs5zcZ70V4vkWTWPgmdc0Dgs:bPkGf5IZ70V4vkWx0Dd
                  MD5:6F3ACA71EA339374899CA9047B2B8E36
                  SHA1:AEDFB30252679959CE40D3A3E8DB07A02BC827F7
                  SHA-256:D5983C2F4A26C2DC671A92B5C4F7CB46C63844C502C30390670A5019A4125B6F
                  SHA-512:918F3D37FE44EE76F5F4237EAE18C51178D0E964C51BA1230C17A08FF6050DD5A0B204E7C4480FF97D0183CB092A846C26C7945E8904C9CC6A2D08AF280035FE
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..]<...<...<...5.L.8...n...>...Y...>...n...0...n...4...n...>.......?...<...........?.......=..... .=.......=...Rich<...................PE..d......_.........." .........~......d.....................................................`.........................................@...`.......x....`.......P...............p..x....................................................................................text............................... ..`.rdata...3.......4..................@..@.data....;.......2..................@....pdata.......P......."..............@..@.rsrc........`.......,..............@..@.reloc..x....p......................@..B........................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_pcg64.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):65024
                  Entropy (8bit):5.980786853285234
                  Encrypted:false
                  SSDEEP:768:R3Q13VEAjbJYEPT+7VKsoTVmsZm0aPVfI2AxvGzetNX2L+w9kZSjYcJ/YIqXcvPp:gVEUF+7gv6194YYcJ/Yeb17dAHPtC
                  MD5:4BB9CE84AA35B45E5EE74FC13C9B42CA
                  SHA1:F41E5E41E847EFF4C17EBE9FBF202AABE52BC80E
                  SHA-256:1B31FB8C8F72A349F6E6301FA7B48D389E95D178398417CD9D013A46D4A4C8A5
                  SHA-512:12B4B6039C43575A47FD34EB9DCC6E3206AA89872EC762E88BA5E42EF6C482470EC41E58CA662931F08608F5F668009D3CFEF2C9253A53C3B128E9B2AE373822
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..P<y..<y..<y..5.G.>y..n...>y..Y...>y..n...0y..n...4y..n...>y...'..?y..<y...y......>y......=y....+.=y......=y..Rich<y..................PE..d......_.........." .........l......d........................................P............`.........................................`...\.......d....0....... ..p............@.........................................................X............................text............................... ..`.rdata...&.......(..................@..@.data...H4.......,..................@....pdata..p.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_philox.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):72192
                  Entropy (8bit):5.986508207434875
                  Encrypted:false
                  SSDEEP:1536:yIB2ic560kTG2nakT27hxiX0qWsr+1Gq:yK2ui0T0hxiX0Gr+1L
                  MD5:12BA03FD5D6C0CA6E736BF9D6F6C4685
                  SHA1:4F1B1BA887EC8B73A170D3CA5BD9D8462D8A70F7
                  SHA-256:4D6A35E405FE7039C4B88C31F556B02F84326F7828238C78C7FF1892018B89C8
                  SHA-512:489F8E33C0871CCB795D283180F6796E5CEB1E0CDAEF065EDA96839806D3EAE4461CB92E855882AEC6E0FE8CDFD9BD2781CF6B6140F846CE8256E2415C384D4C
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..P<z..<z..<z..5.G.>z..n...>z..Y...>z..n...0z..n...4z..n...>z...$..?z..<z...z......>z......=z....+.=z......=z..Rich<z..........PE..d......_.........." .........z......d........................................p............`.............................................\.......d....P.......@...............`..L...@...............................`...................p............................text............................... ..`.rdata..z(.......*..................@..@.data...h@.......8..................@....pdata.......@......................@..@.rsrc........P......................@..@.reloc..L....`......................@..B................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\_sfc64.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):53248
                  Entropy (8bit):5.860938878798157
                  Encrypted:false
                  SSDEEP:768:8cqkigR6k3uj+vBSipT24nzbO9Dgh9gqVVfIXgE2vilKUmZUBUcIrBobaHnJKcmp:Kkik3uyZx2p/nxicbWH+
                  MD5:37F2DCA9964651933E341131C5BC8276
                  SHA1:E6B12A435C836CD088F2840683C941276B7E532F
                  SHA-256:C82BF2E1E90F0B293328C14F1F0B9811CDED0484C311F6DEB72E8C8A122E6104
                  SHA-512:DE663548F0576F8A116011E099460A2580997A48394ADD17BE77904D4AE843761986A4DE0C19AF4C77E61C15B3797540B0161D6B9EDFB852BA5941511C952E1A
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y..P=x..=x..=x..4.G.?x..o...?x..X...?x..o...1x..o...5x..o...?x...&..>x..=x...x......?x......<x....+.<x......<x..Rich=x..........................PE..d......_.........." .....|...X......d........................................ ............`.........................................`...\.......d...............P...................@...............................`................................................text...3z.......|.................. ..`.rdata...#.......$..................@..@.data... '....... ..................@....pdata..P...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\bit_generator.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):151552
                  Entropy (8bit):6.100107488012804
                  Encrypted:false
                  SSDEEP:3072:fRAMv1X6aXfjCSqs+CILiNwS6Pi2+WarahcWhbZdFkSx2+WarahzZms3T:5RNqqfj+zCILiNkPi2+Warahc4FkSx2f
                  MD5:2EF183E96EF80BB399627A24C063D94D
                  SHA1:255A8B634CBCF45AABE81ACFF019F4C93E4FEE53
                  SHA-256:6C15E698421E952FF9B4CBFFCD3797E56E1BE694BB01B652D816835B9A2A46BD
                  SHA-512:841FB9CDA82DAE341B4D6FD94A69BA7D22085E22766351B70FF754C8D4D8F39BF00806D36F45D7DD43C54965F075034D9E85B4C57F8A97C6F1151ACAD93B9B06
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R...........p.........................................X.........7...W......W......W......W......Rich...........................PE..d......_.........." .....p..........d.....................................................`.........................................0...h.......d....p.......`..................$....................................................................................text...so.......p.................. ..`.rdata...K.......L...t..............@..@.data...........x..................@....pdata.......`.......8..............@..@.rsrc........p.......H..............@..@.reloc..$............J..............@..B................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\numpy\random\mtrand.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):561152
                  Entropy (8bit):6.202499551459795
                  Encrypted:false
                  SSDEEP:6144:fh36m8oc7i1j9Pr/cDo+KjJQuSxSISPw+SeWkSOKTSpSPuSx+SzS5SQS7SQSKStP:Hxr/pV6oYWLfrHV/NoPNhC1
                  MD5:5C13C535D5E3F2A1459A78AACE6D9562
                  SHA1:626257B38B53FB715AB2D8121A2F7C45485E2A6A
                  SHA-256:0D947A90CAEC87DA431786274B6C4D9F1AE47A28E63209B61551F86EB3D25C2A
                  SHA-512:AC5ECD385F7D83C23188A090EB70792669CC3A8C30C07B4B527A5CB8327EDE3E183973F69FA9A8F0B608D02674571750C2E564CBB3DF02BD616CDDE7B32A9946
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x.]<...<...<...5.t.8...n...>...Y...>...n...0...n...4...n...>.......?...<...........?.......=.......=.......=...Rich<...........PE..d......_.........." .....B...j......d.....................................................`.........................................0...........x...............................0................................... ................`...............................text...CA.......B.................. ..`.rdata..L....`.......F..............@..@.data...0...........................@....pdata...............j..............@..@.rsrc...............................@..@.reloc..0...........................@..B................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pyexpat.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):202768
                  Entropy (8bit):6.312695764898477
                  Encrypted:false
                  SSDEEP:3072:nT3d9F9j+gUPNDoqAdeEaUwExv0yOWIkPQXLBLBtpug8FGty+auDomdI8VhHF:jHF1+gUP8deIwEXLIfLB6g8FGJauDom7
                  MD5:6500AA010C8B50FFD1544F08AF03FA4F
                  SHA1:A03F9F70D4ECC565F0FAE26EF690D63E3711A20A
                  SHA-256:752CF6804AAC09480BF1E839A26285EC2668405010ED7FFD2021596E49B94DEC
                  SHA-512:F5F0521039C816408A5DD8B7394F9DB5250E6DC14C0328898F1BED5DE1E8A26338A678896F20AAFA13C56B903B787F274D3DEC467808787D00C74350863175D1
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[c.4...g...g...g.z\g...g$\.f...g$\.f...g$\.f...g$\.f...g.\.f...gDj.f...g...gq..g.\.f...g.\.f...g.\0g...g.\.f...gRich...g........PE..d...}.:_.........." .....$...........".......................................P............`.........................................P...P............0...........#...........@..........T...........................P................@...............................text....#.......$.................. ..`.rdata.......@.......(..............@..@.data...............................@....pdata...#.......$..................@..@.gfids....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\_freetype.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):78336
                  Entropy (8bit):6.204869863327296
                  Encrypted:false
                  SSDEEP:1536:VhqhAKcrR/8x06ycBTBaqyuNSrfX8C+0C26cY0X86wSV:LogrR/i06ycBAWETm26cY+xw
                  MD5:9965789309173A830BFA9A077FF74620
                  SHA1:7E0E0E57DB8F6A35451C8A07F7E01D30C0A7D4BA
                  SHA-256:AF0D34EFB97F7F919660BF3F072CD05619044D52443BB7D6A15DA46A3056E123
                  SHA-512:BED36C241DDB990777D26C7C66DBAE2C4FB5FDB073F6229FB355BD602E3FB72F25C7AE01405C768B6DD3D5FDDF8E11211A788757F3CCF40D1B02874ADC71D7DB
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................i.........................................v.......P...................l...P......P.......s.......P.......Rich............PE..d....?.a.........." .........~...... .....................................................`.............................................`............p.......P..L....................................................................................................text............................... ..`.rdata...V.......X..................@..@.data...p....0......................@....pdata..L....P......................@..@.gfids.......`.......*..............@..@.rsrc........p.......,..............@..@.reloc..............................@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\base.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):30208
                  Entropy (8bit):5.679638168280965
                  Encrypted:false
                  SSDEEP:384:mVYWfe3eY7ucEbN00V4X77JL87z0bCtmmRWXQqO5SK14dhi5a7H0EovKsOlAPdQl:mVpDifJ9sSfbdHGwlbzaI3AOAo
                  MD5:6957DFFAAECDD72D6104C2927AA58B48
                  SHA1:6ACAD377363BE0CC8F7F01115800004A59C9EDAE
                  SHA-256:649355AB92FD24B53CD93C032D82ACD8CD4DB0E34828FCEF727B7B088986096F
                  SHA-512:F2A01FADDCDC2AE617CCCCD7E6070F277165929826716E6BDB6038494943D7DD9778AA12CB5ABCE41C1F70D779557AB28B3BB49D2D45D0FC99E8A0D9FCA33121
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3^.OR0.OR0.OR0.F*..KR0.t.1.MR0..:1.MR0.t.3.MR0.t.5.DR0.t.4.ER0..;1.MR0..'1.LR0.OR1.%R0...8.NR0...0.NR0.....NR0...2.NR0.RichOR0.........................PE..d....?.a.........." .....>...:......PA....................................................`......................................... g..X...xg..................................d...p^...............................^...............P..`............................text...C=.......>.................. ..`.rdata...#...P...$...B..............@..@.data................f..............@....pdata...............j..............@..@.gfids...............p..............@..@.rsrc................r..............@..@.reloc..d............t..............@..B................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\bufferproxy.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):18432
                  Entropy (8bit):5.170811425002114
                  Encrypted:false
                  SSDEEP:384:newY0rxsa3Cl+38Y5f+0TvTf7BCcMRU8:ewjGzWrWa
                  MD5:8135AC817358F25E5CFB4339FBCB1F48
                  SHA1:C275AA3339F64C8B4FFB3910B786D1CB293FB51B
                  SHA-256:33DB4178156A6EA158CDA0EF3292B331747BFC198556151A4B0581113DEBD5F0
                  SHA-512:F125CE9E56351AC3B0BA5FD25669AFA12AE5592F6DC716899599B77E4C0F90E9F2A77D59C54C0E78D78E1D1F7B441B0479813F86DDD58FDA1727EE381D49CECC
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................\................................................"......"........0...."......Rich............................PE..d....?.a.........." .........,......p!....................................................`..........................................<..d...T=..d............`..H...............l...P7..............................p7...............0...............................text...c........................... ..`.rdata..r....0......."..............@..@.data...h....P.......8..............@....pdata..H....`.......>..............@..@.gfids.......p.......B..............@..@.rsrc................D..............@..@.reloc..l............F..............@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\color.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):35840
                  Entropy (8bit):5.73802357017814
                  Encrypted:false
                  SSDEEP:384:czCH4hXynBaXFm8ztqAOpBD0Qr7rL2rYZr4cYhIYm5CJuw+Tais8z51YcaBhtKBu:qHXupBD02/pYhj+Tais8zgRkfjItDXN
                  MD5:0B4838DB9B4E3AE820F25CC9DA70A4D2
                  SHA1:253C3D775610D361747DCDE71CAC6D03D6074965
                  SHA-256:B6C633094F99FD261F48F9CA9D4ADDB538EA159D0D8BF16089D304402F5BBA4C
                  SHA-512:16B73F564E5744938CE9775AD8C5E63B48BDB0609CB54B39A65B030FF1B373C4FF6D05AFCB268D100501969FE4FF9773C1780EDD85F4B5BB581DA4DA4E6B73FE
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V..............C............................................$...............................!./.............Rich............PE..d....?.a.........." .....L...B.......N....................................................`..........................................z..X...hz......................................Pm..............................pm...............`...............................text....J.......L.................. ..`.rdata..F%...`...&...P..............@..@.data................v..............@....pdata...............~..............@..@.gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\constants.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):49152
                  Entropy (8bit):5.274247290628612
                  Encrypted:false
                  SSDEEP:768:jIM9yfKTjm60ahCUCZ/2gPz5/+y2y4nUgb/VyEIc7taN38rw:99yfKTjm8hbK/FPzEnIc7taNm
                  MD5:A04FF6997A13DE095BA1C3CF4DD9103E
                  SHA1:F7F9CA2C202162774FE86F93B09ACD2EBF2F5601
                  SHA-256:0449FC696397091D4AB7119A4F40A118C022C6F0736A3BA79DD896A7111E7A7B
                  SHA-512:4E0AF59DC1B0D758A7A810D37854522B0B219E425A48690451320F4D60B3AD5A71817B2874B368D252EC9FA107D9D32B78342707D0F3858A9EE79B2181008828
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*.K..K..K..3..K.....K...#..K.....K.....K.....K..."..K..K..K.. ...K.. ...K....t.K.. ...K..Rich.K..................PE..d....?.a.........." .........>......p........................................ ............`.............................................`... ...d...............................0...0...............................P...................8............................text.............................. ..`.rdata.. -..........................@..@.data...............................@....pdata..............................@..@.gfids..............................@..@.rsrc...............................@..@.reloc..0...........................@..B................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\display.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):44032
                  Entropy (8bit):5.783700908556658
                  Encrypted:false
                  SSDEEP:768:xLapST8QYqxxALGvMCf6hPOHTQAaZh1JnqnwX1hWbg:rT8ap7WOeZhv8ajeg
                  MD5:580E19C9A9D58B9EDC2722402CCE4974
                  SHA1:7D153FD0EAEC9C3549EFFDE38E9F26F54EE64774
                  SHA-256:1A5D2C1379855466463586B49BC61B78C2E2F7C6B3E8ABA2AF99D149BCBCFDB2
                  SHA-512:C3081A8B4F54C7D54918F01AE76616DDB3110C90884DE2561630C4387012DB5BA09A928349492ACE525687568C13BCB0D0770CD86EE187315301493925D810A6
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............p...p...p.....p...q...p..q...p...s...p...u...p...t...p.(.q...p..q...p...q...p...x...p...p...p.-.....p...r...p.Rich..p.................PE..d....?.a.........." .....V...X.......Y....................................................`.............................................\............................................................................................p...............................text....U.......V.................. ..`.rdata...;...p...<...Z..............@..@.data...............................@....pdata..............................@..@.gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\draw.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):48128
                  Entropy (8bit):6.099628652524892
                  Encrypted:false
                  SSDEEP:768:u9jFnfN/dACKdHg22tWi7/ogt1kHIMiF2Z3cmP+zZzFqzrYrsG:AVWVzoWi7/ZkHIMicXX0IG
                  MD5:6C3AAD01782CFB0A31A752E40F2010C8
                  SHA1:FA72B534991202C7AA17FAB4B7A13CD7A0D07C65
                  SHA-256:33E7E6ECE451C0762D174E843AEF5B05147EC09DFF6684EAA7801C0EE86831B6
                  SHA-512:7D6FCA733D18CE6BF1BDCBAEDCFD3F34376644A63CA0B29EADECE7CD428D50F0699696A049AE0D5AA0310B9E566CA0E6EACF6BE33BEC4EB0AA32EC1A52117646
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Z..............e.........................................h.......................N.......N.......m.......N.......Rich............PE..d....?.a.........." .....~...B......@.....................................................`.........................................0...X...........................................p...................................................@............................text...S|.......~.................. ..`.rdata...&.......(..................@..@.data...............................@....pdata..............................@..@.gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\event.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):40448
                  Entropy (8bit):5.665174203175519
                  Encrypted:false
                  SSDEEP:384:bgkujLBgOY7h3dsAj2jKF7gFkEIHsJfgB0rWNJ6jrkfc75tNU1JDmSov1ZeH/ax8:FuB413iXKR4piu6H/s9Cm1u
                  MD5:49837839686BBC2E230A216454A76A56
                  SHA1:F4D34957BB75B12ACC778299B193FE2E8EEF789F
                  SHA-256:BC14621B41528937C5AA5F5400874A3AF581578709323DB04884A622826EC849
                  SHA-512:814AB72985175F48F886C1EF3D6F82BE1B8FC9F3A0C88CC9792AB1BD3D14575DF760FF96E6DE56047D5A6679A9F58155A7E4C41F9F5EE4B1BD2332FE4C6376E8
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-.^.L...L...L...4w..L.......L...$...L.......L.......L.......L..{%...L...9...L...L...L..]....L..]....L..~....L..]....L..Rich.L..........................PE..d....?.a.........." .....Z...F.......\....................................................`.........................................P...X...........................................P...............................p................p...............................text...SY.......Z.................. ..`.rdata...*...p...,...^..............@..@.data...............................@....pdata..............................@..@.gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\font.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):24064
                  Entropy (8bit):5.3407998299229
                  Encrypted:false
                  SSDEEP:384:1x2nVIdaFQqwXS7qCVjFuRtPE840dvihm2uhAfGsuRoIBIArACDcMMg:14YqwXclVjYRvWuu+dEc
                  MD5:B5951DEFAA7E26060BC045F85D23FA1B
                  SHA1:0F53D11836C2B97230B01668348B6A99802653A6
                  SHA-256:846C657C34FD07C360542ED3D78F7782C8D32FC257888ECB5713E40678437C46
                  SHA-512:D4747A831F09AE2AF02D7EEF3A2B911CC9F40AE07171B4D104F64C52FDA968CC57D4836D541C05109AA560C1FB9D6620597F8551F7FC87850EBFD3B6E1DD89A8
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.{.M.{.M.{.v.z.O.{...z.O.{.v.x.O.{.v.~.F.{.v...D.{..z.O.{.D...I.{...z.N.{.M.z...{...s.L.{...{.L.{....L.{...y.L.{.RichM.{.........PE..d....?.a.........." .....&...:.......*....................................................`..........................................T..X....U.......................................M...............................N...............@..(............................text....%.......&.................. ..`.rdata... ...@..."...*..............@..@.data........p.......L..............@....pdata...............R..............@..@.gfids...............X..............@..@.rsrc................Z..............@..@.reloc...............\..............@..B................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\image.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):28160
                  Entropy (8bit):5.791014923696717
                  Encrypted:false
                  SSDEEP:384:XL4Ltxxz1ugXX2AFovzngbdn17Rpk8mqk+AkB/66RT5ScAwWA7WRwh/TJ1XKcNmb:cBFFqLm1TbRoDwWA7WRKFrmb
                  MD5:6F33F326BA1F9A076C5B0A29B4356438
                  SHA1:7A5F6924DE9385EE1DCC23FF1D790F1D700F9496
                  SHA-256:E136586B6FA61E6F734EF130C8EAF3E1C133A438F2F32816D05037BB682961D0
                  SHA-512:D03A811455AD36893600D9FADBB468808667B17AE615F4154BE707BE579ABDF7C3CBCE19C1871F069E290ABF0C48869EAFB9E565316207D2086692F46110B446
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........3'..]t..]t..]t..t..]t..\u..]t..\u..]t..^u..]t..Xu..]t..Yu..]tl.\u..]t..\u..]t..\t..]tJ.Uu..]tJ.]u..]ti..t..]tJ._u..]tRich..]t........................PE..d....?.a.........." .....>...2.......A....................................................`.........................................Pb..X....b..................H...............d....[...............................[...............P...............................text....=.......>.................. ..`.rdata..d....P.......B..............@..@.data...H....p.......`..............@....pdata..H............d..............@..@.gfids...............h..............@..@.rsrc................j..............@..@.reloc..d............l..............@..B................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\imageext.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):19456
                  Entropy (8bit):5.3288808221207145
                  Encrypted:false
                  SSDEEP:384:hipEV3sRR7L9V6MJX9TgedamfBtCX4Zp1DmV4gevhzdcLLc7iz:hKEViRzQyzC4D5mV41dcqi
                  MD5:BBCBEE70AD4C438CB6340CED73883521
                  SHA1:E31A352986963AFFE0E7DFA754F0ED87B9908F53
                  SHA-256:75FD74BEA42276DB6BB468851098A96EE0C76379003F0C9CC7A13C0C9DF07122
                  SHA-512:7554A258F9C19C56D53D52BAD7CB07EA5C1A3CD9771301E9854C47D46F981D9D64351483A5FF3B9AA2B28F74CFC806C99218DDB074DE29DBB85BFECA6547E0C3
                  Malicious:false
                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.........._...................................!D...............................................................................|............Rich............................PE..d....?.a.........." ....."...,......P%....................................................`..........................................L..`...0M...............p..................<....F...............................G...............@...............................text....!.......".................. ..`.rdata.......@.......&..............@..@.data........`.......@..............@....pdata.......p.......B..............@..@.gfids...............F..............@..@.rsrc................H..............@..@.reloc..<............J..............@..B........................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\joystick.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):20480
                  Entropy (8bit):5.2928685167428196
                  Encrypted:false
                  SSDEEP:384:ND4c5eVL5VkHPRU13wki2sn+1jbZ4/mb1cMmmmM:Nb5Gt13wkiZ+1u/mf
                  MD5:3366202C1EEF51F56E5C26CE31304FA2
                  SHA1:413F6AD2E7BEB4823045952961A93F1837B04B2A
                  SHA-256:9EC6E0A077BCAD6E67EF9CF0D465749FFD714248ECE25A48BAB065781D11E5AC
                  SHA-512:F89A3CE5BA6A40D464317C9B3B72F9342C99B2331AA9EC23CF0D12990A7B847D2F4A9CD7FAA8E945ADF492D85DF39315B58B605C2026F744137B1779BC43B76D
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..F..F..F......F...G..F..G..F...E..F...C..F...B..F.s.G..F..G..F..G.F.U.N..F.U.F..F.v...F.U.D..F.Rich.F.........PE..d....?.a.........." ..... ...2......."....................................................`.........................................pA..`....A..x............`.......................;...............................;...............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........P.......@..............@....pdata.......`.......F..............@..@.gfids.......p.......J..............@..@.rsrc................L..............@..@.reloc...............N..............@..B................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\key.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):26624
                  Entropy (8bit):4.885516034084412
                  Encrypted:false
                  SSDEEP:384:8rOTgL3DaLkKNrpcVVYMdFuTwgukAtyDT1/vcMABYStqaM6Krt:aLMi7Cwtextohqr6I
                  MD5:066A526CB1D816664C2B6A40AE437D72
                  SHA1:8899390E5FB6490813C3AF2E3754A213190E3E3D
                  SHA-256:E89FBEC8BD486D708A49725C5158C2A748D24BBCA673CB3C906439806777718E
                  SHA-512:F2D7DC9303402B83458C47D858E27060DA5933DEA194A1421CCF39AC41DE8AFE877F2DD86AEBC2F4B175C15B7A8DB1E136B116B417341C06F99254E86CDD495F
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............f..f..f......f...g..f..g..f...e..f...c..f...b..f.t.g..f..g..f..g.f.R.n..f.R.f..f.q...f.R.d..f.Rich.f.................PE..d....?.a.........." ....."...J.......%....................................................`..........................................X..T...$Y..x...............................@....S...............................S...............@..0............................text....!.......".................. ..`.rdata...!...@..."...&..............@..@.data........p.......H..............@....pdata...............\..............@..@.gfids...............`..............@..@.rsrc................b..............@..@.reloc..@............d..............@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\mask.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):56832
                  Entropy (8bit):6.188213197887492
                  Encrypted:false
                  SSDEEP:1536:9ALYaiRq6PZda5jU2zsR4dOKiXUVmBIhbXjDEyHkljcc:9ALYbQ6Pq2P4dOKiXUVmBWXjIyHklo
                  MD5:15852767AAB165A1C8FB77ABF6C02F3F
                  SHA1:A581AA0338A6D3F4D8301FB3A7C7D3EDF2FCA980
                  SHA-256:059142E9690EF8319E27CDF0EF1377D7C7940C83FB6EEEB3D77F6F44919C80DB
                  SHA-512:61DB1EAE69B8AF304DEC528A95E56B598FD343184EA112487BA4268722A13A2D17ADCFCA58E33FF2C9FED2A4B69FDD10AEE2D4EF7A41522091005154923B8CFD
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'..Xc...c...c...j.t.e...X...a...8...a...X...a...X...h...X...i.......a...6...`...c...2.......a.......b.......b.......b...Richc...........PE..d....?.a.........." .........N......`........................................0............`.............................................X...h................................ .. ....................................................................................text...c........................... ..`.rdata..4........0..................@..@.data...............................@....pdata..............................@..@.gfids..............................@..@.rsrc...............................@..@.reloc.. .... ......................@..B................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\math.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):67072
                  Entropy (8bit):5.986686387118695
                  Encrypted:false
                  SSDEEP:1536:6OdMMdcUIdLd9t2tFU/8O6nKMGCnq3dbiRr1CH:hdcUMLvMtFL7KMlnq3dbiRI
                  MD5:94D6D00B92A6C8BB7FC7A967B189B0F6
                  SHA1:D9C2CABB073CD26A0BB59FED9DAFA84C9CD00044
                  SHA-256:01CE02EDE8DBBD5BB9665FE9A01A3F25F1B560E745B13BEA6044E93F728FCB9D
                  SHA-512:6B0505210489980335015EF925D82A42C87F5C71092C2399E58ECE1B12B24C89778B4864D3C8CC7CFA0359F976B8C394D8F3EEE0744EDA94567DD7B8F769171D
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3..Uw...w...w...~...s...L..u...,..u...L..r...L..|...L..}.......t...w..........v......v.....s.v......v...Richw...................PE..d... ?.a.........." .........~...............................................`............`.........................................p...X.......x....@..........h............P.......................................................................................text............................... ..`.rdata.."I.......J..................@..@.data...............................@....pdata..h...........................@..@.gfids....... ......................@..@_RDATA..0....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\mixer.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):36352
                  Entropy (8bit):5.658295348751267
                  Encrypted:false
                  SSDEEP:768:oGrr4779GIItgzU/HftuysPesmSUf+SCd:/HteOHfIysPes9UWd
                  MD5:E8E827FA0F2A1E519E02173A3275556A
                  SHA1:2BD4A884A302DD21DB06A33FAB7DD2307C1BA77A
                  SHA-256:C8509D96B07FD913CA4BE44156C6516A9C5B0F962DFE7519DB7A282A24B6A877
                  SHA-512:2EFCB44C718A0ADDE7C2FF5915FBE6770E298392FB6E0DEBD917E8A89993FE39F7495C84197252F927B36CEE88C9E8EBCFAE678C65A3D8C0AB7E55786A3D5150
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................1...............................,.....U>........................).].........Rich...........PE..d....?.a.........." .....B...N......pE....................................................`.........................................0...X.......................................T....x...............................x...............`...............................text...cA.......B.................. ..`.rdata.../...`...0...F..............@..@.data................v..............@....pdata..............................@..@.gfids..............................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\mixer_music.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):20480
                  Entropy (8bit):5.321389308193211
                  Encrypted:false
                  SSDEEP:384:PqvuUSXhqrH2CaBzR8nqAaTvVtEG8cNwniCU:JZT8ncvVtEy+U
                  MD5:F0FFF37B28CD80E1138B0D1DAE12826C
                  SHA1:0D98044DE21C2C2F31784F031640E86F25E857EA
                  SHA-256:4635C4F9E594740DEFCA85097266D59573C6B028C6C09E46FFC23098F49A431E
                  SHA-512:7215562D0052C7D8A2EB3F0CAC16146A367FCBE48FB1A85043A8B1F55CB9D44BC8D7B22C6652E4CE44F385A092E48FEC14A5BF5AE8C6DA0DCFB6C90EFE8C5035
                  Malicious:false
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........G.zO&.)O&.)O&.)F^*)M&.)tx.(M&.).N.(M&.)tx.(M&.)tx.(D&.)tx.(E&.).O.(M&.)T.%)M&.).S.(L&.)O&.).&.).x.(N&.).x.(N&.).xF)N&.).x.(N&.)RichO&.)........................PE..d....?.a.........." .....$..........p&....................................................`.........................................0P..d....P...............p..T...................`J...............................J...............@...............................text...c".......$.................. ..`.rdata.......@.......(..............@..@.data...x....`.......B..............@....pdata..T....p.......F..............@..@.gfids...............J..............@..@.rsrc................L..............@..@.reloc...............N..............@..B........................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\mouse.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):19456
                  Entropy (8bit):5.213980760489755
                  Encrypted:false
                  SSDEEP:384:m4n1F8UOM95wBZ1rFtMtxtn4TdhT3L/cMrAU:m4n1F85Myutvczhr7
                  MD5:4B8C2DB25033F681BA99A5CDFE218E97
                  SHA1:C201863728E1BE3199E3EB5C7EB5591FA1472240
                  SHA-256:3098B2D9B751F6F5AD2A91EEC9D8C82F32F37A69C168A2E2C384B30633DA1289
                  SHA-512:01D0AA4377921F613F59078DA238C9D66749134715D7D1A57B73FAA744493E9B0D5270484F17D6CCB2695F235F3C5E5271B4EF7F627D69A674B5CBAE9B6B3B02
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3^.OR0.OR0.OR0.F*..KR0.t.1.MR0..:1.MR0.t.3.MR0.t.5.DR0.t.4.ER0..;1.MR0..'1.LR0.OR1..R0...8.NR0...0.NR0.....NR0...2.NR0.RichOR0.........................PE..d....?.a.........." ..... ..........."....................................................`..........................................?..X....?...............`..................l....9...............................9...............0..`............................text............ .................. ..`.rdata.......0.......$..............@..@.data........P.......>..............@....pdata.......`.......B..............@..@.gfids.......p.......F..............@..@.rsrc................H..............@..@.reloc..l............J..............@..B................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\pixelarray.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):45056
                  Entropy (8bit):6.064596577114034
                  Encrypted:false
                  SSDEEP:768:yVp+JVksLW5k4flLN9DgDMEm6lqM78wkPCRZ7UmTlWHQaLCKU2ra76Z+iJXH/wHR:Up+cD8MMq48UbUdKKi6Z3oH
                  MD5:6E769E1EA4700A57CA598447072416CB
                  SHA1:3419DE4C948A983ACEB93CAC20C5A9EC6DD2A809
                  SHA-256:80D0E26C4555617CD346AD50072277D3451376FF6AB02F0980004E3DB21E41C5
                  SHA-512:C5C3EA5617F75B23A96355849AE7799F8A3C8865BD27A33D14E79D2ABA0754D29524630B2C16B4599699C927F9F32C795DD151E0B0CFCEE0B1E9E1369AFC0C9F
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Z..............D.........................................h.......................N.......N.......m.(.....N.......Rich....................PE..d....?.a.........." .....t...@.......v....................................................`.........................................@...d...........................................@...............................`................................................text....r.......t.................. ..`.rdata..:%.......&...x..............@..@.data...0...........................@....pdata..............................@..@.gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\pixelcopy.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):26112
                  Entropy (8bit):5.761453811981597
                  Encrypted:false
                  SSDEEP:384:TPQtj2J1h1LU1HYJ0U4QTg/4p0Np4QEMBnFRjTfL7cMynJ:TPQtO/1LRLIXnLrVy
                  MD5:49477E3298A73ECA10DFD1F48AAE8758
                  SHA1:501F2D4EBEF4200A637504478787D3BB5007A08D
                  SHA-256:F933C41E923D885D2AF0368960DB3B814EB15CCC3DC9560E8796D4292CDEFE25
                  SHA-512:34EF9AEA9D5E571A4A96BBC47074EA2E612FFAA74BE0D1C661174854A58F740E1C9A77E6A57831A7E3DFD6BC01EA6412F21DE6F934A417E6CD8C944D705C523E
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................^........................................H......................n.......n.......M.2.....n.......Rich............................PE..d... ?.a.........." .....:..........p=....................................................`.........................................@d..`....d..x...............................@....]...............................]...............P...............................text...c9.......:.................. ..`.rdata.......P.......>..............@..@.data...h....p.......Z..............@....pdata...............\..............@..@.gfids...............`..............@..@.rsrc................b..............@..@.reloc..@............d..............@..B................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\rect.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):36864
                  Entropy (8bit):5.688408458159711
                  Encrypted:false
                  SSDEEP:768:qlyQ1yzflz2H+xYeD5uRFc7DYendUdvmy:xDlAoTUd+
                  MD5:002124478CD478C6492C3EEB4E3D598C
                  SHA1:0729E154BA55A45B02393B8EE3CD1E287B721DDB
                  SHA-256:D2BFC8563BB5C1D7C73E727F13D3A8B5A41B32415087EE60BDD70A9945428D2B
                  SHA-512:4E56D49ED824B9B9FA02AB40017805B4F38E62E2A04998FCF79043B6600A2DE2905BEAC10CB1D8E810376BA7EF10E491894E247C4510FBD7924E484C7E050ADC
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3^=OR0nOR0nOR0nF*.nKR0nt.1oMR0n.:1oMR0nt.3oMR0nt.5oDR0nt.4oER0n.;1oMR0n.'1oLR0nOR1n.R0n..8oNR0n..0oNR0n...nNR0n..2oNR0nRichOR0n........................PE..d....?.a.........." .....J...H......0M....................................................`..........................................|..X...8}..................................t....r...............................s...............`...............................text...#I.......J.................. ..`.rdata...&...`...(...N..............@..@.data...P............v..............@....pdata..............................@..@.gfids..............................@..@.rsrc...............................@..@.reloc..t...........................@..B................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\rwobject.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):19968
                  Entropy (8bit):5.290419159050352
                  Encrypted:false
                  SSDEEP:384:Sw8SAsxJbWakMKhoYaVYfJMqdop7GvmmkSCFcNQX:r/HkMmE7ok7yQ
                  MD5:DC1BC1AABF560371D7E5BA827CF8CDBE
                  SHA1:7C565B88C20F0BFD1C6410A14FEAE1676251F2BB
                  SHA-256:21641F109D40187A0D4EB83AE170034F7186F8C3329DF09EBAE9CC7C1C465078
                  SHA-512:098616473F13B98ABFF65D32ABDA83F601FC3E65CBF673EC4518EAA383CE199F4BC5F45E026582C83D5DE4C400CFB5EEC0ED58CD6A424634E27528D6FE0378D8
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................,............../Tx...................&................................#.@...........Rich....................PE..d....?.a.........." .....$...,.......&....................................................`..........................................N..`...`N...............p..................@....F...............................G...............@...............................text....".......$.................. ..`.rdata.......@.......(..............@..@.data........`.......B..............@....pdata.......p.......D..............@..@.gfids...............H..............@..@.rsrc................J..............@..@.reloc..@............L..............@..B................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\scrap.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):18944
                  Entropy (8bit):5.244515673174077
                  Encrypted:false
                  SSDEEP:384:GsZ9ciXBAQoBQo3HVtdsDKeJRnQTt/gZTheucMWqM5K/:H9ciXBY3AFDNtVWvE
                  MD5:31EDC06FCBAA1FEC5AC049AF8432C05D
                  SHA1:275BF6E0716F91E90EC7A26098EF12437CC48342
                  SHA-256:7B5934C10123FB5CB635984D38B29AD2BEF8E6FDCBF589C34AE1E7A095E8C680
                  SHA-512:B6DAA4F56722FB3B33807326FB07EDD6A4E1A30C4EFA1A2D8B539F05A9BAFB8B0E2A774F38A084943AA5CE4BDED7C9B3E98BD82B7934CB5492DE73664A5CEC7A
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........SC.n.C.n.C.n.J...E.n.x.o.A.n.x.m.A.n.x.k.I.n.x.j.I.n..o.A.n...o.G.n...o.@.n.C.o...n..f.B.n..n.B.n....B.n..l.B.n.RichC.n.........PE..d....?.a.........." ..... ...,......."....................................................`.........................................P>..X....>...............`..................X....7...............................7...............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........P.......>..............@....pdata.......`.......@..............@..@.gfids.......p.......D..............@..@.rsrc................F..............@..@.reloc..X............H..............@..B................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\surface.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):220672
                  Entropy (8bit):6.3783596774039815
                  Encrypted:false
                  SSDEEP:3072:QAqOctGdEqVJ//lkjkVk+k9mPmVmTgFcIzMDnZE7:COcuJ//lkjkVk+k9mPmVmTgFcIQDnC7
                  MD5:844FF6F5FE453C45E01C922241A9EFC0
                  SHA1:4F888AF9CE2BA63286434439A9F275260199F1F6
                  SHA-256:4730D706D887DBB74CE835B8C8EAD47AE7CFE1A5EB8D29F50A8D63E9CFFA5CD1
                  SHA-512:8D9694D6202289A6566BC83C2DF0EC6ABF855EE23313A73008002BB570D89AEE3BE3A3A0F9318690EFB3081FDB50A16BFEA984979CD76AED95B66C19A51774E1
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5..q...q...q...x.z.u...J...s...*...s...J...s...J...{...J...{.......s...$...r...q...........r.......p.......p.......p...Richq...................PE..d....?.a.........." .........j......P.....................................................`.........................................0I..\....I...............p..t....................:...............................:...............................................text...C........................... ..`.rdata...G.......H..................@..@.data........`.......B..............@....pdata..t....p.......L..............@..@.gfids...............X..............@..@.rsrc................Z..............@..@.reloc...............\..............@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\surflock.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):13824
                  Entropy (8bit):4.748836333842975
                  Encrypted:false
                  SSDEEP:192:ds9WS9oDgVvpqPrtDmhRvPo24ekyPosKKFAgXU/ZMc6zG:K9t9oDgVBSQhRvsekyoKFAicM3
                  MD5:FE35671133B52A43C9A4E3466115CD4A
                  SHA1:5F28BCB373FDA9B2EC3EDBC32A0B04E1C41FAEED
                  SHA-256:AFAE791424C4B124FBA2F47971FFBDA06CE234CC768EF70E9D91BD3E50792A7A
                  SHA-512:23D2C69366FD17CE43D84D5C98C11DBCCCB7B923D9D364A7672FA5DE8E3C1E0591BE5E9BB7481017382218160327D6AB77EB0646887879484338E0C962E73116
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y1...P...P...P...(...P..&....P..F8...P..&....P..&....P..&....P..9...P..H%...P...P..+P......P......P......P......P..Rich.P..........................PE..d....?.a.........." .........$............................................................`..........................................7..`...08..x....p.......P..X...............,....2...............................2...............0...............................text............................... ..`.rdata.......0......................@..@.data........@.......(..............@....pdata..X....P.......,..............@..@.gfids.......`.......0..............@..@.rsrc........p.......2..............@..@.reloc..,............4..............@..B................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\time.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):18944
                  Entropy (8bit):5.021063469377741
                  Encrypted:false
                  SSDEEP:384:am0CMudvllWt2O7s9fpuIEs/iAVEE2HTezx3cMe:amB7otSEs/3E/Hqre
                  MD5:6C6B3F80BD877D5DC8E8BA5655C39602
                  SHA1:7876923AE8A02D8343D12F85F8489A02343260DB
                  SHA-256:AE3D2AD95169FC0B9FCBFF4F631752FE7753CD85D0B1B29BCC71090F04D56ED0
                  SHA-512:5817DDDC3AE2B2695197722CC9FA4C0E70F1DFD1CA224C6A3B67527ABDAE760AA9891B50FD8E4F3950D16EB8AB1F4B4D374CD9BE020A1A40C17CB3B166160232
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3^.OR0.OR0.OR0.F*..KR0.t.1.MR0..:1.MR0.t.3.MR0.t.5.DR0.t.4.ER0..;1.MR0..'1.LR0.OR1..R0...8.NR0...0.NR0.....NR0...2.NR0.RichOR0.........................PE..d....?.a.........." ................p ....................................................`.........................................@=..X....=...............`.......................7...............................7...............0..P............................text...c........................... ..`.rdata..n....0......."..............@..@.data...X....P.......:..............@....pdata.......`.......@..............@..@.gfids.......p.......D..............@..@.rsrc................F..............@..@.reloc...............H..............@..B................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\pygame\transform.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):52224
                  Entropy (8bit):6.234819540381457
                  Encrypted:false
                  SSDEEP:768:wLoLurPrJgIlzKqZIyqcerwMpdF6YBf1JmXyEq9D2/rfC2:sgIzpZIierwIdF11k1IETC2
                  MD5:CE4431CB9C2FE33DB084795432AFF22B
                  SHA1:528E900BAE5C96B37D25B87694B0B29F76FE7758
                  SHA-256:54E8B3D2BBB7868202571989F982037F02BC48917AE72F6EB86A3B4BB37B831D
                  SHA-512:590B8E380F9C05D8E0AD4FC70D3834DD590E6CF1F22C35BB96E8ABF8A175FFA8B8C96F87F7AE7AA90FE8905B57D3194C9EBFF2F994E3347F223E664B68FAD589
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mgCE...E...E...Lt..C...~R..G....d..G...~R..G...~R..N...~R..O....e..G....y..F...E........R..F...E...D....R..D....R..D....R..D...RichE...................PE..d....?.a.........." .........@......p........................................ ............`.........................................@...`.......................D...................`................................................................................text............................... ..`.rdata...'.......(..................@..@.data...............................@....pdata..D...........................@..@.gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\python3.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):58896
                  Entropy (8bit):5.843378110040134
                  Encrypted:false
                  SSDEEP:768:1iUuRp9VpBLm6g5YuLIE4k8kF/DFz1OuIwfBSCciqy0oeDOm+rENdI8V0eWDG4yv:n5gOqdI8V0jyv
                  MD5:274853E19235D411A751A750C54B9893
                  SHA1:97BD15688B549CD5DBF49597AF508C72679385AF
                  SHA-256:D21EB0FD1B2883E9E0B736B43CBBEF9DFA89E31FEE4D32AF9AD52C3F0484987B
                  SHA-512:580FA23CBE71AE4970A608C8D1AB88FE3F7562ED18398C73B14D5A3E008EA77DF3E38ABF97C12512786391EE403F675A219FBF5AFE5C8CEA004941B1D1D02A48
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5H..q)d.q)d.q)d..wl.p)d..wd.p)d..w..p)d..wf.p)d.Richq)d.........PE..d...m.:_.........." ................................................................g.....`.........................................` ............................................... ..T............................................................................text............................... ..`.rdata...... ......................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\python37.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):3750416
                  Entropy (8bit):6.384383088490926
                  Encrypted:false
                  SSDEEP:49152:KjVpkcACTIK0IKhyn9iafAdH1ZRHLqUCbNSuvYVeP84mzIAA5H0LMznZPMXT7p31:3CTIdKI7UWu4cAgHCMzqNOyVB
                  MD5:C4709F84E6CF6E082B80C80B87ABE551
                  SHA1:C0C55B229722F7F2010D34E26857DF640182F796
                  SHA-256:CA8E39F2B1D277B0A24A43B5B8EADA5BAF2DE97488F7EF2484014DF6E270B3F3
                  SHA-512:E04A5832B9F2E1E53BA096E011367D46E6710389967FA7014A0E2D4A6CE6FC8D09D0CE20CEE7E7D67D5057D37854EDDAB48BEF7DF1767F2EC3A4AB91475B7CE4
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........k.y...y...y.......y...'...y......y...'...y...'...y...'...y.......y...y...x..,'..Fy..,'...y..,'...y..,'...y..Rich.y..........................PE..d...c.:_.........." .....8.... .....D.........................................<.......9...`.........................................p....... ?/.|.....;.......9..w... 9.......;..q......T........................... ................P..0............................text....7.......8.................. ..`.rdata.......P.......<..............@..@.data....z...p/......P/.............@....pdata...w....9..x...(7.............@..@.gfids.......p;.......8.............@..@.rsrc.........;.......8.............@..@.reloc...q....;..r....8.............@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5core.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):6023664
                  Entropy (8bit):6.768988071491288
                  Encrypted:false
                  SSDEEP:98304:hcirJylHYab/6bMJsv6tWKFdu9CLiZxqfg8gwf:+irJylHFb/QMJsv6tWKFdu9CL4xqfg8x
                  MD5:817520432A42EFA345B2D97F5C24510E
                  SHA1:FEA7B9C61569D7E76AF5EFFD726B7FF6147961E5
                  SHA-256:8D2FF4CE9096DDCCC4F4CD62C2E41FC854CFD1B0D6E8D296645A7F5FD4AE565A
                  SHA-512:8673B26EC5421FCE8E23ADF720DE5690673BB4CE6116CB44EBCC61BBBEF12C0AD286DFD675EDBED5D8D000EFD7609C81AAE4533180CF4EC9CD5316E7028F7441
                  Malicious:false
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......D.............................UJ......................................................W.....,..................r....................Rich............PE..d...;._.........." ..........-.......-......................................`\.....x.\...`...........................................L..O....T...... \.......U.. ....[......0\..%..,.H.T.....................H.(.....H.0............./.H............................text............................... ..`.rdata..F7%.../..8%.................@..@.data...x....PT..\...6T.............@....pdata... ....U.."....T.............@..@.qtmimed.....0W.......V.............@..P.rsrc........ \.......[.............@..@.reloc...%...0\..&....[.............@..B........................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5dbus.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):436720
                  Entropy (8bit):6.392610185061176
                  Encrypted:false
                  SSDEEP:6144:ZLvnUJ17UTGOkWHUe/W9TgYMDu96ixMZQ8IlXbKgp8aIDeN:KP7cGOGegTwu96ixMZQtlrPN
                  MD5:0E8FF02D971B61B5D2DD1AC4DF01AE4A
                  SHA1:638F0B46730884FA036900649F69F3021557E2FE
                  SHA-256:1AA70B106A10C86946E23CAA9FC752DC16E29FBE803BBA1F1AB30D1C63EE852A
                  SHA-512:7BA616EDE66B16D9F8B2A56C3117DB49A74D59D0D32EAA6958DE57EAC78F14B1C7F2DBBA9EAE4D77937399CF14D44535531BAF6F9DB16F357F8712DFAAE4346A
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D..*..*..*.....*...+..*.../..*.......*...)..*...+..*.O.+..*..+...*.O./..*.O.*..*.O....*.....*.O.(..*.Rich.*.........................PE..d...]._.........." .....\...<.......\..............................................K.....`..........................................h..to...................`...Q..............4.......T.......................(...`...0............p...............................text...yZ.......\.................. ..`.rdata..0....p.......`..............@..@.data...X....@......."..............@....pdata...Q...`...R...2..............@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5gui.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):7008240
                  Entropy (8bit):6.674290383197779
                  Encrypted:false
                  SSDEEP:49152:9VPhJZWVvpg+za3cFlc61j2VjBW77I4iNlmLPycNRncuUx24LLsXZFC6FOCfDt2/:BJZzI1ZR3U9Cxc22aDACInVc4Z
                  MD5:47307A1E2E9987AB422F09771D590FF1
                  SHA1:0DFC3A947E56C749A75F921F4A850A3DCBF04248
                  SHA-256:5E7D2D41B8B92A880E83B8CC0CA173F5DA61218604186196787EE1600956BE1E
                  SHA-512:21B1C133334C7CA7BBBE4F00A689C580FF80005749DA1AA453CCEB293F1AD99F459CA954F54E93B249D406AEA038AD3D44D667899B73014F884AFDBD9C461C14
                  Malicious:false
                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......QH^~.)0-.)0-.)0-.Q.-.)0-...-.)0-.F4,.)0-.F3,.)0-.F5,.)0-.F1,.)0-.Y1,.)0-.B5,.)0-.B1,.)0-.)1-m,0-.Y4,.)0-.Y5,|(0-.Y0,.)0-.Y.-.)0-.).-.)0-.Y2,.)0-Rich.)0-................PE..d....._.........." ......?...+.....X.?.......................................k.....R.k...`.........................................pKK.....d.e.|....`k.......g.......j......pk..6....F.T................... .F.(.....F.0.............?.p+...........................text...2.?.......?................. ..`.rdata...z&...?..|&...?.............@..@.data....o... f.......f.............@....pdata........g.......f.............@..@.rsrc........`k.......j.............@..@.reloc...6...pk..8....j.............@..B........................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5multimedia.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):746480
                  Entropy (8bit):6.260644163524817
                  Encrypted:false
                  SSDEEP:6144:jLIJMPFfMerCs1uXdHbbbboLxywnY9jnvQz5dm9mMhI/p5PQCf3FR19EjqD0jKds:j+MPFfMervUXzYeg/mR4G
                  MD5:01DF79071F9DA0B9B7BDA3DB7FDC8809
                  SHA1:6944ACC06F8691A27AA0833D29F0389F0E036BF0
                  SHA-256:1A59AE2A9FF768AD6BFB888FE3DD2544E238F0B28DA83CF375EBD803CE713DC4
                  SHA-512:486D3F93E56AB50E0C9937E3472762946AFDBB28279818D42081F5784F3AF2DF6D55253D4CF4839601058DCEFB5E543144B91B4572BED96CA9926A0A2AFE5711
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q..Q..Q..X.&.Y..E...S.....D.....Y.....U.....U.....V..Q.......$.....P...J.P..Q.".P.....P..RichQ..........PE..d...2.._.........." ...............................................................{.....`.................................................@8.......`..............H.......p.......^..T...................P`..(... _..0...............X............................text...R........................... ..`.rdata..............................@..@.data....3.......(...|..............@....pdata.............................@..@.rsrc........`.......,..............@..@.reloc.......p.......2..............@..B........................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5network.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):1340400
                  Entropy (8bit):6.41486755163134
                  Encrypted:false
                  SSDEEP:24576:eXPn73RXox1U9M0m+1ffSDY565RzHUY1iaRy95hdGehEM:+7hXU1U95m4ff9A5RviaRy9NGI
                  MD5:3569693D5BAE82854DE1D88F86C33184
                  SHA1:1A6084ACFD2AA4D32CEDFB7D9023F60EB14E1771
                  SHA-256:4EF341AE9302E793878020F0740B09B0F31CB380408A697F75C69FDBD20FC7A1
                  SHA-512:E5EFF4A79E1BDAE28A6CA0DA116245A9919023560750FC4A087CDCD0AB969C2F0EEEC63BBEC2CD5222D6824A01DD27D2A8E6684A48202EA733F9BB2FAB048B32
                  Malicious:false
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........Yt..7'..7'..7'...'..7'..3&..7'}.3&..7'}.4&..7'}.2&..7'}.6&..7'..6&..7'0.6&..7'..6'c.7'0.2&2.7'0.7&..7'0..'..7'...'..7'0.5&..7'Rich..7'........................PE..d....._.........." .................................................................c....`......................................... ....n..,...h....................X..........,.......T...................p...(...@...0............................................text...C........................... ..`.rdata...g.......h..................@..@.data...XN...@...2... ..............@....pdata...............R..............@..@.rsrc................>..............@..@.reloc..,............D..............@..B................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5printsupport.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):317424
                  Entropy (8bit):6.4458228745525155
                  Encrypted:false
                  SSDEEP:6144:809B+97t6UOTX3jrhVzgUA2GqWss4G+1gr7pGZmS0bZqXxtUPNs+5o/83+G2jW7:80v4p6UOjzQR0W7
                  MD5:61AC08D0E73555352714FF9044130C52
                  SHA1:F5FEE2811236640821A2C18C9E2EAADD509C6E62
                  SHA-256:783D4F1FEB8DC0BC00ACB8C094D6C1AB39AC6B5858874E60DD3D45677AF4307A
                  SHA-512:6ABDBFE5FFBD5C1C1204EDBFCC47F6B1072AA6A5B229901FE9B22CD2E193E7C963C62B8AC3CABEC6467D2440EADDD47214D8F98A06E885822314B98BBCFC2BDE
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Z]..;3.;3.;3.C..;3.JT2.;3.JT6.;3.JT7.;3.JT0.;3.P2.;3..K2.;3.;2.?3..K6.;3..K3.;3..K..;3.;..;3..K1.;3.Rich.;3.........................PE..d...4._.........." .................................................................(....`.........................................0=...q.......................&..............L.......T.......................(...`...0...............( ...........................text...O........................... ..`.rdata.............................@..@.data................p..............@....pdata...&.......(..................@..@.rsrc...............................@..@.reloc..L...........................@..B........................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5qml.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):3591664
                  Entropy (8bit):6.333693598000157
                  Encrypted:false
                  SSDEEP:98304:iPnt09+kVh2NrSdSG779LLLS/o/L4YqoY0Xba+mRRH2T:iPnt2ZVhT
                  MD5:D055566B5168D7B1D4E307C41CE47C4B
                  SHA1:043C0056E9951DA79EC94A66A784972532DC18EF
                  SHA-256:30035484C81590976627F8FACE9507CAA8581A7DC7630CCCF6A8D6DE65CAB707
                  SHA-512:4F12D17AA8A3008CAA3DDD0E41D3ED713A24F9B5A465EE93B2E4BECCF876D5BDF0259AA0D2DD77AD61BB59DC871F78937FFBE4D0F60638014E8EA8A27CAF228D
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.4...Z...Z...Z......Z..^...Z..Y...Z.._...Z..[...Z...[...Z...[...Z...[...Z..._...Z...Z...Z.......Z......Z...X...Z.Rich..Z.........PE..d......_.........." .....^$..........O$.......................................7.....}.7...`...........................................,......2.......6.......4. .....6.......6..J....).T.....................).(...p.).0............p$..%...........................text....\$......^$................. ..`.rdata......p$......b$.............@..@.data.........3..n....2.............@....pdata.. .....4......l4.............@..@.rsrc.........6......`6.............@..@.reloc...J....6..L...f6.............@..B........................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5qmlmodels.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):438768
                  Entropy (8bit):6.312090336793804
                  Encrypted:false
                  SSDEEP:6144:k1tE6lq982HdyuEZ5gw+VHDZjZ0yOWm7Vdcm4GyasLCZCu6vdQp:k1tEuq9Hdyuo5gwguyOtVIup
                  MD5:2030C4177B499E6118BE5B9E5761FCE1
                  SHA1:050D0E67C4AA890C80F46CF615431004F2F4F8FC
                  SHA-256:51E4E5A5E91F78774C44F69B599FAE4735277EF2918F7061778615CB5C4F6E81
                  SHA-512:488F7D5D9D8DEEE9BBB9D63DAE346E46EFEB62456279F388B323777999B597C2D5AEA0EE379BDF94C9CBCFD3367D344FB6B5E90AC40BE2CE95EFA5BBDD363BCC
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..<...<...<...5.H.4...(...>.......*.......4.......8.......8......9...<...g....../......=....$.=...<.L.=......=...Rich<...................PE..d...M.._.........." .....(...r......d+..............................................MF....`.........................................0E...^..0................`.. F..................H...T.......................(.......0............@...............................text...N&.......(.................. ..`.rdata.......@.......,..............@..@.data...x/...0...(..................@....pdata.. F...`...H...>..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5quick.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):4148720
                  Entropy (8bit):6.462183686222023
                  Encrypted:false
                  SSDEEP:49152:EcDwCQsvkBD+ClI3IAVLA7Tr15SokomoqxQhT2bAssCFEUGX5ig:E7CKPsA3p0Z/QV/sS3Ag
                  MD5:65F59CFC0C1C060CE20D3B9CEFFBAF46
                  SHA1:CFD56D77506CD8C0671CA559D659DAB39E4AD3C2
                  SHA-256:C81AD3C1111544064B1830C6F1AEF3C1FD13B401546AB3B852D697C0F4D854B3
                  SHA-512:D6F6DC19F1A0495026CBA765B5A2414B6AF0DBFC37B5ACEED1CD0AE37B3B0F574B759A176D75B01EDD74C6CE9A3642D3D29A3FD7F166B53A41C8978F562B4B50
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!Fvge'.4e'.4e'.4l_.4i'.4.H.5m'.4.H.5a'.4.H.5|'.4.H.5c'.4.W.5o'.4qL.5`'.4e'.4.,.4.W.5.'.4.W.5d'.4.W.4d'.4e'.4d'.4.W.5d'.4Riche'.4........................PE..d......_.........." ......%..B......L.$.......................................?.......?...`.........................................0)2.P.....8.T.....>.......<..^...2?.......?.py......T.......................(.......0............ %..\...........................text.....%.......%................. ..`.rdata....... %.......%.............@..@.data....I...@;..2... ;.............@....pdata...^....<..`...R<.............@..@.rsrc.........>.......>.............@..@.reloc..py....?..z....>.............@..B........................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5svg.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):330736
                  Entropy (8bit):6.381828869454302
                  Encrypted:false
                  SSDEEP:6144:6qLZcTC3wR/0JNZ+csBkBv0L0hq+SvcO8MsvwbIeblsjTR:6qNcCwqHE2fYlsPR
                  MD5:03761F923E52A7269A6E3A7452F6BE93
                  SHA1:2CE53C424336BCC8047E10FA79CE9BCE14059C50
                  SHA-256:7348CFC6444438B8845FB3F59381227325D40CA2187D463E82FC7B8E93E38DB5
                  SHA-512:DE0FF8EBFFC62AF279E239722E6EEDD0B46BC213E21D0A687572BFB92AE1A1E4219322233224CA8B7211FFEF52D26CB9FE171D175D2390E3B3E6710BBDA010CB
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............_._._..*_._,.^._..^._,.^._,.^._,.^._a.^._._=.._a.^._a.^._a.F_._.._._a.^._Rich._................PE..d......_.........." .........................................................@.......^....`.................................................((....... ...........0...........0..H...xL..T....................N..(....L..0............................................text............................... ..`.rdata..p...........................@..@.data...8...........................@....pdata...0.......2..................@..@.rsrc........ ......................@..@.reloc..H....0......................@..B................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5websockets.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):149488
                  Entropy (8bit):6.116105454277536
                  Encrypted:false
                  SSDEEP:3072:4sSkET6pEXb3loojg1Q2sorWvZXF2sorrLA7cG27Qhvvc:4sSd6pwzloDbsnX0sCrc7ct7QVc
                  MD5:A016545F963548E0F37885E07EF945C7
                  SHA1:CBE499E53AB0BD2DA21018F4E2092E33560C846F
                  SHA-256:6B56F77DA6F17880A42D2F9D2EC8B426248F7AB2196A0F55D37ADE39E3878BC6
                  SHA-512:47A3C965593B97392F8995C7B80394E5368D735D4C77F610AFD61367FFE7658A0E83A0DBD19962C4FA864D94F245A9185A915010AFA23467F999C833982654C2
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'`.CF.KCF.KCF.KJ>.KGF.K.).JAF.KW-.JAF.K.).JVF.K.).JKF.K.).J@F.K.6.JFF.KCF.K.G.K.6.JPF.K.6.JBF.K.6.KBF.KCF.KBF.K.6.JBF.KRichCF.K........................PE..d......_.........." .....$..........t(.......................................p.......5....`............................................."..l........P.......0.......,.......`..L...hw..T....................x..(....w..0............@...............................text....".......$.................. ..`.rdata..z....@.......(..............@..@.data...x...........................@....pdata.......0......................@..@.rsrc........P......."..............@..@.reloc..L....`.......(..............@..B........................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\qt5widgets.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):5498352
                  Entropy (8bit):6.619117060971844
                  Encrypted:false
                  SSDEEP:49152:KO+LIFYAPZtMym9RRQ7/KKIXSewIa/2Xqq1sfeOoKGOh6EwNmiHYYwBrK8KMlH0p:IGoKZdRqJD10rK8KMlH0gi5GX0oKZ
                  MD5:4CD1F8FDCD617932DB131C3688845EA8
                  SHA1:B090ED884B07D2D98747141AEFD25590B8B254F9
                  SHA-256:3788C669D4B645E5A576DE9FC77FCA776BF516D43C89143DC2CA28291BA14358
                  SHA-512:7D47D2661BF8FAC937F0D168036652B7CFE0D749B571D9773A5446C512C58EE6BB081FEC817181A90F4543EBC2367C7F8881FF7F80908AA48A7F6BB261F1D199
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x..................I.......I.......I.......I...........................................9.................................Rich............PE..d....._.........." ......3..P .......3.......................................T......MT...`.........................................0.D.P^....L.h....pS......0P..8....S.......S.d.....?.T...................`.?.(...0.?.0.............3.._...........................text.....3.......3................. ..`.rdata..8.....3.......3.............@..@.data.........O......dO.............@....pdata...8...0P..:....O.............@..@.rsrc........pS......4S.............@..@.reloc..d.....S......:S.............@..B................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\sdl2.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):2227712
                  Entropy (8bit):6.1101676126491045
                  Encrypted:false
                  SSDEEP:49152:otGVV4xwK5c4rvVO2ard4oZut2BRcfcK:f4GrBGc
                  MD5:2F4A57E7A4FF7F6EE01BB07D77D89EBC
                  SHA1:A03DE0DFD9C94170559097C5D15EF10E1E1AD8C7
                  SHA-256:F34CD90B131CEB45B7F32D41680A13FD4B13E5F48F0D1649CBF441833105310C
                  SHA-512:4633E946F6CBEA72B3DD4280BE44279565ED50C36DDD5CEF1498975A3FBDA51FD4EE5A6F54C2D249520AF3B8F4161DAA890C90DC831678B2B6C4BB1A969E91FE
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...%......!..0..u.........Gk..............................".....1\"...`... .......................................!..\...."..-...`"....... ..............p".4...............................(...................|.".x............................text...X...........................`..`.data....Y.......Z..................@....rdata..@....0......................@..@.pdata........ .....................@..@.xdata..L..... ....... .............@..@.bss....P/....!..........................edata...\....!..^...N!.............@..@.idata...-....".......!.............@....CRT....X....@".......!.............@....tls.........P".......!.............@....rsrc........`".......!.............@....reloc..4....p".......!.............@..B................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\sdl2_image.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):125440
                  Entropy (8bit):6.248060009482749
                  Encrypted:false
                  SSDEEP:3072:6bsejIuO504fzsOM05Nmy7iGpJ7SvFisgf:6bmX0qQOhmyPs
                  MD5:B8D249A5E394B4E6A954C557AF1B80E6
                  SHA1:B03BB9D09447114A018110BFB91D56EF8D5EC3BB
                  SHA-256:1E364AF75FEE0C83506FBDFD4D5B0E386C4E9C6A33DDBDDAC61DDB131E360194
                  SHA-512:2F2E248C3963711F1A9F5D8BAEA5B8527D1DF1748CD7E33BF898A380AE748F7A65629438711FF9A5343E64762EC0B5DC478CDF19FBF7111DAC9D11A8427E0007
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...........................j.............................p.......V........ .........................................P.... ..L....P..8.......x............`.............................. @..(...................h#...............................text...............................`.P`.data...............................@.`..rdata...&.......(..................@.`@.pdata..x...........................@.0@.xdata..............................@.0@.bss..................................`..edata..P...........................@.0@.idata..L.... ......................@.0..CRT....X....0......................@.@..tls....h....@......................@.`..rsrc...8....P......................@.0..reloc.......`......................@.0B................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\sdl2_mixer.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):123904
                  Entropy (8bit):6.31428829821482
                  Encrypted:false
                  SSDEEP:3072:GeCtxSl2NCjItkjr2tXYsxSfbWO1i9ssFo2Bm:GeCtslnsw2YsxSZ1KssFo2B
                  MD5:8668D84320ACEE48BC64D080DD66A403
                  SHA1:1D61D908BFA16CE80E8947100C5F3F936B579C44
                  SHA-256:900EEB69B67266946F541BC6DA5460E6CB9ED4F92816A1710A84625AD123808C
                  SHA-512:53A57A3619425ABEF718ABF9836E9980C42F4130AFA1D7875C4AD5BD5333A4D02D8DB8F274619E6932C2A4A8F46A8AB1C56AFF8F7AF4B2536873ECEBE13C6D93
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....V.....................g.............................................. .............................................. .......`..8....... ............p..4........................... P..(....................#...............................text....T.......V..................`.P`.data........p.......Z..............@.`..rdata...=.......>...`..............@.`@.pdata.. ...........................@.0@.xdata..L...........................@.0@.bss..................................`..edata..............................@.0@.idata....... ......................@.0..CRT....X....@......................@.@..tls....h....P......................@.`..rsrc...8....`......................@.0..reloc..4....p......................@.0B................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\sdl2_ttf.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):33792
                  Entropy (8bit):5.651428871159069
                  Encrypted:false
                  SSDEEP:768:ch6nyBqTviPRGTSJuhrLSA9JT1vZgZDAMABz1w:U6yBqeITSm9HW7F
                  MD5:14E57C1868EFC1FB2E4787754E233364
                  SHA1:09158212CAF3F7F18E3C5AE65EEE4F7A7796CB62
                  SHA-256:507DC8A977D543B3E06BD3FCE41F5759D64B2B21AE829CD2EF41B77BF66968C4
                  SHA-512:83C0C9E444888D837B95B687E127C0C82FB177A712442DC4303E9D03B837941787449804EFB8A75A3489CCBDB9165BFEC7F99773CAB819B6B14CAC19EB37752C
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....P.....................q............................................. .........................................................(.......................h........................... ...(.......................p............................text....O.......P..................`.P`.data...P....`.......T..............@.P..rdata.. ....p.......V..............@.P@.pdata...............^..............@.0@.xdata...............d..............@.0@.bss....0.............................`..edata...............h..............@.0@.idata...............n..............@.0..CRT....X............z..............@.@..tls....h............|..............@.`..rsrc...(............~..............@.0..reloc..h...........................@.0B................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\select.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):27152
                  Entropy (8bit):6.048170705523046
                  Encrypted:false
                  SSDEEP:384:FekE2XR1G6sOhmQI2HTRcqJcE99qT3dI8qGvnYPLxDG4y8Z6K9:F9csXHN/d9qT3dI8qGvWDG4yM
                  MD5:FB4A0D7ABAEAA76676846AD0F08FEFA5
                  SHA1:755FD998215511506EDD2C5C52807B46CA9393B2
                  SHA-256:65A3C8806D456E9DF2211051ED808A087A96C94D38E23D43121AC120B4D36429
                  SHA-512:F5B3557F823EE4C662F2C9B7ECC5497934712E046AA8AE8E625F41756BEB5E524227355316F9145BFABB89B0F6F93A1F37FA94751A66C344C38CE449E879D35F
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-...i...i...i...`.e.k...R...k...R...j...R...c...R...c......k...2...l...i...R......h......h......h......h...Richi...........................PE..d...v.:_.........." .........4.......................................................C....`.........................................0:..L...|:..x............`.......P..........,....3..T...........................`3...............0...............................text............................... ..`.rdata.......0......."..............@..@.data........P.......6..............@....pdata.......`.......<..............@..@.gfids.......p.......@..............@..@.rsrc................B..............@..@.reloc..,............N..............@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\ssleay32.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):361984
                  Entropy (8bit):6.122702766666827
                  Encrypted:false
                  SSDEEP:6144:40HTL9wWNf4yMpLc5AdAZSNSxKqpZfyxDEagXPwkqHSu7miSOKIDermsP8CyjzLI:40HTL9wWNf/Mpg5AdAZSNUh/fyxDEagt
                  MD5:9DAAB52CECB3107A84062E3FA94945A3
                  SHA1:FB8C63FC1E9203915BE82442269A2A63F3D38916
                  SHA-256:A62510849ADECDA090F53A132BE49DAA3ACD92B4EACB02D0464F62C06D655AF6
                  SHA-512:75F096A146C3E75B2886149E8684E374560DB884256276D2D11B9DB09C78C99EAAC7227A888E7B282A03C2002765F0EF97DA19CD2789C6B6D566E79580E59A24
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]..h...;...;...;..U;...;K..:...;v..:...;K..:...;K..:...;K..:...;...:...;...;...;...:+..;...:...;..9;...;...:...;Rich...;........................PE..d...N..].........." .....................................................................`.........................................P'...)...P..........H....p..@&.................. ...T...............................................@............................text............................... ..`.rdata..............................@..@.data........p.......X..............@....pdata..@&...p...(...J..............@..@.rsrc...H............r..............@..@.reloc...............x..............@..B................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):22602752
                  Entropy (8bit):6.416901024594742
                  Encrypted:false
                  SSDEEP:98304:7lGnit2d4bS4AxCOjmu/uDv08cl9rvTQEO/yocBeaQGbYw5atLgatF4+95Bgw6cq:uEu4AhruL0t/2/34eU5ujtF4+udl
                  MD5:D735279B3606F59AAD13FAB2AA9E9CD5
                  SHA1:1DDA8FA756C9A706CC2CD7B72593302346094529
                  SHA-256:E19E7629BACED5112011C8700999901DB780083DA2BCD4D35C946BF43CC19474
                  SHA-512:A8C91E67651B82B3148280D60CF47CF823323A15EF4D5376EFE0ABD18F650ECEF1E599A1214452A55ED9529EE3666128C57606D13FA9E28E7C1411E741EB162F
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........]...3...3...3...0...3...6.s.3...7...3.....3..6...3..7...3..0...3.K.2...3...2...3...2.q.3..p:...3..p1...3.Rich..3.........PE..d.....mf.........."....%......................@.............................._...........`.................................................|K..<.......$...p..P............`_.p....k...............................i..@............ ...............................text............................... ..`.rdata..4U... ...V..................@..@.data...(............h..............@....pdata..P....p......................@..@_RDATA..\....p......................@..@.rsrc...$.........................@..@.reloc..p....`_.......X.............@..B........................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\tcl86t.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):1705120
                  Entropy (8bit):6.496511987047776
                  Encrypted:false
                  SSDEEP:24576:umJTd0nVi/Md3bupZkKBhWPRIlq5YZ6a2CXH7oZgKGc+erWJUVWyubuapwQDlaTR:umJTd4iMwXH7oZgKb++BVL4B+GITgr0h
                  MD5:C0B23815701DBAE2A359CB8ADB9AE730
                  SHA1:5BE6736B645ED12E97B9462B77E5A43482673D90
                  SHA-256:F650D6BC321BCDA3FC3AC3DEC3AC4E473FB0B7B68B6C948581BCFC54653E6768
                  SHA-512:ED60384E95BE8EA5930994DB8527168F78573F8A277F8D21C089F0018CD3B9906DA764ED6FCC1BD4EFAD009557645E206FBB4E5BAEF9AB4B2E3C8BB5C3B5D725
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k)...GD..GD..GD.bFE..GD9..D..GD.bDE..GD.bBE..GD.bCE..GD.r.D..GD.jAE..GD.jFE..GD..FD..GD.bOE..GD.bGE..GD.b.D..GD.bEE..GDRich..GD........PE..d......\.........." .....d..........0h.......................................@.......b....`..........................................p..._......T.......0.... ............... .......<...............................=...............................................text....b.......d.................. ..`.rdata...k.......l...h..............@..@.data...."..........................@....pdata....... ......................@..@.rsrc...0...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\tk86t.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):1468064
                  Entropy (8bit):6.165850680457804
                  Encrypted:false
                  SSDEEP:24576:J7+Vm6O8hbcrckTNrkhaJVQhWnmb7u/DSe9qT03ZjLmFMoERDY5TUT/tXzddGyIK:JCQ69cYY9JVQWx/DSe9qTqJLUMPsJUT/
                  MD5:FDC8A5D96F9576BD70AA1CADC2F21748
                  SHA1:BAE145525A18CE7E5BC69C5F43C6044DE7B6E004
                  SHA-256:1A6D0871BE2FA7153DE22BE008A20A5257B721657E6D4B24DA8B1F940345D0D5
                  SHA-512:816ADA61C1FD941D10E6BB4350BAA77F520E2476058249B269802BE826BAB294A9C18EDC5D590F5ED6F8DAFED502AB7FFB29DB2F44292CB5BEDF2F5FA609F49C
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........................................B................R..................Rich..................PE..d......\.........." .........J......@........................................p.......f....`.............................................@@..P>..|........{......,....L.......0...?..`................................................ ..P............................text...c........................... ..`.rdata...?... ...@..................@..@.data........`.......N..............@....pdata..,...........................@..@.rsrc....{.......|..................@..@.reloc...?...0...@..................@..B........................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\unicodedata.pyd

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):1073680
                  Entropy (8bit):5.327852618149687
                  Encrypted:false
                  SSDEEP:12288:ge+YbeoEYa6l0SYxytHcQJJwEI+V/IFx7agsSJNzkRoEVnOPmrZ6bK:ge+BN6axoc1r+VUx7agnNctOo6K
                  MD5:4D3D8E16E98558FF9DAC8FC7061E2759
                  SHA1:C918AB67B580F955B6361F9900930DA38CEC7C91
                  SHA-256:016D962782BEAE0EA8417A17E67956B27610F4565CFF71DD35A6E52AB187C095
                  SHA-512:0DFABFAD969DA806BC9C6C664CDF31647D89951832FF7E4E5EEED81F1DE9263ED71BDDEFF76EBB8E47D6248AD4F832CB8AD456F11E401C3481674BD60283991A
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........VQx..Qx..Qx..X.O.Wx..j&..Sx..j&..Sx..j&..Zx..j&..[x...&..Rx......Sx..Qx...x...&..Px...&..Px...&#.Px...&..Px..RichQx..........................PE..d...w.:_.........." .....@..........h5....................................................`..........................................b..X...Hc.......p.......P..X....H..............`u..T............................u...............P..8............................text...Q?.......@.................. ..`.rdata.......P.......D..............@..@.data........p.......`..............@....pdata..X....P......................@..@.gfids.......`.......8..............@..@.rsrc........p.......:..............@..@.reloc...............F..............@..B........................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\vcruntime140.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):87864
                  Entropy (8bit):6.50974924823557
                  Encrypted:false
                  SSDEEP:1536:JiOTTyNdd/mqN5fomseOpLJ5UP4nVnWecbtGgcNZVKL:JD4Vzgh5UXecbt2ju
                  MD5:89A24C66E7A522F1E0016B1D0B4316DC
                  SHA1:5340DD64CFE26E3D5F68F7ED344C4FD96FBD0D42
                  SHA-256:3096CAFB6A21B6D28CF4FE2DD85814F599412C0FE1EF090DD08D1C03AFFE9AB6
                  SHA-512:E88E0459744A950829CD508A93E2EF0061293AB32FACD9D8951686CBE271B34460EFD159FD8EC4AA96FF8A629741006458B166E5CFF21F35D049AD059BC56A1A
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......).uym~.*m~.*m~.*...*o~.*d..*f~.*m~.*F~.*V .+n~.*V .+g~.*V .+f~.*V .+s~.*V .+l~.*V .*l~.*V .+l~.*Richm~.*........PE..d....Z.........." .........T......@........................................p......m.....`A........................................0...4...d........P.......0..........8?...`..p...p...8............................................................................text...'........................... ..`.rdata..f5.......6..................@..@.data........ ......................@....pdata.......0......................@..@_RDATA.......@......................@..@.rsrc........P......................@..@.reloc..p....`......................@..B........................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\vcruntime140_1.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):44528
                  Entropy (8bit):6.627837381503075
                  Encrypted:false
                  SSDEEP:384:Aim/NRETi8kykt25HwviU5fJUiP2551xWmbTqOA7SXf+Ny85xM8ATJWr3KWoC8cS:0Ie8kySL2iPQxdvjAevcMESW5lxJG
                  MD5:6BC084255A5E9EB8DF2BCD75B4CD0777
                  SHA1:CF071AD4E512CD934028F005CABE06384A3954B6
                  SHA-256:1F0F5F2CE671E0F68CF96176721DF0E5E6F527C8CA9CFA98AA875B5A3816D460
                  SHA-512:B822538494D13BDA947655AF791FED4DAA811F20C4B63A45246C8F3BEFA3EC37FF1AA79246C89174FE35D76FFB636FA228AFA4BDA0BD6D2C41D01228B151FD89
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ .S.A...A...A..0.m..A..O....A...9...A...A...A..O....A..O....A..O....A..O....A..O.}..A..O....A..Rich.A..................PE..d.....t^.........." .....:...4......pA...............................................Z....`A.........................................j......|k..x....................l...A......8....b..8...........................@b..0............P..X............................text....9.......:.................. ..`.rdata... ...P..."...>..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..8............j..............@..B........................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\zlib1.dll

                  Download File
                  Process:C:\Users\user\Desktop\apt66ext.log.exe
                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):108544
                  Entropy (8bit):6.422076432206121
                  Encrypted:false
                  SSDEEP:3072:wLmjK8n5MYk+NqZSB23eRenGvTBfs9Yy0J:wLl8n5MYCjFnaTBwYy0
                  MD5:5EAC41B641E813F2A887C25E7C87A02E
                  SHA1:EC3F6CF88711EF8CFB3CC439CB75471A2BB9E1B5
                  SHA-256:B1F58A17F3BFD55523E7BEF685ACF5B32D1C2A6F25ABDCD442681266FD26AB08
                  SHA-512:CAD34A495F1D67C4D79ED88C5C52CF9F2D724A1748EE92518B8ECE4E8F2FE1D443DFE93FB9DBA8959C0E44C7973AF41EB1471507AB8A5B1200A25D75287D5DE5
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....&.....................b.............................@................ .........................................|.......x.... .......................0.............................. ...(....................................................text....%.......&..................`.P`.data...P....@.......*..............@.P..rdata...Q...P...R...,..............@.`@.pdata...............~..............@.0@.xdata..l...........................@.0@.bss..................................`..edata..|...........................@.0@.idata..x...........................@.0..CRT....X...........................@.@..tls....h...........................@.`..rsrc........ ......................@.0..reloc.......0......................@.0B................................................................................................................................

                  \Device\Null

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):289
                  Entropy (8bit):5.156721778700509
                  Encrypted:false
                  SSDEEP:6:fFN3vPINwkn23fARBA6RNwkn23fARBAmGwq5MtfrDRd+rg:f7f4sf4Iwq5obn
                  MD5:DE027C8AC18269DAF2B284463324BE83
                  SHA1:FAF53E7F87F094B2962E7482FEE7DF7DA2A1BC8A
                  SHA-256:73C0B7807F591B87D3337E5E10543E58189B100586E73B717D724844FCC092A0
                  SHA-512:1BE57A4B0213191B3C6C0040D30B21FA41902ECC74DED81CB57BCDED56A1B20B0C4F1BF5EDD4E918345879C325C36A4118F41AE7C8983E880C020A3A1A1D05E1
                  Malicious:false
                  Preview:Traceback (most recent call last):.. File "C:\Users\user\AppData\Local\Temp\ONEFIL~1\staged_out.py", line 42, in <module>.. File "C:\Users\user\AppData\Local\Temp\ONEFIL~1\staged_out.py", line 9, in extract_bytes2..FileNotFoundError: [Errno 2] No such file or directory: 'image1.jpg'..

                  Static File Info

                  General

                  File type:PE32+ executable (GUI) x86-64, for MS Windows
                  Entropy (8bit):7.998533737468859
                  TrID:
                  • Win64 Executable GUI (202006/5) 92.65%
                  • Win64 Executable (generic) (12005/4) 5.51%
                  • Generic Win/DOS Executable (2004/3) 0.92%
                  • DOS Executable Generic (2002/1) 0.92%
                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                  File name:apt66ext.log.exe
                  File size:55'675'088 bytes
                  MD5:494a19dc7e5eaa0e516ece245d2661de
                  SHA1:37e1a6a7b9c2f85d563bfa44aabcabc26fd00fb5
                  SHA256:7ff47dce0ad262f4c0818170213a2a5c97b098258f5b2e85b3df5a48eed05183
                  SHA512:180fdb170b68399c563c1de6c290a9b365f32c484ff53e16d4edbf967cd4fa9d8d50b45ab87afd6f1e9b670240d640da683a7e3e657ed22bd648d385624ec06a
                  SSDEEP:1572864:bVxMP+5vwyPlqv4QvVWKZeIw3UzwKxy27PXHB:bVCCwy9uVPw3U0KxyAPXh
                  TLSH:80C73345B5E059A3DC7A0A3C6B822756D7774F24137AF57A12ADEFA53F2B2C00A03391
                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<...x...x...x...3...~...3.......3...r...m.x.y...m...P...m...h...m...q...3.......x.......NY..y...NY..y...Richx..................

                  File Icon

                  Icon Hash:90cececece8e8eb0

                  Static PE Info

                  General

                  Entrypoint:0x14000b9d4
                  Entrypoint Section:.text
                  Digitally signed:false
                  Imagebase:0x140000000
                  Subsystem:windows gui
                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                  DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Time Stamp:0x666DFEC3 [Sat Jun 15 20:51:15 2024 UTC]
                  TLS Callbacks:
                  CLR (.Net) Version:
                  OS Version Major:6
                  OS Version Minor:0
                  File Version Major:6
                  File Version Minor:0
                  Subsystem Version Major:6
                  Subsystem Version Minor:0
                  Import Hash:ac0e09d0c87fe7a2b9c519b9d03a9c4c

                  Entrypoint Preview

                  Instruction
                  dec eax
                  sub esp, 28h
                  call 00007F6F6CBA9AC0h
                  dec eax
                  add esp, 28h
                  jmp 00007F6F6CBA96DFh
                  int3
                  int3
                  dec eax
                  sub esp, 28h
                  call 00007F6F6CBAA040h
                  test eax, eax
                  je 00007F6F6CBA9883h
                  dec eax
                  mov eax, dword ptr [00000030h]
                  dec eax
                  mov ecx, dword ptr [eax+08h]
                  jmp 00007F6F6CBA9867h
                  dec eax
                  cmp ecx, eax
                  je 00007F6F6CBA9876h
                  xor eax, eax
                  dec eax
                  cmpxchg dword ptr [00023624h], ecx
                  jne 00007F6F6CBA9850h
                  xor al, al
                  dec eax
                  add esp, 28h
                  ret
                  mov al, 01h
                  jmp 00007F6F6CBA9859h
                  int3
                  int3
                  int3
                  inc eax
                  push ebx
                  dec eax
                  sub esp, 20h
                  movzx eax, byte ptr [0002360Fh]
                  test ecx, ecx
                  mov ebx, 00000001h
                  cmove eax, ebx
                  mov byte ptr [000235FFh], al
                  call 00007F6F6CBA9E3Fh
                  call 00007F6F6CBAA1F2h
                  test al, al
                  jne 00007F6F6CBA9866h
                  xor al, al
                  jmp 00007F6F6CBA9876h
                  call 00007F6F6CBB213Dh
                  test al, al
                  jne 00007F6F6CBA986Bh
                  xor ecx, ecx
                  call 00007F6F6CBAA202h
                  jmp 00007F6F6CBA984Ch
                  mov al, bl
                  dec eax
                  add esp, 20h
                  pop ebx
                  ret
                  int3
                  int3
                  int3
                  inc eax
                  push ebx
                  dec eax
                  sub esp, 20h
                  cmp byte ptr [000235C4h], 00000000h
                  mov ebx, ecx
                  jne 00007F6F6CBA98C9h
                  cmp ecx, 01h
                  jnbe 00007F6F6CBA98CCh
                  call 00007F6F6CBA9FA6h
                  test eax, eax
                  je 00007F6F6CBA988Ah
                  test ebx, ebx
                  jne 00007F6F6CBA9886h
                  dec eax
                  lea ecx, dword ptr [000235AEh]
                  call 00007F6F6CBA995Ah

                  Data Directories

                  NameVirtual AddressVirtual Size Is in Section
                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IMPORT0x2c6d40x50.rdata
                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x420000x650.rsrc
                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x3f0000x17ac.pdata
                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x430000x688.reloc
                  IMAGE_DIRECTORY_ENTRY_DEBUG0x2a6e00x1c.rdata
                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2a5a00x140.rdata
                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IAT0x210000x2e0.rdata
                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                  Sections

                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                  .text0x10000x1f3c00x1f400c7d29c2b9e87232d702678fef015b4e0False0.5670234375data6.515564388042751IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  .rdata0x210000xc0a20xc2004bfa551f9c945e1c21fad8200ec36ae9False0.45636678479381443data4.958008746434117IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .data0x2e0000x10e200xc007efb5e45c6396e8e72c035a72454c779False0.13834635416666666data1.9365092737279315IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .pdata0x3f0000x17ac0x1800eabc79cf61614335abee2595bf6febe1False0.4845377604166667PEX Binary Archive5.238277906459359IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  _RDATA0x410000x15c0x2000e298e939cd8ebce21635f36fc348f7fFalse0.38671875data2.7705155368720655IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .rsrc0x420000x6500x800a48f91de4ba9dfaca9acc9ee41ed9281False0.3662109375data5.049078041128307IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .reloc0x430000x6880x800258f86e1560af5f605f5562e4e0b7884False0.51123046875data4.9284885046123845IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                  Resources

                  NameRVASizeTypeLanguageCountryZLIB Complexity
                  RT_VERSION0x420a00x270data0.4567307692307692
                  RT_MANIFEST0x423100x33dASCII text, with very long lines (829), with no line terminators0.4873341375150784

                  Imports

                  DLLImport
                  SHELL32.dllSHFileOperationW, SHGetFolderPathW
                  imagehlp.dllUnMapAndLoad, MapAndLoad
                  KERNEL32.dllTlsFree, WriteConsoleW, HeapReAlloc, HeapSize, SetFilePointerEx, CreateDirectoryW, ReadFile, SetConsoleCtrlHandler, GetCommandLineW, WriteFile, GetShortPathNameW, GetModuleFileNameW, GetProcessId, SetFilePointer, GetTempPathW, WaitForSingleObject, CreateFileW, GetLastError, CloseHandle, SetEnvironmentVariableA, GetCurrentProcessId, CreateProcessW, GetSystemTimeAsFileTime, FormatMessageA, GenerateConsoleCtrlEvent, GetExitCodeProcess, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentThreadId, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, GetFileSizeEx, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, FreeLibrary, GetProcAddress, LoadLibraryExW, EncodePointer, RaiseException, RtlPcToFileHeader, ExitProcess, GetModuleHandleExW, GetCommandLineA, GetStdHandle, HeapAlloc, MultiByteToWideChar, HeapFree, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, LCMapStringW, GetFileType, WideCharToMultiByte, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetStringTypeW, GetProcessHeap, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode

                  Network Behavior

                  No network behavior found

                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  High Level Behavior Distribution

                  Click to dive into process behavior distribution

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:00:45:03
                  Start date:05/07/2024
                  Path:C:\Users\user\Desktop\apt66ext.log.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Users\user\Desktop\apt66ext.log.exe"
                  Imagebase:0x7ff7613f0000
                  File size:55'675'088 bytes
                  MD5 hash:494A19DC7E5EAA0E516ECE245D2661DE
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:true

                  General

                  Target ID:1
                  Start time:00:45:11
                  Start date:05/07/2024
                  Path:C:\Users\user\AppData\Local\Temp\onefile_7328_133646283031458294\staged_out.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Users\user\Desktop\apt66ext.log.exe"
                  Imagebase:0x7ff67d9d0000
                  File size:22'602'752 bytes
                  MD5 hash:D735279B3606F59AAD13FAB2AA9E9CD5
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:true

                  Disassembly

                  Reset < >

                    Executed Functions

                    Function 00007FF7613FAC90 Relevance: 79.3, APIs: 30, Strings: 15, Instructions: 531filewindowCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: File$ErrorFormatLastMessageNamePointer$CreatePathReadShort$ConsoleCtrlDirectoryFeatureHandlerModulePresentProcessor
                    • String ID: $%TEMP%\onefile_%PID%_%TIME%$A$C:\Users\user\AppData\Local\Temp\\onefile_7328_133646283031458294$C:\Users\user\AppData\Local\Temp\\onefile_7328_133646283031458294\pygame\transform.pyd$C:\Users\user\AppData\Local\Temp\\onefile_7328_133646283031458294\staged_out.exe$Error, couldn't runtime expand temporary directory pattern:$Error, failed to access unpacked executable.$Error, failed to locate onefile filename.$Error, failed to open '%ls' for writing.$Error, failed to register signal handler.$K$NUITKA_ONEFILE_PARENT$Y$\dont-search-path
                    • API String ID: 3937968633-3822273521
                    • Opcode ID: 76a242d4c7fa5177fcfd9821d08f67e89df18fa8986a7933a3620203f42b849d
                    • Instruction ID: 65394837da4dd08d19cd908bb8faaeb566cbe38c58da4ea8e281f45b90c5b6a5
                    • Opcode Fuzzy Hash: 76a242d4c7fa5177fcfd9821d08f67e89df18fa8986a7933a3620203f42b849d
                    • Instruction Fuzzy Hash: 3B329361E18682C5EB11BB22E4192B9FBA0FF44F94FD58139D94E07AA4DFBCE445C720
                    Function 00007FF7613FAB70 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 49synchronizationwindowCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: CloseConsoleCtrlErrorEventFileFormatGenerateHandleLastMessageObjectOperationProcessSingleWait
                    • String ID: C:\Users\user\AppData\Local\Temp\\onefile_7328_133646283031458294$Failed to send CTRL-C to child process.
                    • API String ID: 4185614815-1523101883
                    • Opcode ID: f561157c7c38a756df84a534cdef40b17fd149feedbf9c903231cf1b92af38a4
                    • Instruction ID: 57971b18a9d38fb5863192f207475975e5a7d2e2141d97c023dd8d6e9a6e0ef3
                    • Opcode Fuzzy Hash: f561157c7c38a756df84a534cdef40b17fd149feedbf9c903231cf1b92af38a4
                    • Instruction Fuzzy Hash: 1921FB61A18A81CAEB11AB61F858375BA74FB94F80F940139D58E83A64DF7DE445C710
                    Function 00007FF7613FB860 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                    • String ID:
                    • API String ID: 1452418845-0
                    • Opcode ID: dce74b2f6d7858518ca18e5687f89e643830ad491a290fb219cca55f8439f985
                    • Instruction ID: d294e55a53defeaa52cc518404bcc53b0c46b331443e016f9934765cf14d3a36
                    • Opcode Fuzzy Hash: dce74b2f6d7858518ca18e5687f89e643830ad491a290fb219cca55f8439f985
                    • Instruction Fuzzy Hash: EE312B91E0C207C9FF15BB67945A3B996919F51F44FC9803CE94F4B6EBCEECA4058221
                    Function 00007FF7613FF594 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: Process$CurrentExitTerminate
                    • String ID:
                    • API String ID: 1703294689-0
                    • Opcode ID: 4055f651c0c246543d5ac86e3fd3dbac438b4a14224d2e6117c2b18e0789028f
                    • Instruction ID: f90911a73e38c31ce6f80f9981d5c57f5db4943635db1dedfd938347827fda09
                    • Opcode Fuzzy Hash: 4055f651c0c246543d5ac86e3fd3dbac438b4a14224d2e6117c2b18e0789028f
                    • Instruction Fuzzy Hash: DDD01C51F08202C6EB083F32188E078A6292F68F82BA9143CC80F47382CDACA80CC220
                    Function 00007FF761405A84 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                    Download Yara Rule
                    APIs
                    • RtlDeleteBoundaryDescriptor.NTDLL(?,?,00000000,00007FF761409996,?,?,?,00007FF7614099D3,?,?,00000000,00007FF761409ECD,?,?,?,00007FF761409DFF), ref: 00007FF761405A9A
                    • GetLastError.KERNEL32(?,?,00000000,00007FF761409996,?,?,?,00007FF7614099D3,?,?,00000000,00007FF761409ECD,?,?,?,00007FF761409DFF), ref: 00007FF761405AA4
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: BoundaryDeleteDescriptorErrorLast
                    • String ID:
                    • API String ID: 2050971199-0
                    • Opcode ID: ce0948fecc9d7e54df5e8f4da5652d1466c4ce4fa1bfae00bf0852d8f715b78b
                    • Instruction ID: fe337825107e02bf6ce540e4e525432f0085c5f846098fb93e0353294a2ae0e1
                    • Opcode Fuzzy Hash: ce0948fecc9d7e54df5e8f4da5652d1466c4ce4fa1bfae00bf0852d8f715b78b
                    • Instruction Fuzzy Hash: 42E0BF51F09642C6FF15BBB2588E074AA519F98F51BD54034C90D4B252DDAC69858670
                    Function 00007FF7613FF4C5 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: HandleModule$AddressFreeLibraryProc
                    • String ID:
                    • API String ID: 3947729631-0
                    • Opcode ID: cbfdff3f66ec1cb61838929dfd3c134f9ff58d4689a51f64f2205533c134c9c9
                    • Instruction ID: 9cf37f7ac18cb7b90e77496ca1c84b456c7ecba355cddf9a2152d16c69d9045e
                    • Opcode Fuzzy Hash: cbfdff3f66ec1cb61838929dfd3c134f9ff58d4689a51f64f2205533c134c9c9
                    • Instruction Fuzzy Hash: DC21A373A04B01DDEF24AF69D4882FC77A4EB04B18F88063ADA5E06AD5DF78D446C750
                    Function 00007FF7614095B8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: _invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 3215553584-0
                    • Opcode ID: 5e09b996b4f39bdc144a7422a4387001fd20d6f67051bfa4429e62758db17776
                    • Instruction ID: fc50891faf54f7c875f4afced464fb02a67bede1d94e77b04ade561eaba62409
                    • Opcode Fuzzy Hash: 5e09b996b4f39bdc144a7422a4387001fd20d6f67051bfa4429e62758db17776
                    • Instruction Fuzzy Hash: 99116032A1D642C2E310BB16E859179EBA4FB40F41FD60834D66D47791CFBDE411CB60
                    Function 00007FF761404F38 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMON
                    Download Yara Rule
                    APIs
                    • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF76140590E,?,?,?,00007FF76140487F,?,?,00000000,00007FF761404B1A), ref: 00007FF761404F8D
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: AllocateHeap
                    • String ID:
                    • API String ID: 1279760036-0
                    • Opcode ID: f02394e12f0b0f412ad0511da1f9294b77fa5c43d3fa51ba5ee621305ff8bc5b
                    • Instruction ID: bf6f5d4c2f08793dc51282febb5cc99605ed45a8e17cc889ac326641309484f1
                    • Opcode Fuzzy Hash: f02394e12f0b0f412ad0511da1f9294b77fa5c43d3fa51ba5ee621305ff8bc5b
                    • Instruction Fuzzy Hash: 3EF03C50B09243C4FF557BA3546D2B49B905FA8F82F9C4438C90E87281DDACE9828230
                    Function 00007FF761406974 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                    Download Yara Rule
                    APIs
                    • RtlAllocateHeap.NTDLL(?,?,?,00007FF7614068DD,?,?,?,00007FF761400C58), ref: 00007FF7614069B2
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: AllocateHeap
                    • String ID:
                    • API String ID: 1279760036-0
                    • Opcode ID: 4c0717f1cdc8f8df66da853b8d48a1a3a7913ef375afbb5a9b1904c084483452
                    • Instruction ID: 094299d6c52e68dfaf45a9ee741b59042ebb969dcd0ba64dca4034e8d607c4ba
                    • Opcode Fuzzy Hash: 4c0717f1cdc8f8df66da853b8d48a1a3a7913ef375afbb5a9b1904c084483452
                    • Instruction Fuzzy Hash: EEF05810B0D283C0FF657BA359592B49B845F88FB2F985634D82F877C1DEACE4818230

                    Non-executed Functions

                    Function 00007FF7613FA440 Relevance: 26.4, APIs: 1, Strings: 14, Instructions: 196COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID: %TEMP%\onefile_%PID%_%TIME%$%lld$5.3.0.0-5...3...0...0$C:\Users\user\AppData\Local\Temp\\onefile_7328_133646283031458294$CACHE_DIR$COMPANY$HOME$PID$PRODUCT$PROGRAM$TEMP$TIME$VERSION$updatelogic
                    • API String ID: 0-1001654385
                    • Opcode ID: 713767e04934b2dfda0d1b5df6f1d0a54cf91e4dcb0e3adfa77639c17ba4703b
                    • Instruction ID: 890f6f835b22963baa3b137101106df9c450a304ee8f8ccfd6f7677acb32dc04
                    • Opcode Fuzzy Hash: 713767e04934b2dfda0d1b5df6f1d0a54cf91e4dcb0e3adfa77639c17ba4703b
                    • Instruction Fuzzy Hash: 74818E22A19683C5EF20AF12D4192B9B7A4FF50F80FD84035CA4E436A5EFBDE446C361
                    Function 00007FF76140C00C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                    • API String ID: 808467561-2761157908
                    • Opcode ID: 87b9213b6598af07eb8d1530f76efede2e8bc17bd471710aeacf5c3e3bb1998e
                    • Instruction ID: 8d25c3cc90461697b26b96ae83ce972162337c8a5c10f6588a3c9f3dd0ef7636
                    • Opcode Fuzzy Hash: 87b9213b6598af07eb8d1530f76efede2e8bc17bd471710aeacf5c3e3bb1998e
                    • Instruction Fuzzy Hash: 5EB2EA72E18282CBE724DF66D4487FDBBA1FB44B49F905135DA0D57A84DBB8E900CB60
                    Function 00007FF7613FBD58 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                    • String ID:
                    • API String ID: 3140674995-0
                    • Opcode ID: ecc87c728d9134544b44de582408ed54e050f4d2a6405b8fa837f0fbd0d40c3a
                    • Instruction ID: 0063c2145ffbefa8516ff5665d731b573e110177213704ea5d92b86d3544fa35
                    • Opcode Fuzzy Hash: ecc87c728d9134544b44de582408ed54e050f4d2a6405b8fa837f0fbd0d40c3a
                    • Instruction Fuzzy Hash: F2314F72709A81C9EB60AF61E8447E9B770FB94B44F84403ADA4E47A98DF7CD648C720
                    Function 00007FF7614048F0 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                    • String ID:
                    • API String ID: 1239891234-0
                    • Opcode ID: 10b7bcf8786016dded377023b6a3d83c6c99cbcb26a7ee9cb633963b1d815aa9
                    • Instruction ID: 35f3e88d588aec7ed6315222dface457d0b4835c209222747ebf5b90ab4df73e
                    • Opcode Fuzzy Hash: 10b7bcf8786016dded377023b6a3d83c6c99cbcb26a7ee9cb633963b1d815aa9
                    • Instruction Fuzzy Hash: 34319672718B81C5DB60DF25E8452ADB7A0FB98B94F940135EA8D43B58DF7CC145CB10
                    Function 00007FF761408370 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: FileFindFirst_invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 2227656907-0
                    • Opcode ID: 18e4e6ac8f53bf10a4fa7cd60f3a5f7228ba7ba0aed65be2a3402df0291c35ed
                    • Instruction ID: 8dd1804f5dba7ef51bde5d6046e75eff700d030d7c0f90a82d3cd207575cd078
                    • Opcode Fuzzy Hash: 18e4e6ac8f53bf10a4fa7cd60f3a5f7228ba7ba0aed65be2a3402df0291c35ed
                    • Instruction Fuzzy Hash: A4B1B521F18653C1EB61AB239A086B9EB50EB44FD5F854135EE4D0BB89DFBCE441D720
                    Function 00007FF76140BB70 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: memcpy_s
                    • String ID:
                    • API String ID: 1502251526-0
                    • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                    • Instruction ID: cdb0c8e187b9a1d6aeda91787becf6a6b642986b9e5d614ebf9421e7f7a2feed
                    • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                    • Instruction Fuzzy Hash: FDC1E676B18686C7E724DF1AA04866AFB91FB84B85F84C139DB4E43784DB7DE801CB44
                    Function 00007FF7613F4250 Relevance: 4.8, Strings: 3, Instructions: 1029COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID: @$@$@
                    • API String ID: 0-1177533131
                    • Opcode ID: ba8dcc85a86abb1c01ea7c4882e7cf2040815fbccdf80a1480fbb7c4bc94de07
                    • Instruction ID: df97e3b4099c332ee5629238e03de126e4a80e8cf4774450d8ec6aa8b8aa3746
                    • Opcode Fuzzy Hash: ba8dcc85a86abb1c01ea7c4882e7cf2040815fbccdf80a1480fbb7c4bc94de07
                    • Instruction Fuzzy Hash: 23920533B246D18BDF04DF29D45427DBBB0E799794B0C412AEB9E87BD4EA28C515CB20
                    Function 00007FF7613F7E70 Relevance: 3.3, Strings: 2, Instructions: 764COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID: #$4
                    • API String ID: 0-353776824
                    • Opcode ID: d104f9678b08ada7fb75871e2dd3a44a10f4034ede789ef5fc11531a99e7d879
                    • Instruction ID: 39f28efc22bef98e044e5272935f865cf28eb00ea922a566766882dd171e43d3
                    • Opcode Fuzzy Hash: d104f9678b08ada7fb75871e2dd3a44a10f4034ede789ef5fc11531a99e7d879
                    • Instruction Fuzzy Hash: 61620433A18692CADB189F2790082BEB7A1F745B98F998139DA8E03794DB7DD444DB10
                    Function 00007FF76140F668 Relevance: 3.2, APIs: 2, Instructions: 227COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: ExceptionRaise_clrfp
                    • String ID:
                    • API String ID: 15204871-0
                    • Opcode ID: 788bc86a1f05762f55aed558cc7faf0347ad1811ed0d1f513233d1fc943d0910
                    • Instruction ID: 2120f13f98adedc376f1d9f930cf623b1ca3e77a46b25d16f98c9b0578914b81
                    • Opcode Fuzzy Hash: 788bc86a1f05762f55aed558cc7faf0347ad1811ed0d1f513233d1fc943d0910
                    • Instruction Fuzzy Hash: 6BB16873A01B89CBEB15CF2AC84A368BBA0F784F48F148932DA5D837A4CB79D451C714
                    Function 00007FF7613F63F0 Relevance: 3.1, Strings: 2, Instructions: 633COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID: #$4
                    • API String ID: 0-353776824
                    • Opcode ID: 278c4525af4e4de455cde0262d67465256cd019789eb2c8529dfc63910e1c571
                    • Instruction ID: 53559659c0e80f9f77719bcfe660f7a168ce0df6e4003f35acf53c002dcfbaa0
                    • Opcode Fuzzy Hash: 278c4525af4e4de455cde0262d67465256cd019789eb2c8529dfc63910e1c571
                    • Instruction Fuzzy Hash: E34214B3B186D1CADB009F26E4081ADB7A1FB44B84F984139EA9E53B98DB7CD845C700
                    Function 00007FF761407190 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID: e+000$gfff
                    • API String ID: 0-3030954782
                    • Opcode ID: e6c92b63ab8348172b4f1d15cfa2912c8af0ee62ec8be1f2865f45132d15813e
                    • Instruction ID: 79729b80b9b4af2692d7b63b622a6f89f9e661f25651a76a88cf13a9036dd160
                    • Opcode Fuzzy Hash: e6c92b63ab8348172b4f1d15cfa2912c8af0ee62ec8be1f2865f45132d15813e
                    • Instruction Fuzzy Hash: 40516722B1C2C5C6E7249F369809769FB91E744F95F888235DB984BBC1CEBDE444C711
                    Function 00007FF7613F2D70 Relevance: 2.0, Strings: 1, Instructions: 744COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID: @
                    • API String ID: 0-2766056989
                    • Opcode ID: 17a32754b3be5ecddc6ca883ffe9f6f2205faa1975401ee855b00d3c5a03e51d
                    • Instruction ID: bf396c6bfcbe0ecda47b9f6767c90a8b71008edcb40655445d2b9490e982fbc8
                    • Opcode Fuzzy Hash: 17a32754b3be5ecddc6ca883ffe9f6f2205faa1975401ee855b00d3c5a03e51d
                    • Instruction Fuzzy Hash: 62526973B187E48BCB498B26E4546BD7FB5E755794B08422AEE9E93BC5CE2CC044CB10
                    Function 00007FF761406CFC Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID: gfffffff
                    • API String ID: 0-1523873471
                    • Opcode ID: 600295280efd9409e43e2c28a74049d09f6741da58054a69084e457645398cc1
                    • Instruction ID: a5aa44b85cd8ab6c6aa6f847dd1ca1382f1b14c398f02f80cdaee4246287e31b
                    • Opcode Fuzzy Hash: 600295280efd9409e43e2c28a74049d09f6741da58054a69084e457645398cc1
                    • Instruction Fuzzy Hash: 2CA17763B0C7C6C6EB21DB2AA0147AABB90AB50FC5F848131DE8E47781DE7DD941C711
                    Function 00007FF761400E28 Relevance: 1.5, Strings: 1, Instructions: 250COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID: 0-3916222277
                    • Opcode ID: 7b72d27635fc442e1ebff75513c9f2638703599bd79b72d565658fcebe974105
                    • Instruction ID: 346d5f4dc3d0cf9fc0ce5a1a8141d532913f8db12ec57016630c2ac838a1f20b
                    • Opcode Fuzzy Hash: 7b72d27635fc442e1ebff75513c9f2638703599bd79b72d565658fcebe974105
                    • Instruction Fuzzy Hash: 8DB1B172A08681C5E764AF3AD05823DBFB0EB09F89F984139DA4E47795CFB9D440C760
                    Function 00007FF7614011C0 Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID: 0-3916222277
                    • Opcode ID: ef49cb94395e06cbb21b3baba8ca1d8c7f68af0937311a89fd99be838a8fed40
                    • Instruction ID: 6b21e48a2f2a95c99d6dcdc286e8cdf4797a71cca4f61218e4b139f1afd6e041
                    • Opcode Fuzzy Hash: ef49cb94395e06cbb21b3baba8ca1d8c7f68af0937311a89fd99be838a8fed40
                    • Instruction Fuzzy Hash: 5CB15972908785C5E764AF2AC05823CBFB0EB49F4DBA90239CA4E477A5CFB9D441C724
                    Function 00007FF76140A11C Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: HeapProcess
                    • String ID:
                    • API String ID: 54951025-0
                    • Opcode ID: 9c72b5a89da4e52dbf914038315902266e436a9e788fb0955957fe8c3ebdc79d
                    • Instruction ID: d826285338eeabeb0903856e031a3b84eb8e7a21cac5a43dcbe26abde60c68e9
                    • Opcode Fuzzy Hash: 9c72b5a89da4e52dbf914038315902266e436a9e788fb0955957fe8c3ebdc79d
                    • Instruction Fuzzy Hash: 73B09B50E07601C1E74577116C8713456A46F54F10FF50034C00D51320DD6C10E69710
                    Function 00007FF7613F9430 Relevance: .9, Instructions: 894COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 350510907982cde61b13ae1233c41c743ab28a77f136f96fae7077054a619dc1
                    • Instruction ID: 3e58095fc7e8b43dd6d0c9f2fb6241df913c38e2150ab83ef8149c38e559bfce
                    • Opcode Fuzzy Hash: 350510907982cde61b13ae1233c41c743ab28a77f136f96fae7077054a619dc1
                    • Instruction Fuzzy Hash: 5982E373A04B85CAEF10CF2AD4441ACB7B0F759B98B544226EB5E47B99EF78E195C300
                    Function 00007FF7613F15A0 Relevance: .7, Instructions: 673COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 95ad6508ab47d8ef33e35aa79bd4716b28f8f82bacfa5e90686771094938a787
                    • Instruction ID: b92b69039c465f170e1945acc5116732c4a960194f355a0f40d49c69039d9e47
                    • Opcode Fuzzy Hash: 95ad6508ab47d8ef33e35aa79bd4716b28f8f82bacfa5e90686771094938a787
                    • Instruction Fuzzy Hash: 20324C7372859587EF14DA2AE4086B9F7A2E785BD0F888139DA4F47B84DE7CD909C700
                    Function 00007FF7613F8D80 Relevance: .5, Instructions: 451COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4ca7bdffcef837c8e57137e3534567cde4225a05dea147659d17b9120dae63f1
                    • Instruction ID: 0eca698018afc24190d910bcb36bc010e470a49a7c9742427c0fe328ac37599d
                    • Opcode Fuzzy Hash: 4ca7bdffcef837c8e57137e3534567cde4225a05dea147659d17b9120dae63f1
                    • Instruction Fuzzy Hash: 6312C332A04B95CAEF04DF6AD4441AC77B1F749B98B48422AEF5E47B98EF78D185C310
                    Function 00007FF761401850 Relevance: .4, Instructions: 351COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2cee7c84b11f69186bbbf18f56321aabaa6c1170a366f8276b9d23cf500201f9
                    • Instruction ID: 745bad703b744cc3763927a0a68c7ba2465a1f7a9a3075b12686d9eb43c2351b
                    • Opcode Fuzzy Hash: 2cee7c84b11f69186bbbf18f56321aabaa6c1170a366f8276b9d23cf500201f9
                    • Instruction Fuzzy Hash: 8AE1E432A08642C5E764AB2AC19C77DABB1EB45F4EF944235CE4D072D5DFB8E981C720
                    Function 00007FF761401C88 Relevance: .3, Instructions: 327COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f0d9d41570245a27f984b05403bb5f629f7b368093541d6f23e95c0a6537895b
                    • Instruction ID: 37108e3c80e6d2e3bbbc6be9ae2cbf601bd498e98dc152486ea26a32b0588714
                    • Opcode Fuzzy Hash: f0d9d41570245a27f984b05403bb5f629f7b368093541d6f23e95c0a6537895b
                    • Instruction Fuzzy Hash: E2D1B222A08642C6EB68AB27805867DBBB1EF45F5DF944239CE0D076D5CFBDE845C360
                    Function 00007FF7613F7A30 Relevance: .3, Instructions: 270COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f2b6a183fb11f1282db785b6933484257d85cc300f661719a3b157d215283c24
                    • Instruction ID: f2c26f1f29c7728117fb0a669d79fb9e536060a9cf894b0251edf9c3c09b4317
                    • Opcode Fuzzy Hash: f2b6a183fb11f1282db785b6933484257d85cc300f661719a3b157d215283c24
                    • Instruction Fuzzy Hash: EFB1AA73E18686CAEF68AA2695082B8E654F701F54FCC0239EB5E537C1CBBCF551D220
                    Function 00007FF7613F3F00 Relevance: .2, Instructions: 240COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a05f8c27b852701baa8cd5df555216814e0e57102f2b6b68aaebeeba4e56982f
                    • Instruction ID: ca121ce7a1a63d9c8bed5c27b905f9d71920e98e9ffc6629efff3fe61f9dc948
                    • Opcode Fuzzy Hash: a05f8c27b852701baa8cd5df555216814e0e57102f2b6b68aaebeeba4e56982f
                    • Instruction Fuzzy Hash: 60914B237242E086CF24DB2AE418B79BB95E795BC0F4D4136DA9E87FC0E96DC905D720
                    Function 00007FF7613F2250 Relevance: .2, Instructions: 233COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ff27fe6feacafa742b75648adf972571a9b279ac0f4b8fbe1e7f86c1305f1079
                    • Instruction ID: 9b6cba9983ee303ccdc1b7ee50f8ce2ed7b373b13667a3c7c3f2fa052fd293d7
                    • Opcode Fuzzy Hash: ff27fe6feacafa742b75648adf972571a9b279ac0f4b8fbe1e7f86c1305f1079
                    • Instruction Fuzzy Hash: F88147B3B28581CADF24DA26E518A7CA651F745B54F885239EE2F07BC4CEBDE445C700
                    Function 00007FF761407810 Relevance: .2, Instructions: 198COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2dc3bffe48da8fd73621cbb623fedd7790d8ed95187b395c2f8ab6cf70fbd321
                    • Instruction ID: b40a8884f1edba7939b3bb692ec6be9d0a24ecdb81f9abdbc1115b4f87e72803
                    • Opcode Fuzzy Hash: 2dc3bffe48da8fd73621cbb623fedd7790d8ed95187b395c2f8ab6cf70fbd321
                    • Instruction Fuzzy Hash: F4810572A0C381C6E774EB2A948837ABF91FB85B96F944235DACD43B85CE7CD5408B11
                    Function 00007FF7613F2B60 Relevance: .1, Instructions: 147COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d5bd80f57eb232d678d590fbd4c45bac1d99471cf1f8379814a0f31ac97e6f79
                    • Instruction ID: 51aa3699a2873097d433754a86bdc82d0312c6788f083f5c90dd977d623b6781
                    • Opcode Fuzzy Hash: d5bd80f57eb232d678d590fbd4c45bac1d99471cf1f8379814a0f31ac97e6f79
                    • Instruction Fuzzy Hash: 2A516B337285E48ACF249A36E418E69AA66A755B90F49413ADEAE87BC0CD6DC401CB10
                    Function 00007FF7614002C0 Relevance: .1, Instructions: 145COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0d55e7b74c74ae9c8f477ccd41f7837cfeba25c56cc48b04a18bdb2e1b261f03
                    • Instruction ID: 90b7d6163ff798a8fd1e0ace87d8930bb3b44176c5ff8a82187d3055bde3b9ad
                    • Opcode Fuzzy Hash: 0d55e7b74c74ae9c8f477ccd41f7837cfeba25c56cc48b04a18bdb2e1b261f03
                    • Instruction Fuzzy Hash: 7651C332A18651C6E7259F2AC04823DBBA0EB45F99FA94131CE4C97795CFBAEC43C750
                    Function 00007FF7614006C8 Relevance: .1, Instructions: 145COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6ec2cbce4c66990969fc68eb1171d784d3a118b3073380cc2cd3637851bbe89f
                    • Instruction ID: cabc11ea7ccbc1910268e93c4bdb7c0c649d354e52f39e168f44dca34632055d
                    • Opcode Fuzzy Hash: 6ec2cbce4c66990969fc68eb1171d784d3a118b3073380cc2cd3637851bbe89f
                    • Instruction Fuzzy Hash: 3451B137A18651C6E7249F2AC048339BBA0EB45F99F644131CE4D97794CFBEE942CB90
                    Function 00007FF7614004C4 Relevance: .1, Instructions: 145COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9c52b6d51fff24f610222c5cbc3aaeb594f0196ce920fdcd3c71be82fc94997f
                    • Instruction ID: 7579baa6ee2db15bb8a1ff6af172a44ec5ce9969f96b03dd2df4a85b721d75f8
                    • Opcode Fuzzy Hash: 9c52b6d51fff24f610222c5cbc3aaeb594f0196ce920fdcd3c71be82fc94997f
                    • Instruction Fuzzy Hash: 6351C632A18651C6E724DF2AC048338BBA1EB85F99FA44131CE4D87795CFBAE843C750
                    Function 00007FF761403E70 Relevance: .1, Instructions: 126COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: BoundaryDeleteDescriptorErrorLast
                    • String ID:
                    • API String ID: 2050971199-0
                    • Opcode ID: 881ede52497160d17bfa5c4327c6d1d64eefa22b30db9c65c619d8db33ba8106
                    • Instruction ID: 01a07d99cdfcb3d5b09f97559c981f0be5eee223492c171e03ceafacc666659b
                    • Opcode Fuzzy Hash: 881ede52497160d17bfa5c4327c6d1d64eefa22b30db9c65c619d8db33ba8106
                    • Instruction Fuzzy Hash: 79412272714A55C2EF04DF2BD968579EBA1BB48FD4B999032EE4D97B58DE7CC0418300
                    Function 00007FF7613F2080 Relevance: .1, Instructions: 120COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 40f84a022e858a858e21bc3260534c36122f747569052417c17b48ee8a6de69d
                    • Instruction ID: 42904c038afbb96c95f589182f279780f9b4b9a5c7738fb976026b768e12becf
                    • Opcode Fuzzy Hash: 40f84a022e858a858e21bc3260534c36122f747569052417c17b48ee8a6de69d
                    • Instruction Fuzzy Hash: 14415A96710B9086DD08CF2AB969829E255F388FC0B9DA433DF4E47B64EE3CD552C300
                    Function 00007FF7613F51C0 Relevance: .0, Instructions: 43COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9aab68525deca0184b32cec1a1024981a7b3053b8abb821f3f05023d839e3477
                    • Instruction ID: 57bdf1841f427b2b560d0bfdbf52a42b82a9294615fd1d3bf8d2bf0f9fa80ad2
                    • Opcode Fuzzy Hash: 9aab68525deca0184b32cec1a1024981a7b3053b8abb821f3f05023d839e3477
                    • Instruction Fuzzy Hash: 5A115E72D1A78086E354DF28A4496C83AA8F300B4CF249538DE496B260CBBA6963A300
                    Function 00007FF7613FBF3C Relevance: .0, Instructions: 2COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: cc0278e2b4d9830ca251596cf284610aad4b12314c1d13d881d26cdfd600733c
                    • Instruction ID: 3720b8a0e76d45ea07f5ca206ef6d1a8a4d244753ae4cc40cf9737364e40108d
                    • Opcode Fuzzy Hash: cc0278e2b4d9830ca251596cf284610aad4b12314c1d13d881d26cdfd600733c
                    • Instruction Fuzzy Hash: 9CA002A1E0CD43D5EB09EB11E85A930AB31FB60F40BD5D076C00E46868AFBDE404C760
                    Function 00007FF761405AC0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 117libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: AddressFreeLibraryProc
                    • String ID: %TEMP%\onefile_%PID%_%TIME%$api-ms-$ext-ms-
                    • API String ID: 3013587201-527191339
                    • Opcode ID: 33b2eb8f39e01a37c98db0153a76e138676b2a97e3f530989414cb1786bc45c0
                    • Instruction ID: eccf3c8c91fa48246b9d39df903f4e6fc650063d5908f84ba9f990ce03533319
                    • Opcode Fuzzy Hash: 33b2eb8f39e01a37c98db0153a76e138676b2a97e3f530989414cb1786bc45c0
                    • Instruction Fuzzy Hash: 8741D121B19A02C1EB16AB17A808575EBA5FF08FD0F994635DD1D8B784EEBCE445C720
                    Function 00007FF7613FDFC0 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                    • String ID: csm$csm$csm
                    • API String ID: 849930591-393685449
                    • Opcode ID: c44cdab44309f536c8643caebba11c9f696316a535538b6a18482a3c6b83000f
                    • Instruction ID: b8f8c3ab1aef4467f4dab5ff3b9af45c0b8b90dae043d2dca75894f9d72e05a8
                    • Opcode Fuzzy Hash: c44cdab44309f536c8643caebba11c9f696316a535538b6a18482a3c6b83000f
                    • Instruction Fuzzy Hash: EDE17172A08741CEEF20AB67D4482ADB7A0FB45B98F590139DE8E57B95CF78E480C711
                    Function 00007FF7613FCBD4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF7613FCE86,?,?,?,00007FF7613FCB78,?,?,00000001,00007FF7613FC3E1), ref: 00007FF7613FCC59
                    • GetLastError.KERNEL32(?,?,?,00007FF7613FCE86,?,?,?,00007FF7613FCB78,?,?,00000001,00007FF7613FC3E1), ref: 00007FF7613FCC67
                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF7613FCE86,?,?,?,00007FF7613FCB78,?,?,00000001,00007FF7613FC3E1), ref: 00007FF7613FCC91
                    • FreeLibrary.KERNEL32(?,?,?,00007FF7613FCE86,?,?,?,00007FF7613FCB78,?,?,00000001,00007FF7613FC3E1), ref: 00007FF7613FCCD7
                    • GetProcAddress.KERNEL32(?,?,?,00007FF7613FCE86,?,?,?,00007FF7613FCB78,?,?,00000001,00007FF7613FC3E1), ref: 00007FF7613FCCE3
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: Library$Load$AddressErrorFreeLastProc
                    • String ID: api-ms-
                    • API String ID: 2559590344-2084034818
                    • Opcode ID: be524e1eb67e573fc5b475188c4d948c4325beb85c5a9406d03dd95f9e823d66
                    • Instruction ID: d8d5bd3df6d3afd6b2cb4d15eee9b02dadb18382f7ab8a322cee367d48c88d07
                    • Opcode Fuzzy Hash: be524e1eb67e573fc5b475188c4d948c4325beb85c5a9406d03dd95f9e823d66
                    • Instruction Fuzzy Hash: D231C821B5AA42C5EF15BB17A808A75A7A4BF48FA0FDD0539DD1E47794DFBCE0418320
                    Function 00007FF761405678 Relevance: 10.6, APIs: 7, Instructions: 62COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: Value$ErrorLast
                    • String ID:
                    • API String ID: 2506987500-0
                    • Opcode ID: 0cc5402b84f758c4271f1aa16c01f6fae8a308a818b5928784db28093582c4bf
                    • Instruction ID: fcac9b51a5f8ae96614e6f0a4e0260e65e203fdeb82bcdeeaeff60a0b3a21c7e
                    • Opcode Fuzzy Hash: 0cc5402b84f758c4271f1aa16c01f6fae8a308a818b5928784db28093582c4bf
                    • Instruction Fuzzy Hash: 61213D24B0D242C2FB557723695D179EB519F48FA1F940B34E82E0FAD6DEACA841C620
                    Function 00007FF76140EE78 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                    • String ID: CONOUT$
                    • API String ID: 3230265001-3130406586
                    • Opcode ID: 0e00cd62a7a3902094f99b322ee7b8ee2f62b63f95ad0485e1596a5f5d8da048
                    • Instruction ID: 7c9bfae4708c034f30cd3e19ae9f16b15261139f9cbcb92b3dc87edb23b6c69b
                    • Opcode Fuzzy Hash: 0e00cd62a7a3902094f99b322ee7b8ee2f62b63f95ad0485e1596a5f5d8da048
                    • Instruction Fuzzy Hash: AF11D622B18A41C2E351AB13E899335ABA0FB98FE5F910234DA5D83B94CFBCD5148710
                    Function 00007FF7614057F0 Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                    Download Yara Rule
                    APIs
                    • GetLastError.KERNEL32(?,?,?,00007FF761405A6D,?,?,?,?,00007FF761404F9F,?,?,00000000,00007FF76140590E,?,?,?), ref: 00007FF7614057FF
                    • FlsSetValue.KERNEL32(?,?,?,00007FF761405A6D,?,?,?,?,00007FF761404F9F,?,?,00000000,00007FF76140590E,?,?,?), ref: 00007FF761405835
                    • FlsSetValue.KERNEL32(?,?,?,00007FF761405A6D,?,?,?,?,00007FF761404F9F,?,?,00000000,00007FF76140590E,?,?,?), ref: 00007FF761405862
                    • FlsSetValue.KERNEL32(?,?,?,00007FF761405A6D,?,?,?,?,00007FF761404F9F,?,?,00000000,00007FF76140590E,?,?,?), ref: 00007FF761405873
                    • FlsSetValue.KERNEL32(?,?,?,00007FF761405A6D,?,?,?,?,00007FF761404F9F,?,?,00000000,00007FF76140590E,?,?,?), ref: 00007FF761405884
                    • SetLastError.KERNEL32(?,?,?,00007FF761405A6D,?,?,?,?,00007FF761404F9F,?,?,00000000,00007FF76140590E,?,?,?), ref: 00007FF76140589F
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: Value$ErrorLast
                    • String ID:
                    • API String ID: 2506987500-0
                    • Opcode ID: ee148f4be8cfe0799c57237698451a0f6a95b5cdf6484c952ce5099f24ac6d61
                    • Instruction ID: 6afe02e3635e4a0d4d262aac8945911d5778ef66ee0fcce21f0e10a9ef551fde
                    • Opcode Fuzzy Hash: ee148f4be8cfe0799c57237698451a0f6a95b5cdf6484c952ce5099f24ac6d61
                    • Instruction Fuzzy Hash: A8115E21E0D242C1FB657323554D179EB51AF48FA1F940734DC2E0BAC6DEACA951C620
                    Function 00007FF7613FC1E0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                    • String ID: csm$f
                    • API String ID: 2395640692-629598281
                    • Opcode ID: f8130a11db687009fa6639b95c5e07baec577d4d4f843acdabcdbd7737b3c783
                    • Instruction ID: cc00ea0bb094b10ffd3b8a273a84ba58cbb5289d536a4d175d4a809291fa1b00
                    • Opcode Fuzzy Hash: f8130a11db687009fa6639b95c5e07baec577d4d4f843acdabcdbd7737b3c783
                    • Instruction Fuzzy Hash: 9C518136A49602CADF14EB16E408E29B765FB54FC8F99813AD94B43748DFBCE941C710
                    Function 00007FF7613FF5EC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: AddressFreeHandleLibraryModuleProc
                    • String ID: CorExitProcess$mscoree.dll
                    • API String ID: 4061214504-1276376045
                    • Opcode ID: 2af3b227ae15d0f77a1e21f18893b17dba8bef6b3a8307e3f86ec068823517b4
                    • Instruction ID: ef8a5d720475501518540cca08a9b55d7458b2e880c39b7d8f24d8dbd3cc866a
                    • Opcode Fuzzy Hash: 2af3b227ae15d0f77a1e21f18893b17dba8bef6b3a8307e3f86ec068823517b4
                    • Instruction Fuzzy Hash: E1F0C261A08A46C1EF11AB30E44E739D730AF59F75FA90239CA6E461F4CFACD048C320
                    Function 00007FF76140F2B0 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: _set_statfp
                    • String ID:
                    • API String ID: 1156100317-0
                    • Opcode ID: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                    • Instruction ID: 42d49090417d33c726f9d3c7123cc419d8da65dc5b97a511438136efeb64d53f
                    • Opcode Fuzzy Hash: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                    • Instruction Fuzzy Hash: 8711B622D1AA03D3F7543326E45E3799B416F54B71ED40234E56E472D68EFC6C82412C
                    Function 00007FF7614058B8 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                    Download Yara Rule
                    APIs
                    • FlsGetValue.KERNEL32(?,?,?,00007FF76140487F,?,?,00000000,00007FF761404B1A), ref: 00007FF7614058D7
                    • FlsSetValue.KERNEL32(?,?,?,00007FF76140487F,?,?,00000000,00007FF761404B1A), ref: 00007FF7614058F6
                    • FlsSetValue.KERNEL32(?,?,?,00007FF76140487F,?,?,00000000,00007FF761404B1A), ref: 00007FF76140591E
                    • FlsSetValue.KERNEL32(?,?,?,00007FF76140487F,?,?,00000000,00007FF761404B1A), ref: 00007FF76140592F
                    • FlsSetValue.KERNEL32(?,?,?,00007FF76140487F,?,?,00000000,00007FF761404B1A), ref: 00007FF761405940
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: Value
                    • String ID:
                    • API String ID: 3702945584-0
                    • Opcode ID: 70f22fd26877e26fd1f5677f389258ae140429eb9c16d658f2141398dd3b6569
                    • Instruction ID: cd5796ab956d242325b174fa05cb8d6672e552b3ad9fb98b697d4a663ebee7a6
                    • Opcode Fuzzy Hash: 70f22fd26877e26fd1f5677f389258ae140429eb9c16d658f2141398dd3b6569
                    • Instruction Fuzzy Hash: A1113D20F0C242C1FB597323659917DAB55EF45FB1ED84734E82D1F6D6DEACA841C620
                    Function 00007FF76140574C Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: Value
                    • String ID:
                    • API String ID: 3702945584-0
                    • Opcode ID: b5b63efb44819eb330ac4f3abc49f6f7f56682563c3d2faa27d9153c1f484041
                    • Instruction ID: 4b86e36b4be6d5100be3ad1df29af36406c17b1559997fbf7981e80bed526e5a
                    • Opcode Fuzzy Hash: b5b63efb44819eb330ac4f3abc49f6f7f56682563c3d2faa27d9153c1f484041
                    • Instruction Fuzzy Hash: 32110624A0D207C1FB69B323545E1B99B959F49B66EE80B34D83E0F6C2DDACB841D231
                    Function 00007FF7613FE498 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: CallEncodePointerTranslator
                    • String ID: MOC$RCC
                    • API String ID: 3544855599-2084237596
                    • Opcode ID: 0be028d7ac0c4ec896316e1f9103cf6cce5ef8834604ae2c1fa05adb49898076
                    • Instruction ID: c6498c644b73b893eca76e9e63eb0c5e411ce93eba19a180f406285d2788b5ae
                    • Opcode Fuzzy Hash: 0be028d7ac0c4ec896316e1f9103cf6cce5ef8834604ae2c1fa05adb49898076
                    • Instruction Fuzzy Hash: 29615B72A08B45CAEB109F66D0483ADB7A0FB44B98F594239EE4E17B94DBB8E055C710
                    Function 00007FF7613FE7F4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                    • String ID: csm$csm
                    • API String ID: 3896166516-3733052814
                    • Opcode ID: 2548dea0f533b99c0f1a3f359ddf3b70687b80a6ff4ae413730ab8f4a98dda38
                    • Instruction ID: 33f6b4ef99bfd789ae294bdbb65b3dfb3eefdcc13d5551a3e31ff82c312db4cb
                    • Opcode Fuzzy Hash: 2548dea0f533b99c0f1a3f359ddf3b70687b80a6ff4ae413730ab8f4a98dda38
                    • Instruction Fuzzy Hash: 1B518D32908382CEEF74AF179448369BAA0FB44F84F994139DA9E47A95CFBCE450C711
                    Function 00007FF76140A8F0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: FileWrite$ConsoleErrorLastOutput
                    • String ID:
                    • API String ID: 2718003287-0
                    • Opcode ID: 3361e7b0a4a01c86be7f689050dcb8175c18a7f7fa488bd35ccabded482c3f68
                    • Instruction ID: d8a1ea2a84548e3b019e98992dbc89ee115add2d02b3bdd5cf46cbf2435ebb85
                    • Opcode Fuzzy Hash: 3361e7b0a4a01c86be7f689050dcb8175c18a7f7fa488bd35ccabded482c3f68
                    • Instruction Fuzzy Hash: 15D13632B08A81CAE710DF76D4442AC7BB2FF04B99B944236CE5D97BA9DE78D406C310
                    Function 00007FF76140B218 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                    Download Yara Rule
                    APIs
                    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF76140B203), ref: 00007FF76140B334
                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF76140B203), ref: 00007FF76140B3BF
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: ConsoleErrorLastMode
                    • String ID:
                    • API String ID: 953036326-0
                    • Opcode ID: d26b7108da04b1d6ade1a439dc006868cde7a2577c5aa964054f66e6243fd7d4
                    • Instruction ID: 64968ead642d8073d2f81c05a72288900c0fad482c04cd64bcf117e6fc7791b0
                    • Opcode Fuzzy Hash: d26b7108da04b1d6ade1a439dc006868cde7a2577c5aa964054f66e6243fd7d4
                    • Instruction Fuzzy Hash: 5C91F576F18652C5F750EF6694882BCAFA0AB00F89FA48139DE0E57A95DFB8D441C324
                    Function 00007FF7613FBC38 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                    • String ID:
                    • API String ID: 2933794660-0
                    • Opcode ID: 266c0d6f6f968f6a4e115eca7bdf0b44c9a17825bcc9060ec7015ac9a463f65a
                    • Instruction ID: eafe1bf1d99c9ef940156a2f850c8f90d7fff8e0c902b21133a02d1d07375a65
                    • Opcode Fuzzy Hash: 266c0d6f6f968f6a4e115eca7bdf0b44c9a17825bcc9060ec7015ac9a463f65a
                    • Instruction Fuzzy Hash: 59113D66B14B0189EB01DB71E8492B877A4FB18B58F840D31DA6D47B54DF78D1548250
                    Function 00007FF7614037AC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                    Download Yara Rule
                    APIs
                    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7614037DE
                      • Part of subcall function 00007FF761405A84: RtlDeleteBoundaryDescriptor.NTDLL(?,?,00000000,00007FF761409996,?,?,?,00007FF7614099D3,?,?,00000000,00007FF761409ECD,?,?,?,00007FF761409DFF), ref: 00007FF761405A9A
                      • Part of subcall function 00007FF761405A84: GetLastError.KERNEL32(?,?,00000000,00007FF761409996,?,?,?,00007FF7614099D3,?,?,00000000,00007FF761409ECD,?,?,?,00007FF761409DFF), ref: 00007FF761405AA4
                    • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7613FB7D1), ref: 00007FF7614037FC
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: BoundaryDeleteDescriptorErrorFileLastModuleName_invalid_parameter_noinfo
                    • String ID: C:\Users\user\Desktop\apt66ext.log.exe
                    • API String ID: 3976345311-2928012586
                    • Opcode ID: addb991eec39e7f9dcc760c3be5645f43ef13cf5583ab8fbc0d0e601c7c435c7
                    • Instruction ID: a05bed38f758d14edea90178538666c45b5b33d624e7147b7142378b8e6f76a4
                    • Opcode Fuzzy Hash: addb991eec39e7f9dcc760c3be5645f43ef13cf5583ab8fbc0d0e601c7c435c7
                    • Instruction Fuzzy Hash: 5D41BC36A08B42C9EB15FF2294855F8AFA4EF44F84B954035E90E07B95CEBDE581C320
                    Function 00007FF76140AF88 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: ErrorFileLastWrite
                    • String ID: U
                    • API String ID: 442123175-4171548499
                    • Opcode ID: edccec16b3022fd624643ca2c3d557c552a0589b9f395fd33be6678bad1b8261
                    • Instruction ID: 1893798255cc8166bfab4a3e716a8afb5404d62781a9906698dfabb9f6163903
                    • Opcode Fuzzy Hash: edccec16b3022fd624643ca2c3d557c552a0589b9f395fd33be6678bad1b8261
                    • Instruction Fuzzy Hash: DF41E772B19A81C1DB10DF26E4493B9AB60FB88B94F954031EE4D87B98DF7CD445C714
                    Function 00007FF761404484 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: _invalid_parameter_noinfo
                    • String ID: %TEMP%\onefile_%PID%_%TIME%
                    • API String ID: 3215553584-1520714333
                    • Opcode ID: b6f9d8ebf31fa66e504c26de95435c2f10ec97f2079d01c6a1c89ddd030fe641
                    • Instruction ID: 36c46613d16ec32faa7f855a2cfc4651435bcf502249a59b75630f5da33bb8f1
                    • Opcode Fuzzy Hash: b6f9d8ebf31fa66e504c26de95435c2f10ec97f2079d01c6a1c89ddd030fe641
                    • Instruction Fuzzy Hash: 2E41E762E0C752C1EB20AB139049279BFA0AB64FE5FDD4131EA8D0B6D5DEADD5818720
                    Function 00007FF7613FF320 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: ExceptionFileHeaderRaise
                    • String ID: csm
                    • API String ID: 2573137834-1018135373
                    • Opcode ID: 6cc3a245ac0ed7d0591d0cdb94bad24c90f55041f70c360502f369ebfc4c35ec
                    • Instruction ID: 5e140210d55109e92329e132cb92ed280004a09af3621ab187e0ca5e1cbfcf0d
                    • Opcode Fuzzy Hash: 6cc3a245ac0ed7d0591d0cdb94bad24c90f55041f70c360502f369ebfc4c35ec
                    • Instruction Fuzzy Hash: A7115833608B8182EB619B25E404269BBE5FB88F88F9C4235EE8D07B58DF7CC551CB00
                    Function 00007FF7613FA8E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21windowCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • C:\Users\user\AppData\Local\Temp\\onefile_7328_133646283031458294, xrefs: 00007FF7613FA8E0
                    Memory Dump Source
                    • Source File: 00000000.00000002.1808386193.00007FF7613F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7613F0000, based on PE: true
                    • Associated: 00000000.00000002.1808372067.00007FF7613F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808406074.00007FF761411000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF76141E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761421000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761423000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808423070.00007FF761426000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1808522949.00007FF76142F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Similarity
                    • API ID: ErrorFormatLastMessage
                    • String ID: C:\Users\user\AppData\Local\Temp\\onefile_7328_133646283031458294
                    • API String ID: 3479602957-1393128636
                    • Opcode ID: 1e81388750679c601e3fd34f20a9a7a594047ab76ede4be05ed85ff58875150a
                    • Instruction ID: 2b9d3f8b8b584f0643ccd2254c1a43fe7f67b70c8f3256f2d3229a59dc3aac19
                    • Opcode Fuzzy Hash: 1e81388750679c601e3fd34f20a9a7a594047ab76ede4be05ed85ff58875150a
                    • Instruction Fuzzy Hash: EAE065A2F18B418AD751A722B405566ABA4AB9CBD0F440135EA4E87B64DE7CC1858704

                    Non-executed Functions

                    Function 6788DAE0 Relevance: 107.2, APIs: 40, Strings: 21, Instructions: 413COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Read$Error$L_callocL_free
                    • String ID: AIFF$Bad AIFF file (no COMM chunk)$Bad AIFF file (no SSND chunk)$Bad WAV file (no DATA chunk)$Bad WAV file (no FMT chunk)$COMM$Couldn't read %d bytes from WAV file$FORM$Out of memory$RIFF$SSND$Unknown PCM data format$Unknown WAVE data format$Unknown WAVE format$Unknown samplesize in data format$Unrecognized file type (not AIFF)$WAVE$Wave format chunk too small$data$fmt $smpl
                    • API String ID: 2072091600-853149695
                    • Opcode ID: 8b34f66065570afbf2e0271903abc962636e40d0922bc908ff1007dcae85c994
                    • Instruction ID: 5516cda170ee37b41aa470011dca8bb15d992fe04c187bd00f10fad50098a6b9
                    • Opcode Fuzzy Hash: 8b34f66065570afbf2e0271903abc962636e40d0922bc908ff1007dcae85c994
                    • Instruction Fuzzy Hash: 4AE1E03221964486DB08CF2AD45432E77A6FBADB88F504C26DF5947798EF3ACD81C712
                    Function 67886EB0 Relevance: 77.4, APIs: 34, Strings: 10, Instructions: 385COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: ErrorL_memcmp$Audio$BuildConvertL_callocL_freeL_mallocL_memcpyLoad
                    • String ID: Audio device hasn't been opened$Couldn't read first 4 bytes of audio data$Crea$FORM$Mix_LoadWAV_RW with NULL src$No audio data$Out of memory$RIFF$Unrecognized audio format$WAVE
                    • API String ID: 417792382-3017720286
                    • Opcode ID: ebcdc5cf77ca2d24f3ac9c43a5676da713313d3b58285ee6d3de5b892a2d4997
                    • Instruction ID: c9de9c4a6c3e1b51fd8f31b5fec99ffeb3b55fab52be4e18a8c6b34ce32e701b
                    • Opcode Fuzzy Hash: ebcdc5cf77ca2d24f3ac9c43a5676da713313d3b58285ee6d3de5b892a2d4997
                    • Instruction Fuzzy Hash: 1BE1A132309B448AEB14CF6DD85432E63A5FBADB88F4449259F6A47B94EF39CC41CB41
                    Function 67894200 Relevance: 31.9, APIs: 16, Strings: 2, Instructions: 409COMMON
                    Download Yara Rule
                    APIs
                    • calloc.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,?,?,?,?,67894A57), ref: 67894220
                    • free.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,?,?,?,?,67894A57), ref: 67894263
                    • calloc.MSVCRT ref: 67894321
                    • malloc.MSVCRT ref: 678943E7
                    • SDL_SetError.SDL2 ref: 678943FC
                    • free.MSVCRT ref: 67894418
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: callocfree$Errormalloc
                    • String ID: MThd$Out of memory
                    • API String ID: 1111589278-1728361875
                    • Opcode ID: 1cd61adb71117e34f42cd669d780b26d20527c19caf91d23e934ea8b52fbf1fc
                    • Instruction ID: d76558b6bd80ba282c012a86f8628a394dac88021bce613618626a976c4be92e
                    • Opcode Fuzzy Hash: 1cd61adb71117e34f42cd669d780b26d20527c19caf91d23e934ea8b52fbf1fc
                    • Instruction Fuzzy Hash: 08E1F37230678486EB048F5AA45076B67A1FBE9BC9F144835EFAD4BB55EB3DD840CB00
                    Function 6788C660 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 182COMMON
                    Download Yara Rule
                    APIs
                    • SDL_calloc.SDL2 ref: 6788C687
                    • SDL_memset.SDL2 ref: 6788C6E7
                    • SDL_free.SDL2 ref: 6788C7AB
                    • SDL_strdup.SDL2 ref: 6788C7C1
                    • SDL_strchr.SDL2 ref: 6788C7D1
                    • SDL_strcasecmp.SDL2 ref: 6788C7E8
                    • SDL_strcasecmp.SDL2 ref: 6788C7F7
                    • SDL_strtoull.SDL2 ref: 6788C80E
                    • SDL_strlen.SDL2 ref: 6788C856
                    • SDL_SetError.SDL2 ref: 6788C937
                    • SDL_free.SDL2 ref: 6788C941
                      • Part of subcall function 6788C540: SDL_memcpy.SDL2 ref: 6788C591
                      • Part of subcall function 6788C540: SDL_free.SDL2 ref: 6788C5A2
                      • Part of subcall function 6788C540: SDL_FreeAudioStream.SDL2 ref: 6788C5BE
                      • Part of subcall function 6788C540: SDL_NewAudioStream.SDL2 ref: 6788C5F5
                      • Part of subcall function 6788C540: SDL_malloc.SDL2 ref: 6788C619
                    • SDL_Error.SDL2 ref: 6788C952
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: L_free$AudioErrorL_strcasecmpStream$FreeL_callocL_mallocL_memcpyL_memsetL_strchrL_strdupL_strlenL_strtoull
                    • String ID: LOOPEND$LOOPLENGTH$LOOPSTART$Not an Ogg Vorbis audio stream
                    • API String ID: 432391984-1497601839
                    • Opcode ID: 21bdf80d3832a977e4dbc90b5702d29f3bc7f6b2c1bc182a074a86086a502f53
                    • Instruction ID: 4db0fdd6156ad6c7ee6b3baa5e78f61b9038f7abc8ae26322e7dc31776913be7
                    • Opcode Fuzzy Hash: 21bdf80d3832a977e4dbc90b5702d29f3bc7f6b2c1bc182a074a86086a502f53
                    • Instruction Fuzzy Hash: B7611532349B408AEB098F2DE90435A7269FB99B94F404B75DFAD47788EF38C9518741
                    Function 62E925B6 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                    Download Yara Rule
                    APIs
                    • RtlCaptureContext.KERNEL32 ref: 62E925CA
                    • RtlLookupFunctionEntry.KERNEL32 ref: 62E925E1
                    • RtlVirtualUnwind.KERNEL32 ref: 62E9261F
                    • SetUnhandledExceptionFilter.KERNEL32 ref: 62E9267B
                    • UnhandledExceptionFilter.KERNEL32 ref: 62E92688
                    • GetCurrentProcess.KERNEL32 ref: 62E9268E
                    • TerminateProcess.KERNEL32 ref: 62E9269C
                    • abort.MSVCRT ref: 62E926A2
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentEntryFunctionLookupTerminateUnwindVirtualabort
                    • String ID:
                    • API String ID: 4278921479-0
                    • Opcode ID: 669cd68fe5e985a9d4a1e79e9051a6a7a2a070ba74b8f0ce93d1884096bf3e8c
                    • Instruction ID: cd9161d1f211651673fb50b37096ee6ec02e81ca05da223bd404b289846ad51b
                    • Opcode Fuzzy Hash: 669cd68fe5e985a9d4a1e79e9051a6a7a2a070ba74b8f0ce93d1884096bf3e8c
                    • Instruction Fuzzy Hash: A6211539E02F1095EB00AB66F85038933A6F758788F608137ED4D43B24EF3AC5A58740
                    Function 67891AE0 Relevance: 11.0, APIs: 6, Strings: 1, Instructions: 470COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID: data
                    • API String ID: 0-2918445923
                    • Opcode ID: ee09e67e7e1157a4f80ce325000cb414de4e09951d15a571678430ed2debc613
                    • Instruction ID: c6e2332b10d559b7c23de47e4eca2c99f137459ecc08a838c6267654d8a64da8
                    • Opcode Fuzzy Hash: ee09e67e7e1157a4f80ce325000cb414de4e09951d15a571678430ed2debc613
                    • Instruction Fuzzy Hash: 06022832B0964486EB15CF29D4007AAB764F7A9FCCF008936DF5A17B58EB79C982C740
                    Function 62E83510 Relevance: 5.4, APIs: 4, Instructions: 416COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ee367737586054b8c350f0bc5d12d78c7b3bb1bde405c0f267e98c589dc8dd5f
                    • Instruction ID: b733170c441d893c56e6c245ec3bd1b44b9d913032c731ace10e81ce0674a7a6
                    • Opcode Fuzzy Hash: ee367737586054b8c350f0bc5d12d78c7b3bb1bde405c0f267e98c589dc8dd5f
                    • Instruction Fuzzy Hash: 391222B6600A818BC714CF3AD465BDA37A1F758B8CF58813ADF898B708DB39D455CB50
                    Function 67889BF0 Relevance: 121.0, APIs: 37, Strings: 32, Instructions: 243filestringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: L_strcasecmp$FileFromL_callocstrrchr
                    • String ID: 669$AMF$AMS$Couldn't open '%s'$DBM$DSM$FAR$FLAC$KAR$MAD$MDL$MED$MID$MIDI$MOD$MOL$MP3$MPEG$MPG$MTM$NST$OGG$OKT$OPUS$Out of memory$PTM$S3M$STM$ULT$UMX$WAV$WOW
                    • API String ID: 2770661273-911361207
                    • Opcode ID: 3a1f1b20f2aae0b620c48a7d1274537368c78dc319971ecede0b3bb9a7ea71e9
                    • Instruction ID: bcf32620ec078d7b6f6641ae02c70a90d9bab9379bd8afaec45feea51ef11ddc
                    • Opcode Fuzzy Hash: 3a1f1b20f2aae0b620c48a7d1274537368c78dc319971ecede0b3bb9a7ea71e9
                    • Instruction Fuzzy Hash: BB814A2138470254FF09DF2EED2CB7512565BAD7CAF8468358E1E8B294EF29CE44C791
                    Function 6788BA30 Relevance: 57.9, APIs: 17, Strings: 16, Instructions: 112COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Load$Function$Object
                    • String ID: libmpg123-0.dll$mpg123_close$mpg123_delete$mpg123_exit$mpg123_format$mpg123_format_none$mpg123_getformat$mpg123_init$mpg123_new$mpg123_open_handle$mpg123_plain_strerror$mpg123_rates$mpg123_read$mpg123_replace_reader_handle$mpg123_seek$mpg123_strerror
                    • API String ID: 669370744-3627390553
                    • Opcode ID: 8c256a041cb11824b399c8840477ff275a3673b06b6bb0d7b8fec5959141e9c6
                    • Instruction ID: 8255a1193f57017d9b9928496a208b16c6949e8ba3f38282e9393effb6b1c33e
                    • Opcode Fuzzy Hash: 8c256a041cb11824b399c8840477ff275a3673b06b6bb0d7b8fec5959141e9c6
                    • Instruction Fuzzy Hash: A1517E7429AB06C9EE09CB5DF8587E527636BB8358F800926961C4B374EF7ACC75CB40
                    Function 6788C980 Relevance: 36.8, APIs: 11, Strings: 10, Instructions: 76COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Load$Function$Object
                    • String ID: libvorbisfile-3.dll$ov_clear$ov_comment$ov_info$ov_open_callbacks$ov_pcm_seek$ov_pcm_tell$ov_pcm_total$ov_read$ov_time_seek
                    • API String ID: 669370744-2240780040
                    • Opcode ID: abcfae99e73ffcef2623e4ea23f4bd9871d48813b33a1962fbec690d850844d9
                    • Instruction ID: f6efc158ceb7d207a985ae0bcef7cdbf107f58abaa4b6c567b24fc3050ead037
                    • Opcode Fuzzy Hash: abcfae99e73ffcef2623e4ea23f4bd9871d48813b33a1962fbec690d850844d9
                    • Instruction Fuzzy Hash: CD31CF74299B0189EF05CB5DFC943A923976BB8348F804B66961D4B375EF7ACC748B40
                    Function 6788B6F0 Relevance: 29.8, APIs: 9, Strings: 8, Instructions: 64COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Load$Function$Object
                    • String ID: ModPlug_GetSettings$ModPlug_Load$ModPlug_Read$ModPlug_Seek$ModPlug_SetMasterVolume$ModPlug_SetSettings$ModPlug_Unload$libmodplug-1.dll
                    • API String ID: 669370744-1037378451
                    • Opcode ID: 92f5d6d1139f465bdbac4eded985193997a323ffa29db4dd061c1807f7c16c4c
                    • Instruction ID: 0101941e46be819310c6334d3f75fdc56eea137fd759baf7ef76df28a8d07bce
                    • Opcode Fuzzy Hash: 92f5d6d1139f465bdbac4eded985193997a323ffa29db4dd061c1807f7c16c4c
                    • Instruction Fuzzy Hash: E031B030656B02C5EE06DB1DEC543242752ABB935CF804926D61C47370EF3ACC748B80
                    Function 62E870D0 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 227COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: freemalloc$_wopen
                    • String ID: <fd:%d>
                    • API String ID: 2186332492-558891604
                    • Opcode ID: f03e5923769722364ed8ac5c46693a5a7342e8f9761791d4698c87e82ced876b
                    • Instruction ID: 32c34178d44741f92b6e625600e59d5d23604cb418a9652486d791e28fe12db1
                    • Opcode Fuzzy Hash: f03e5923769722364ed8ac5c46693a5a7342e8f9761791d4698c87e82ced876b
                    • Instruction Fuzzy Hash: BC71D276B41A408AEB14CE39987439D3791E7427ACF248639EDAD4F788DB3CC585C381
                    Function 6788D260 Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 58COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Load$Function$Object
                    • String ID: libopusfile-0.dll$op_free$op_head$op_open_callbacks$op_pcm_seek$op_read$op_seekable
                    • API String ID: 669370744-2222010361
                    • Opcode ID: fd13416dce53bc22dbf29e92f69b495d1705bd99fd1cd5047e018ec467306817
                    • Instruction ID: 90739ed9212df4542442079dd6f7423c4cc4ebab4ac8702459ffb16abb6da037
                    • Opcode Fuzzy Hash: fd13416dce53bc22dbf29e92f69b495d1705bd99fd1cd5047e018ec467306817
                    • Instruction Fuzzy Hash: 6A21817024AB0199EE09CF1DF85437823A66BBD75CF944926A61C473A0EF3EDC759B10
                    Function 62E87EF0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 169COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: freemalloc$_readmemcpy
                    • String ID: 1.2.11$out of memory
                    • API String ID: 40971297-1352906565
                    • Opcode ID: 794a8ee1d8cf104a1f9770f9816aefb9466565901adb7c207cc6e520a235a0dd
                    • Instruction ID: 346e2aaea0cc96b14f069dec9a5b878b53a57a563d7f7f21a3dedeb0f9323245
                    • Opcode Fuzzy Hash: 794a8ee1d8cf104a1f9770f9816aefb9466565901adb7c207cc6e520a235a0dd
                    • Instruction Fuzzy Hash: 93517C76B116148AE715CF3AD82075937A1E745FACF609239DEAC4B798DB3AC881C740
                    Function 62E87500 Relevance: 16.7, APIs: 11, Instructions: 163COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: freemalloc
                    • String ID:
                    • API String ID: 3061335427-0
                    • Opcode ID: 85588bfe33cb50f3c3e9560f0dda6b7cc6b5bf2616dce4d95876cfef0f153718
                    • Instruction ID: f952b18bac02f399f6e1c3d5cea7df0be94acdda7918e8db8b7b254dd14e8590
                    • Opcode Fuzzy Hash: 85588bfe33cb50f3c3e9560f0dda6b7cc6b5bf2616dce4d95876cfef0f153718
                    • Instruction Fuzzy Hash: FE51CE7A7056008AEB158F39D56436D3B91E742B5CF648239DA6C4E7C8EB3EC585C780
                    Function 62E86A90 Relevance: 16.6, APIs: 11, Instructions: 146COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: free$_close
                    • String ID:
                    • API String ID: 3165389682-0
                    • Opcode ID: 53288b26e1dbdcc7018ae6fc46242f35be52861488d964b471d55169c69a5f30
                    • Instruction ID: 7e12b61f011d315439c44055fe11807a0e08752fab85dc4e0ebc30a6e9af15b9
                    • Opcode Fuzzy Hash: 53288b26e1dbdcc7018ae6fc46242f35be52861488d964b471d55169c69a5f30
                    • Instruction Fuzzy Hash: AD419033B5451086DB14DE3AD8706692360AB85BAC735D336EDAE9B3D4DB2CCC42C781
                    Function 67886710 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 196COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • Unrecognized file type (not VOC), xrefs: 678869C0
                    • VOC data had no sound!, xrefs: 678869D1
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: L_mallocL_memset
                    • String ID: Unrecognized file type (not VOC)$VOC data had no sound!
                    • API String ID: 4214098910-2890471074
                    • Opcode ID: 75001832de2fd17bc4f802e2701cee00314390896d7a5fc8aa0960bc86f61b6f
                    • Instruction ID: c52e8f684c901183c8d10f367646d2ff1a3816e9b986c112aa3cd42312116b71
                    • Opcode Fuzzy Hash: 75001832de2fd17bc4f802e2701cee00314390896d7a5fc8aa0960bc86f61b6f
                    • Instruction Fuzzy Hash: D061E83632578086DB148F2AD80471A7761FBADBD8F548924DF994BB89EF3DC944CB40
                    Function 678887F0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 83COMMON
                    Download Yara Rule
                    APIs
                    • SDL_malloc.SDL2(?,00000001,00000000,?,67884BBB), ref: 67888844
                    • SDL_SetError.SDL2(?,00000001,00000000,?,67884BBB), ref: 67888897
                    • SDL_SetError.SDL2(?,00000001,00000000,?,67884BBB), ref: 678888C7
                    • SDL_SetError.SDL2(?,00000001,00000000,?,67884BBB), ref: 678888F8
                    • SDL_SetError.SDL2(?,00000001,00000000,?,67884BBB), ref: 67888908
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error$L_malloc
                    • String ID: Internal error$Invalid channel number$NULL effect callback$Out of memory
                    • API String ID: 1434575867-1081786704
                    • Opcode ID: 14453033132b8d28fb19496d3c451c75dadbdbe7a51de481a27bde3b92904fe6
                    • Instruction ID: 9e66a91ff7844942ffa656f9119cc1d74502a212ba99691e0c6888d017f6bcc1
                    • Opcode Fuzzy Hash: 14453033132b8d28fb19496d3c451c75dadbdbe7a51de481a27bde3b92904fe6
                    • Instruction Fuzzy Hash: 7421B67375660599FA0A9F2CEC403A82255A7BC7A9F984C349F0D87390EB39CDE1C310
                    Function 6788BF60 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 128COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: AudioStream$ErrorFlush
                    • String ID: mpg123_getformat: %s$mpg123_read: %s
                    • API String ID: 842372658-488187233
                    • Opcode ID: b8d3ee4382ed9f09b89188665445d10e153522ed37fb1ee6d2368ccbd23b8a63
                    • Instruction ID: 16319da0f2fbd5df2850828d62fc004b5710a001fe5f037448b3d027be50f504
                    • Opcode Fuzzy Hash: b8d3ee4382ed9f09b89188665445d10e153522ed37fb1ee6d2368ccbd23b8a63
                    • Instruction Fuzzy Hash: DC418F32704A4986DB108F39E85036D37A1E7A9BA8F544B22DF6987398DF39CC818B41
                    Function 62E86DD0 Relevance: 13.6, APIs: 9, Instructions: 147COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: freemalloc
                    • String ID:
                    • API String ID: 3061335427-0
                    • Opcode ID: 6dd54ecc9b3cc9ec9082bc0c2d8f6cb2b0a57e9e3756c51ef39b7c722e8bd509
                    • Instruction ID: faa08318df7146f1624fa011c84016a3d3a13195dc848444693ea33c8f610fad
                    • Opcode Fuzzy Hash: 6dd54ecc9b3cc9ec9082bc0c2d8f6cb2b0a57e9e3756c51ef39b7c722e8bd509
                    • Instruction Fuzzy Hash: 425180B275560186EB048F39D57435D3BA1E745B9CF208239DE9D4B388EB3DCA86C780
                    Function 6788AE00 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 146COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • FLAC decoder doesn't support %d bits_per_sample, xrefs: 6788AE3F
                    • Couldn't allocate %d bytes stack memory, xrefs: 6788AFFF
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: AudioErrorL_freeL_mallocStream
                    • String ID: Couldn't allocate %d bytes stack memory$FLAC decoder doesn't support %d bits_per_sample
                    • API String ID: 1260482519-1396303032
                    • Opcode ID: 628e7faf06933f2ef57e11a221626f29765ac4a903f4b14aaefb890f446271b8
                    • Instruction ID: 8719544f2c9f38b72f0642bac846fda12e54590863a483774169da404dc5eb38
                    • Opcode Fuzzy Hash: 628e7faf06933f2ef57e11a221626f29765ac4a903f4b14aaefb890f446271b8
                    • Instruction Fuzzy Hash: B941007362469597D704CE29D940B6D3396EB39788F418E26DF09877D0EB39EC85C302
                    Function 62E881A0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 133COMMON
                    Download Yara Rule
                    Strings
                    • internal error: inflate stream corrupt, xrefs: 62E882C5
                    • unexpected end of file, xrefs: 62E88225
                    • compressed data error, xrefs: 62E88307
                    • out of memory, xrefs: 62E882E2
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID:
                    • String ID: compressed data error$internal error: inflate stream corrupt$out of memory$unexpected end of file
                    • API String ID: 0-895915629
                    • Opcode ID: c07508fe93e2d1019cd9dd88cdb8a98b6d4e61f08e38a02fc8d0f25165b93561
                    • Instruction ID: a022ce379276d5af19ea58f9253f17220beb3ad44b6538ed2fc71ff5c7911ab1
                    • Opcode Fuzzy Hash: c07508fe93e2d1019cd9dd88cdb8a98b6d4e61f08e38a02fc8d0f25165b93561
                    • Instruction Fuzzy Hash: 34413D72700A0486D714CF79986075A33A2B785BACF74D3369DAC4B398DF39C9468791
                    Function 6788B590 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error$AudioL_callocL_freeL_mallocStream
                    • String ID: ModPlug_Load failed
                    • API String ID: 291637187-783326602
                    • Opcode ID: 001160fcd427015fd9702ece2cdcba634659005d789e15445cb4bcb701d321a0
                    • Instruction ID: 54a53cfdffd50f80f1ef3482cfee991773d0d7fbaee3abeeb9b7310b6cf15162
                    • Opcode Fuzzy Hash: 001160fcd427015fd9702ece2cdcba634659005d789e15445cb4bcb701d321a0
                    • Instruction Fuzzy Hash: C331B332349744CAEB1ACF2D941432D6A91ABADB89F484839DF4E07794EF39DD90CB40
                    Function 6788AA00 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 69stringCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 6788A950: SDL_getenv.SDL2 ref: 6788A95C
                      • Part of subcall function 6788A950: SDL_GetHintBoolean.SDL2 ref: 6788A96D
                    • SDL_strdup.SDL2 ref: 6788AA1D
                    • strtok.MSVCRT ref: 6788AA63
                    • SDL_free.SDL2 ref: 6788AA78
                    • SDL_SetError.SDL2 ref: 6788AA99
                    • SDL_SetError.SDL2 ref: 6788AAB9
                    Strings
                    • No SoundFonts have been requested, xrefs: 6788AA90
                    • Insufficient memory to iterate over SoundFonts, xrefs: 6788AAB0
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error$BooleanHintL_freeL_getenvL_strdupstrtok
                    • String ID: Insufficient memory to iterate over SoundFonts$No SoundFonts have been requested
                    • API String ID: 3847849284-2597955508
                    • Opcode ID: 3f5cc5291001ce18fc7a088d700ca2390940d62dace783eb41e3dc483c04734e
                    • Instruction ID: 1a8d8bd2d96bdf73d4a7333ef957a97c97acc9f538e06bb18c393c82c9ff0f12
                    • Opcode Fuzzy Hash: 3f5cc5291001ce18fc7a088d700ca2390940d62dace783eb41e3dc483c04734e
                    • Instruction Fuzzy Hash: E901822334730149ED069BAE6D842B942415B6D7E6F8859799F1E0A3C0EE3DCCC9C751
                    Function 62E86AD0 Relevance: 12.1, APIs: 8, Instructions: 147COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: freemalloc
                    • String ID:
                    • API String ID: 3061335427-0
                    • Opcode ID: 8591c4166f04cd7223bf53badd9c6685c9994b16c0141d03ac727ab8bb33184c
                    • Instruction ID: 5a0ea6bb4b726fd94d8bcf52ebbba3f4d77f3ca64c543539b3305a5473e10242
                    • Opcode Fuzzy Hash: 8591c4166f04cd7223bf53badd9c6685c9994b16c0141d03ac727ab8bb33184c
                    • Instruction Fuzzy Hash: 6751B1B261560186EB049F39D57436D3BA1E745B9CF208239CA9D4B388EB3DC986C780
                    Function 62E82E80 Relevance: 11.7, APIs: 9, Instructions: 438COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: memcpy
                    • String ID:
                    • API String ID: 3510742995-0
                    • Opcode ID: a0ea90ea25654dff8d36670da0a77f2f66b4cc183196aefea7f898e77ceebbf7
                    • Instruction ID: 6058432fb27faaa9689db917d0a731eaa8f3424c8034f9f524c3007879f571ab
                    • Opcode Fuzzy Hash: a0ea90ea25654dff8d36670da0a77f2f66b4cc183196aefea7f898e77ceebbf7
                    • Instruction Fuzzy Hash: 26F1A277A106908BC711CF3AC460A9D37A1F788F8CB659536DE9D9BB08DB39C941CB81
                    Function 62E92D1B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: signal
                    • String ID: CCG
                    • API String ID: 1946981877-1584390748
                    • Opcode ID: ea5fdb0143b018d8f050132cebeb5491fe9ba209e7c184e33e2205ed144b43e9
                    • Instruction ID: 076da1c7bb28a28d61cf39990cb139d2637b1a7c037b94289ce86a087773d55f
                    • Opcode Fuzzy Hash: ea5fdb0143b018d8f050132cebeb5491fe9ba209e7c184e33e2205ed144b43e9
                    • Instruction Fuzzy Hash: C031A230F8534146FF1B91BD44F03A911099BAA32CF35DA3B8D6987F95CE5A8DC68202
                    Function 6789577B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: signal
                    • String ID: CCG
                    • API String ID: 1946981877-1584390748
                    • Opcode ID: 56d8fa4756d6cea9dd1d17c5167775315ac85dccb38f5df70656fd00e2b3d159
                    • Instruction ID: 83c22144c5c68ea4110f23598f741c9e01260f47345ff5dfdd2cf75bd24a176b
                    • Opcode Fuzzy Hash: 56d8fa4756d6cea9dd1d17c5167775315ac85dccb38f5df70656fd00e2b3d159
                    • Instruction Fuzzy Hash: FD31A23074530889FF19696D88A032BD1159BBE36BF118D3B8A2DA73E5DA58CDC98313
                    Function 62E9279C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 87memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • VirtualProtect failed with code 0x%x, xrefs: 62E927A1, 62E928B6
                    • Address %p has no image-section, xrefs: 62E927FD
                    • VirtualQuery failed for %d bytes at address %p, xrefs: 62E9285F
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: Virtual$ErrorLastProtectQuery
                    • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                    • API String ID: 637304234-2123141913
                    • Opcode ID: 821918b5b530f73bdcd2470b47aceb3cba14cecf0e229865d835daf72bb3d81f
                    • Instruction ID: 3351cf8736089e5de21b59273d7c5207373b304d44b5ca7c5f13db12097b62cd
                    • Opcode Fuzzy Hash: 821918b5b530f73bdcd2470b47aceb3cba14cecf0e229865d835daf72bb3d81f
                    • Instruction Fuzzy Hash: 3B31AD7AF01A0086EF14DF21E8607592762F7A8B98F64813BED0C477A4DB3EC595C300
                    Function 67886320 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 74COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • VOC with unknown data size, xrefs: 6788639A
                    • VOC sample rate codes differ, xrefs: 6788665A
                    • VOC Sample rate is zero?, xrefs: 6788663C
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: VOC Sample rate is zero?$VOC sample rate codes differ$VOC with unknown data size
                    • API String ID: 2619118453-4168826635
                    • Opcode ID: a9d70c1523b12c11cb22d8dc1015319d45a7f97648d3aeb323eabe0cc94c0cb4
                    • Instruction ID: 55caa3d364b3210abaad22afb6e24d0172445871062698f5b3129e9858b3e600
                    • Opcode Fuzzy Hash: a9d70c1523b12c11cb22d8dc1015319d45a7f97648d3aeb323eabe0cc94c0cb4
                    • Instruction Fuzzy Hash: D021C2723292408ADB10CF29E54479C27A5F369798F804C25DF6587AC1FB7ADAD6CB00
                    Function 62E88E80 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 70COMMON
                    Download Yara Rule
                    APIs
                    • malloc.MSVCRT(?,?,?,?,?,?,?,62E892D5), ref: 62E88E90
                    • malloc.MSVCRT(?,?,?,?,?,?,?,62E892D5), ref: 62E88EC2
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: malloc
                    • String ID: 1.2.11$X$out of memory
                    • API String ID: 2803490479-3117843206
                    • Opcode ID: 426f91da6e627d99b416274e9e995b5529c257d4131b6ac83730ea62e5a0ac7d
                    • Instruction ID: 24dcb26c5a46367f903b5f5ae8f79998304f09b7ceac66e12d5503b993265b8d
                    • Opcode Fuzzy Hash: 426f91da6e627d99b416274e9e995b5529c257d4131b6ac83730ea62e5a0ac7d
                    • Instruction Fuzzy Hash: 90215A72610B448AE740CF39E85035E37A1FB85B9CF649239EE9D9B358EB39C885C740
                    Function 67889730 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 70COMMON
                    Download Yara Rule
                    APIs
                    • SDL_snprintf.SDL2(?,?,?,?,?,?,?,?,?,?,?,?,67886CFA), ref: 6788979A
                    • SDL_GetHintBoolean.SDL2(?,?,?,?,?,?,?,?,?,?,?,?,67886CFA), ref: 678897A4
                    Strings
                    • SDL_MIXER_DISABLE_%s, xrefs: 67889754
                    • Couldn't load %s: %s, xrefs: 678897F6
                    • SDL_MIXER_DEBUG_MUSIC_INTERFACES, xrefs: 6788975B
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: BooleanHintL_snprintf
                    • String ID: Couldn't load %s: %s$SDL_MIXER_DEBUG_MUSIC_INTERFACES$SDL_MIXER_DISABLE_%s
                    • API String ID: 2839853463-1199014118
                    • Opcode ID: 2bda8daebfd7dcc6b39e38d433e299606b473b9369a5359a53db48a0ef291119
                    • Instruction ID: 998e2545843e8b81a8818630dcfa863a45737c748a8788634c15f4b3c5de361f
                    • Opcode Fuzzy Hash: 2bda8daebfd7dcc6b39e38d433e299606b473b9369a5359a53db48a0ef291119
                    • Instruction Fuzzy Hash: B811B137345606A5EB10DF2EBC0075A6361BB6C788F8888228F5E83240EF39CD46C700
                    Function 678863B0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 69COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • VOC decoder only interprets 8-bit data, xrefs: 67886675
                    • VOC sample rate codes differ, xrefs: 6788665A
                    • VOC Sample rate is zero?, xrefs: 6788663C
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: VOC Sample rate is zero?$VOC decoder only interprets 8-bit data$VOC sample rate codes differ
                    • API String ID: 2619118453-2745385038
                    • Opcode ID: b4594fa46df76bf7b91ad9006eef8b71c49345d37be17c541356b83995433840
                    • Instruction ID: 8c52f7e05b677eef9fd907a134d7c3f2d9db861d6c643628765b79c48e189c46
                    • Opcode Fuzzy Hash: b4594fa46df76bf7b91ad9006eef8b71c49345d37be17c541356b83995433840
                    • Instruction Fuzzy Hash: 1321F6723282518ED311CF39D51435A67A1F3A979CF408A25CE59C7AC6FB7AC9D6CB00
                    Function 62E87E10 Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 65stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: strlen$freemalloc
                    • String ID: %s%s%s
                    • API String ID: 1282205974-3094730333
                    • Opcode ID: f4f726387b7d0ac42d814fdebca4e10d95658b86df557e99fafde7eecab516cb
                    • Instruction ID: ae60bdc93d0e6f12eafdde9974a5458c9715b49dcb657806d27e89cc35d9d47f
                    • Opcode Fuzzy Hash: f4f726387b7d0ac42d814fdebca4e10d95658b86df557e99fafde7eecab516cb
                    • Instruction Fuzzy Hash: 7D118437B42B1084DA119B25E92039D67549785BECF68933ADEBD1F7A4DB38CA86C340
                    Function 6788D6F0 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 31COMMON
                    Download Yara Rule
                    APIs
                    • SDL_getenv.SDL2 ref: 67893B9C
                      • Part of subcall function 6788E2D0: malloc.MSVCRT(00000000,?,?,67893BB0), ref: 6788E2DF
                      • Part of subcall function 6788E2D0: strlen.MSVCRT ref: 6788E2EF
                      • Part of subcall function 6788E2D0: malloc.MSVCRT(00000000,?,?,67893BB0), ref: 6788E2FB
                      • Part of subcall function 6788E2D0: memcpy.MSVCRT ref: 6788E311
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: malloc$L_getenvmemcpystrlen
                    • String ID: /etc/timidity.cfg$/etc/timidity/freepats.cfg$C:\TIMIDITY$TIMIDITY_CFG$timidity.cfg
                    • API String ID: 3100911805-2663940341
                    • Opcode ID: 37acba29f81e67d55681c7f9cfc3d836de69371f5d11d31c7b13cac11eae8ba1
                    • Instruction ID: 7b40f220b834779bc97ec5f57b26f96d7d7347f75b5a1163ce93e7d03cb96977
                    • Opcode Fuzzy Hash: 37acba29f81e67d55681c7f9cfc3d836de69371f5d11d31c7b13cac11eae8ba1
                    • Instruction Fuzzy Hash: 6BF0F821798505E4FA10D77E9C657B9266A5FBD348F880C31AB0EC2970FF2DCD688A11
                    Function 62E81047 Relevance: 9.1, APIs: 6, Instructions: 121sleepCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: Sleep_amsg_exit_initterm
                    • String ID:
                    • API String ID: 1554918350-0
                    • Opcode ID: 979ba3d7248e26354d330906b5ec429826d21977a22013ac4a554375e50a5a33
                    • Instruction ID: 947d1609e53718353eee2f09ccb33c72466d4d875ee487bc112e70c922fbd185
                    • Opcode Fuzzy Hash: 979ba3d7248e26354d330906b5ec429826d21977a22013ac4a554375e50a5a33
                    • Instruction Fuzzy Hash: 6C415135B15A84C5EB01DB66EC6036923A6B789B8CF24C436DDAD9B354EF3EC491C311
                    Function 62E88FA0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 133stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • internal error: deflate stream corrupt, xrefs: 62E89155
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: _errno_writestrerror
                    • String ID: internal error: deflate stream corrupt
                    • API String ID: 3682106801-3609297558
                    • Opcode ID: bb8720d85b55933c085cafbc4548f9cb141e0b2ce8a29054898ed8f61f491936
                    • Instruction ID: ac363b4b10ec9667d5cdc17c26a8c450aa735f4437c8afb9bcc2dabffd83a02a
                    • Opcode Fuzzy Hash: bb8720d85b55933c085cafbc4548f9cb141e0b2ce8a29054898ed8f61f491936
                    • Instruction Fuzzy Hash: D441B272B05A4486C7048E7AD86075A33A2F705BACF74D23ACEAD8B354DF39C882C751
                    Function 6788CB50 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                    Download Yara Rule
                    APIs
                    • SDL_AudioStreamGet.SDL2 ref: 6788CB65
                      • Part of subcall function 6788C540: SDL_memcpy.SDL2 ref: 6788C591
                      • Part of subcall function 6788C540: SDL_free.SDL2 ref: 6788C5A2
                      • Part of subcall function 6788C540: SDL_FreeAudioStream.SDL2 ref: 6788C5BE
                      • Part of subcall function 6788C540: SDL_NewAudioStream.SDL2 ref: 6788C5F5
                      • Part of subcall function 6788C540: SDL_malloc.SDL2 ref: 6788C619
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: AudioStream$FreeL_freeL_mallocL_memcpy
                    • String ID: ov_pcm_seek$ov_read
                    • API String ID: 3719101117-1696883351
                    • Opcode ID: 9c03b28f94b5a77d3dbd86de00eecf0b2d0a1a1ec19d135f31ac3529f440d4ca
                    • Instruction ID: c1d059ef15b7e0148719462ec0db755c66191a5fd79e4dd0d12a6b8776b19afc
                    • Opcode Fuzzy Hash: 9c03b28f94b5a77d3dbd86de00eecf0b2d0a1a1ec19d135f31ac3529f440d4ca
                    • Instruction Fuzzy Hash: F34160337446848AD702CF39A84435937A6A7A9BBCF585771AF598B389EF34C9808B50
                    Function 62E89180 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 106stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • internal error: deflate stream corrupt, xrefs: 62E892E5
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: _write$_errnostrerror
                    • String ID: internal error: deflate stream corrupt
                    • API String ID: 2119721117-3609297558
                    • Opcode ID: 513e57e04726ad414df4d27bd28734df8279481ef2c1ece0bfc4714d37a32271
                    • Instruction ID: 14dc56d6ac5a6ab4693b1c9447c91f242dc3ab9d56bb08d172571701b343307f
                    • Opcode Fuzzy Hash: 513e57e04726ad414df4d27bd28734df8279481ef2c1ece0bfc4714d37a32271
                    • Instruction Fuzzy Hash: 883193B6B0474486D7008EBAE46075933A1F745BACF64D239DE9C8B788EF38C892C751
                    Function 678875A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error$L_malloc
                    • String ID: Audio device hasn't been opened$Out of memory
                    • API String ID: 1434575867-1723620761
                    • Opcode ID: 87e9189a0ae03b214c2dfdee1364017301a1b588a4f6612bc570a7ae64604e76
                    • Instruction ID: 32dbf333fdde6a77198e01387fd331eb90a234a25bcb2aac0307c32ed444dd2b
                    • Opcode Fuzzy Hash: 87e9189a0ae03b214c2dfdee1364017301a1b588a4f6612bc570a7ae64604e76
                    • Instruction Fuzzy Hash: 70F0F03330930185FB058B9DB8443691A60A7AC7A4F8846349E28873D0DF38CCC2CB40
                    Function 62E92AF0 Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: signal
                    • String ID:
                    • API String ID: 1946981877-0
                    • Opcode ID: b5b8be01eccf86187537139b9746edfbee8b17a60ab705d52b0675b56f5dd5b4
                    • Instruction ID: 77d6b9b83bd5968c65cc6448bc758dcebf5d134e6d2bd153e77664c560fe6929
                    • Opcode Fuzzy Hash: b5b8be01eccf86187537139b9746edfbee8b17a60ab705d52b0675b56f5dd5b4
                    • Instruction Fuzzy Hash: 06216F30F497054AFF0499B488B03E9119297EA31CF31DC3B8E298BB95ED9D89C6C242
                    Function 62E92500 Relevance: 7.5, APIs: 5, Instructions: 47timethreadCOMMON
                    Download Yara Rule
                    APIs
                    • GetSystemTimeAsFileTime.KERNEL32 ref: 62E9253A
                    • GetCurrentProcessId.KERNEL32 ref: 62E92545
                    • GetCurrentThreadId.KERNEL32 ref: 62E9254E
                    • GetTickCount.KERNEL32 ref: 62E92556
                    • QueryPerformanceCounter.KERNEL32 ref: 62E92563
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                    • String ID:
                    • API String ID: 1445889803-0
                    • Opcode ID: 8a3aa39af34bd83d498457eb518cf7d702a0c5c3c1e17ffd097b0c30963d610f
                    • Instruction ID: 12fdd94fb870d1c5170227d2c197b2d3127d8602a99b24bc8e823bb6fb0cf98a
                    • Opcode Fuzzy Hash: 8a3aa39af34bd83d498457eb518cf7d702a0c5c3c1e17ffd097b0c30963d610f
                    • Instruction Fuzzy Hash: D411612AB56F0582EB208B65F914315B3A1B7497E4F005632DD9C43BA4EB3EC5A68740
                    Function 67894F60 Relevance: 7.5, APIs: 5, Instructions: 47timethreadCOMMON
                    Download Yara Rule
                    APIs
                    • GetSystemTimeAsFileTime.KERNEL32 ref: 67894F9A
                    • GetCurrentProcessId.KERNEL32 ref: 67894FA5
                    • GetCurrentThreadId.KERNEL32 ref: 67894FAE
                    • GetTickCount.KERNEL32 ref: 67894FB6
                    • QueryPerformanceCounter.KERNEL32 ref: 67894FC3
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                    • String ID:
                    • API String ID: 1445889803-0
                    • Opcode ID: 77523f7cdf7f4c6b7bf80d80b82fd5363d1bc57e7bfc67db59c49928c3a776f5
                    • Instruction ID: 57210a6af2f543cb76f890cc569b3674aa1be5df1924b16191a66a8239fe32e9
                    • Opcode Fuzzy Hash: 77523f7cdf7f4c6b7bf80d80b82fd5363d1bc57e7bfc67db59c49928c3a776f5
                    • Instruction Fuzzy Hash: 5411652578EB044AEB608B65E908715B3A1F7487A4F005631DD9D83BA4EF3DCD9AC300
                    Function 6788D3D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86COMMON
                    Download Yara Rule
                    APIs
                    • SDL_AudioStreamGet.SDL2 ref: 6788D3E1
                    • SDL_AudioStreamPut.SDL2 ref: 6788D495
                      • Part of subcall function 6788D040: SDL_free.SDL2 ref: 6788D089
                      • Part of subcall function 6788D040: SDL_FreeAudioStream.SDL2 ref: 6788D09F
                      • Part of subcall function 6788D040: SDL_NewAudioStream.SDL2 ref: 6788D0D5
                      • Part of subcall function 6788D040: SDL_malloc.SDL2 ref: 6788D0F3
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: AudioStream$FreeL_freeL_malloc
                    • String ID: op_read
                    • API String ID: 3247158500-3907004626
                    • Opcode ID: 601a519c63b347aa13d2c3f94a2e0324144b152ca1e779d29205d805e1dd7dab
                    • Instruction ID: 920aaee19fac745a6aa45b2440e39bfa74f28e13c658b49c68034937db3fa574
                    • Opcode Fuzzy Hash: 601a519c63b347aa13d2c3f94a2e0324144b152ca1e779d29205d805e1dd7dab
                    • Instruction Fuzzy Hash: E92184737146418BE7208F7AF48065A73A0E76C7A8B544722DF6A87B94DB38E8458B10
                    Function 67885A60 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • Trying to reverse stereo on a non-stereo stream, xrefs: 67885AF0
                    • Unsupported audio format, xrefs: 67885A99
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: Trying to reverse stereo on a non-stereo stream$Unsupported audio format
                    • API String ID: 2619118453-498337454
                    • Opcode ID: 219c4e90bb61088668908e48949ad6ececa74b07e5eedc56c0e5665423881f2a
                    • Instruction ID: d6a9f9911034f52492fc72fb73bd3d3d131d193a8906fa6d71d0219787e3ccfa
                    • Opcode Fuzzy Hash: 219c4e90bb61088668908e48949ad6ececa74b07e5eedc56c0e5665423881f2a
                    • Instruction Fuzzy Hash: 9301D673B5D21445CB616B2CFCC03D92351A3B8328FC54525DD4F4A5A5DA34CED6CA02
                    Function 678962E7 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 67896396
                    • Unknown error, xrefs: 67896304
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: __iob_funcfprintf
                    • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                    • API String ID: 620453056-3474627141
                    • Opcode ID: a2516d74c1e43a6468f0e7dd6345a5a07e3ce1519145aa6f4c0ee3eaed41a65e
                    • Instruction ID: e33c9b6ab7cb85fcc256228e8e403325eb2e89d2e66b8d2fd6b45e9c8522741f
                    • Opcode Fuzzy Hash: a2516d74c1e43a6468f0e7dd6345a5a07e3ce1519145aa6f4c0ee3eaed41a65e
                    • Instruction Fuzzy Hash: D3114C22908F88C6D6118F1CE4413EAB770FFAA759F605616EB8827624EF3AC556CB40
                    Function 6788A330 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • Position not implemented for music type, xrefs: 6788A3A0
                    • Music isn't playing, xrefs: 6788A3AE
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: Music isn't playing$Position not implemented for music type
                    • API String ID: 2619118453-3148022138
                    • Opcode ID: 882d0a9b163b2f5cdee3ed31bf598906a21608245b4d12efcbdf5ef2606aeaf2
                    • Instruction ID: f7efeebe928518f15bc242c584426b3e47482dcde939329a7e144a5f20841f99
                    • Opcode Fuzzy Hash: 882d0a9b163b2f5cdee3ed31bf598906a21608245b4d12efcbdf5ef2606aeaf2
                    • Instruction Fuzzy Hash: 34015A21749F8885EB118B2CD8853696361EBB9B98F445A11EE2C433F0DF29CCA68701
                    Function 6789632D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 67896396
                    • Overflow range error (OVERFLOW), xrefs: 6789632D
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: __iob_funcfprintf
                    • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                    • API String ID: 620453056-4064033741
                    • Opcode ID: a9ba6567978fcfaddee002b20ad84f02a1583db808122c8f01a49e0dc82286f9
                    • Instruction ID: 098b095b30722c65fa645766d392be86c563c3a4bff6c756c18369d35b9ffb41
                    • Opcode Fuzzy Hash: a9ba6567978fcfaddee002b20ad84f02a1583db808122c8f01a49e0dc82286f9
                    • Instruction Fuzzy Hash: 23F0F626508F88C2C211CF1CA4002AAB774FBAE789F605702EBC827924DF39C556DB40
                    Function 67896324 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 67896396
                    • Argument singularity (SIGN), xrefs: 67896324
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: __iob_funcfprintf
                    • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                    • API String ID: 620453056-2468659920
                    • Opcode ID: ba93968ec2c37df87724678201b7c5c2caf2d11b71fb85adb37a9dc9cc34e95d
                    • Instruction ID: 843f00960313cf381608a8b335530ee0bee8dcea9bc555e9edd7c9366288a820
                    • Opcode Fuzzy Hash: ba93968ec2c37df87724678201b7c5c2caf2d11b71fb85adb37a9dc9cc34e95d
                    • Instruction Fuzzy Hash: F2F01926408F88C2C211CF1CE4002AEB770FBAE789F605712EBC827928EF39C556DB40
                    Function 6789633F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 67896396
                    • Total loss of significance (TLOSS), xrefs: 6789633F
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: __iob_funcfprintf
                    • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                    • API String ID: 620453056-4273532761
                    • Opcode ID: a3e723435dbb4941385ae8af2f3714fdc268e836e2a583608a1c477311b23758
                    • Instruction ID: 2f0d0635fd2c98af99edb09a6e87894e9aa5b5e33d1bb6e60d4d1d3f55e6b083
                    • Opcode Fuzzy Hash: a3e723435dbb4941385ae8af2f3714fdc268e836e2a583608a1c477311b23758
                    • Instruction Fuzzy Hash: 7FF0F626408F88C2C211CF1CA4002AAB770FBAE789F605702EBC827924DF39C556DB40
                    Function 67896336 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 67896396
                    • Partial loss of significance (PLOSS), xrefs: 67896336
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: __iob_funcfprintf
                    • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                    • API String ID: 620453056-4283191376
                    • Opcode ID: f09297feafd06c8d46ba5572e4d866c520ecda172507176dd544e23870496537
                    • Instruction ID: ea2e578b24faf6f7114b8c196c3912e927b941fe4d83f75d3979a45eb19e82da
                    • Opcode Fuzzy Hash: f09297feafd06c8d46ba5572e4d866c520ecda172507176dd544e23870496537
                    • Instruction Fuzzy Hash: A5F0F626408F88C2C211CF1CA4002ABB770FBAE789F605706EBC82B924DF39C556DB40
                    Function 67896348 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 67896396
                    • The result is too small to be represented (UNDERFLOW), xrefs: 67896348
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: __iob_funcfprintf
                    • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                    • API String ID: 620453056-2187435201
                    • Opcode ID: e370a80e0cbbc3c42564e29ef96f30e74c924f671de3be400e4782be29109723
                    • Instruction ID: 2e1e3c59cbae46b51695abc552143c952beef61974e27c9448a7ce9f157f2a4c
                    • Opcode Fuzzy Hash: e370a80e0cbbc3c42564e29ef96f30e74c924f671de3be400e4782be29109723
                    • Instruction Fuzzy Hash: 74F01926408F88C2C211CF1CE4002AEB770FBAE789F605702EBC827924DF39C556DB40
                    Function 67896351 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 67896396
                    • Argument domain error (DOMAIN), xrefs: 67896351
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: __iob_funcfprintf
                    • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                    • API String ID: 620453056-2713391170
                    • Opcode ID: fedaad7704f0577014167e8a89761ab58e5074bc1b9f3b0540275088c3cd7b01
                    • Instruction ID: cadf1c99da8ec5cd5f3b2e53394da0fbe608f91e0bdc35e954fe900afad5d73f
                    • Opcode Fuzzy Hash: fedaad7704f0577014167e8a89761ab58e5074bc1b9f3b0540275088c3cd7b01
                    • Instruction Fuzzy Hash: A3F0C966404F88C6C211CF5CE4402AEB771FBAE789F605706EBC82B924DF39C556CB40
                    Function 67893FE0 Relevance: 6.3, APIs: 5, Instructions: 32COMMON
                    Download Yara Rule
                    APIs
                    • free.MSVCRT(?,?,?,6788D4F6), ref: 67894008
                    • free.MSVCRT(?,?,?,6788D4F6), ref: 67894019
                    • free.MSVCRT(?,?,?,6788D4F6), ref: 6789402E
                    • free.MSVCRT(?,?,?,6788D4F6), ref: 6789403A
                    • free.MSVCRT(?,?,?,6788D4F6), ref: 67894046
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: free
                    • String ID:
                    • API String ID: 1294909896-0
                    • Opcode ID: ba7a74ffb207099017ac0001e7998548f1963d0bebd629f85c7303bb23c1e2d3
                    • Instruction ID: 87c748b3ea80b69c97f81426e3fca667e24399e883dc9d93c2a42314deebe570
                    • Opcode Fuzzy Hash: ba7a74ffb207099017ac0001e7998548f1963d0bebd629f85c7303bb23c1e2d3
                    • Instruction Fuzzy Hash: 29F03A22B02549E2EE599B6ED9502AE5320FFECBD9F044931DF6E07616EF20D86187C1
                    Function 62E884E0 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: memcpy
                    • String ID:
                    • API String ID: 3510742995-0
                    • Opcode ID: a337c00ac799266e22fe686dab2b4152c3710cdccdf83cfbccf123c34a2a4068
                    • Instruction ID: fb929c2d6d7345470e3b66cd6c738da383a571e57ac5f61e83507c9824db6ae7
                    • Opcode Fuzzy Hash: a337c00ac799266e22fe686dab2b4152c3710cdccdf83cfbccf123c34a2a4068
                    • Instruction Fuzzy Hash: 5131F0327412588BD710DF3A982471A3392B745FECF64D2349E9C8B788EB79C841C780
                    Function 62E875D0 Relevance: 6.1, APIs: 4, Instructions: 84COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: mallocwcstombs$_wopenfree
                    • String ID:
                    • API String ID: 3371363923-0
                    • Opcode ID: acaedb836dcd87c03c5d300b9f1c62c912b6c3be86caadd35d237abdd47c7eac
                    • Instruction ID: d981803cedc404b084451862e68dad655a5112e4c3027c1ca2c1c08a9e8d3cce
                    • Opcode Fuzzy Hash: acaedb836dcd87c03c5d300b9f1c62c912b6c3be86caadd35d237abdd47c7eac
                    • Instruction Fuzzy Hash: 8621B17A7456008AEB048F38D57036D3791E781BADF248239DA7D4A7D8EB3DC686C740
                    Function 6788A740 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    • SDL_free.SDL2(?,?,00000000,?,67888BCA), ref: 6788A75A
                    • SDL_strlen.SDL2(?,?,00000000,?,67888BCA), ref: 6788A772
                    • SDL_malloc.SDL2(?,?,00000000,?,67888BCA), ref: 6788A77E
                    • SDL_memcpy.SDL2(?,?,00000000,?,67888BCA), ref: 6788A798
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: L_freeL_mallocL_memcpyL_strlen
                    • String ID:
                    • API String ID: 1042673672-0
                    • Opcode ID: 9fc2437cfc0a93737641d0ac74912a1360f8280e97b52d5115076b5c6df53d42
                    • Instruction ID: bac092fff7f87f43075f764b6782adc615e0401e5afd10bc712b3cde6f3e6761
                    • Opcode Fuzzy Hash: 9fc2437cfc0a93737641d0ac74912a1360f8280e97b52d5115076b5c6df53d42
                    • Instruction Fuzzy Hash: B2F0822174A71444ED09AB2E781C3A902585F7DB98F884D344F1E1B3C0DF2D8EE38B02
                    Function 62E928DC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147memoryCOMMON
                    Download Yara Rule
                    APIs
                    • VirtualProtect.KERNEL32(?,?,?,62E94014,?,62E81236), ref: 62E92ADF
                    Strings
                    • Unknown pseudo relocation protocol version %d., xrefs: 62E929BC
                    • Unknown pseudo relocation bit size %d., xrefs: 62E929CD
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: ProtectVirtual
                    • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
                    • API String ID: 544645111-395989641
                    • Opcode ID: c3495047c7dfe079f32da02cf2d028827685b64a26c80edbd98098e224428411
                    • Instruction ID: 5cb24638ff72fef4265eb8695a7421e65453c7b3108b1d1ec00a18fc4bdfcacb
                    • Opcode Fuzzy Hash: c3495047c7dfe079f32da02cf2d028827685b64a26c80edbd98098e224428411
                    • Instruction Fuzzy Hash: C7518E76F04A10DAFF208B35DAA07483762A765B98F24C137CD1817B98DB7EC592C715
                    Function 6789533C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147memoryCOMMON
                    Download Yara Rule
                    APIs
                    • VirtualProtect.KERNEL32(?,?,?,67897544,?,67881236), ref: 6789553F
                    Strings
                    • Unknown pseudo relocation bit size %d., xrefs: 6789542D
                    • Unknown pseudo relocation protocol version %d., xrefs: 6789541C
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: ProtectVirtual
                    • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
                    • API String ID: 544645111-395989641
                    • Opcode ID: 6354935c1c0db1b58c4611ac92660fe567dab7cfe6187ba25fa63dc82d1270b4
                    • Instruction ID: aec4bd169f3e2cc1f7edf5cc87593f8be7dfb87d66cee540f861ed664227bda2
                    • Opcode Fuzzy Hash: 6354935c1c0db1b58c4611ac92660fe567dab7cfe6187ba25fa63dc82d1270b4
                    • Instruction Fuzzy Hash: FC51C1B2B48704DAEB108F2DD98079C3762A769B5AF248921DE1D07BD8CB39CDD1CB01
                    Function 62E92740 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • VirtualProtect failed with code 0x%x, xrefs: 62E927A1
                    • Mingw-w64 runtime failure:, xrefs: 62E92766
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: Virtual$ErrorLastProtectQuery__iob_func
                    • String ID: VirtualProtect failed with code 0x%x$Mingw-w64 runtime failure:
                    • API String ID: 2722011080-2237286610
                    • Opcode ID: 01b1cdbaab5e193e9de57201c6b8783b69b4827079ad6b67029d69570931d15b
                    • Instruction ID: 1bd23c85004054c2b101f3de88615ef7effb59088a525bf695aeab99a1ea9c59
                    • Opcode Fuzzy Hash: 01b1cdbaab5e193e9de57201c6b8783b69b4827079ad6b67029d69570931d15b
                    • Instruction Fuzzy Hash: 4811E376B01B4095DB00DB51F8501D9BB62E7A5BE4F64903BAE8C0BB24DE39C895C710
                    Function 678951A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • VirtualProtect failed with code 0x%x, xrefs: 67895201
                    • Mingw-w64 runtime failure:, xrefs: 678951C6
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Virtual$ErrorLastProtectQuery__iob_func
                    • String ID: VirtualProtect failed with code 0x%x$Mingw-w64 runtime failure:
                    • API String ID: 2722011080-2237286610
                    • Opcode ID: 37d782be01c6032ef5832dd449a759f6b25071b88f51308b81c426528031d8bd
                    • Instruction ID: ec876679522f2b0033f63c30b55221116ee53702e4c3ee6384d688bde8165184
                    • Opcode Fuzzy Hash: 37d782be01c6032ef5832dd449a759f6b25071b88f51308b81c426528031d8bd
                    • Instruction Fuzzy Hash: EE11C672315B44D5DA009B5EF88019DBB66E7ADBE4F444436AF8C07B24EF38C895CB40
                    Function 6788C390 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: %s: %s$OV_EVERSION
                    • API String ID: 2619118453-288362475
                    • Opcode ID: 0539b0ecad27ab424b0f7f04e94924e49e323b45580c22992a95b71a2c64b11c
                    • Instruction ID: 04c109673013996cd7500bd2da2f714861eaa3c551a16f1c595c51796e52240f
                    • Opcode Fuzzy Hash: 0539b0ecad27ab424b0f7f04e94924e49e323b45580c22992a95b71a2c64b11c
                    • Instruction Fuzzy Hash: 89C08CA174D50A98C800976CC80439862031738328F801312522C020E0BA29CDA98701
                    Function 6788C3B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: %s: %s$OV_EBADHEADER
                    • API String ID: 2619118453-1413932590
                    • Opcode ID: 6a8163f0ce77656e32cbdb46074e9bf2330f8217c454b62cc8165a270331bc53
                    • Instruction ID: e7d4f04868eddb1956fcacae398753fe6f0de8a4c7f43802b11e1a6951f1343a
                    • Opcode Fuzzy Hash: 6a8163f0ce77656e32cbdb46074e9bf2330f8217c454b62cc8165a270331bc53
                    • Instruction Fuzzy Hash: CAC08CA174950A94C800976CC8043A4A3021735328F801712422C021E0BA29CD698700
                    Function 6788C3D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: %s: %s$OV_ENOTVORBIS
                    • API String ID: 2619118453-785980373
                    • Opcode ID: 9b9bde4579815ec33e384b133dbe15dc58f5ef4eda95631aa44180daa814cb69
                    • Instruction ID: e969be975708f9cfb69145cd989bf121158c71439619256acc60d3e9935ca402
                    • Opcode Fuzzy Hash: 9b9bde4579815ec33e384b133dbe15dc58f5ef4eda95631aa44180daa814cb69
                    • Instruction Fuzzy Hash: 49C08CA174950A94C800A76CC80839462021738328F800353422C020E0BE29CDA98700
                    Function 6788C3F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: %s: %s$OV_EINVAL
                    • API String ID: 2619118453-905753436
                    • Opcode ID: 0e8ed533a817e8ea32f4b545ce1e6037ce9f4990ffa269243feecaa5459f9cb2
                    • Instruction ID: 8a8d5b384bf8f0143811ada98ef802e15bffe7ab1cf32ee852853be8a265a26b
                    • Opcode Fuzzy Hash: 0e8ed533a817e8ea32f4b545ce1e6037ce9f4990ffa269243feecaa5459f9cb2
                    • Instruction Fuzzy Hash: B1C08CA174950A98C800976CC814394621217343A8F800323922C420E0BA29CE698700
                    Function 6788C315 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: %s: %s$OV_ENOSEEK
                    • API String ID: 2619118453-2425646166
                    • Opcode ID: a6288b07c0c5498fc3f4f41241640384e02545c3e0b531cb7e18e4493ae091c2
                    • Instruction ID: 15d507ed642df053d19a0bf58e91a6b732f7807d6fbd53edcd34c91e4d81cad5
                    • Opcode Fuzzy Hash: a6288b07c0c5498fc3f4f41241640384e02545c3e0b531cb7e18e4493ae091c2
                    • Instruction Fuzzy Hash: DFC08CB174954A98D800976CC80439462021738328F800312422C021E0BA2ACD698700
                    Function 6788C330 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: %s: %s$OV_EBADLINK
                    • API String ID: 2619118453-2543523077
                    • Opcode ID: e4401822aba6d6555052197863a6f538bd8a63ddd8f85bd52654a500f109563d
                    • Instruction ID: 01bf707ad94a8f48aba39dc4794a87ef1091f3146fbd32132cea5f7c7f335cce
                    • Opcode Fuzzy Hash: e4401822aba6d6555052197863a6f538bd8a63ddd8f85bd52654a500f109563d
                    • Instruction Fuzzy Hash: 75C08CA174950A94C900976CC80439463021734328F840312422D020E0FA29CDA98700
                    Function 6788C350 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: %s: %s$OV_EBADPACKET
                    • API String ID: 2619118453-108391067
                    • Opcode ID: 5bc89c6efd86294a7e68b23d68fcf616c41dcdedcbc1f29fc0540a32209779c4
                    • Instruction ID: eafa2ba01613975139ad9ad734c69f901748c764e9cdc4062a13b4bc82ef6ebc
                    • Opcode Fuzzy Hash: 5bc89c6efd86294a7e68b23d68fcf616c41dcdedcbc1f29fc0540a32209779c4
                    • Instruction Fuzzy Hash: 64C08CA174990A98D800976CC80439462025734328F840312422C020E0BA29CD6A8700
                    Function 6788C370 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: %s: %s$OV_ENOTAUDIO
                    • API String ID: 2619118453-2636413789
                    • Opcode ID: c0ce5f34909195e50800270ad7bc6c92afc8c28d59e3e94a56583eb7e793769d
                    • Instruction ID: e5a59d892ae29892738044a71007536e289b051927ae0e20754895c43a9166ce
                    • Opcode Fuzzy Hash: c0ce5f34909195e50800270ad7bc6c92afc8c28d59e3e94a56583eb7e793769d
                    • Instruction Fuzzy Hash: 6AC08CA178950A98C800A76CC80439462022B34328FC01312522C024E0FE2ACD698700
                    Function 6788CE80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: %s: %s$OP_EVERSION
                    • API String ID: 2619118453-472809388
                    • Opcode ID: f2ffa931720d7f1b1ccac92c3f34377aad2770351be090fa2f9cff228a86b29a
                    • Instruction ID: 6a94f71353f5f6855e392e6b2eab021b81772b33f2d678b6514706cd9cbbe9e7
                    • Opcode Fuzzy Hash: f2ffa931720d7f1b1ccac92c3f34377aad2770351be090fa2f9cff228a86b29a
                    • Instruction Fuzzy Hash: 82C08CA0A8D50899CC009BAD8C083D8220117A9328FC00352423C020E49A298DA98600
                    Function 6788CEA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: %s: %s$OP_EBADHEADER
                    • API String ID: 2619118453-3145417678
                    • Opcode ID: 5759e6d1ab49eb1e78d3174dc17e493cf9895adb141589047525c1696c362898
                    • Instruction ID: 894178162794aaa9eafe4c8b7bb582b52939d2bc05f285d841eac4375821a86a
                    • Opcode Fuzzy Hash: 5759e6d1ab49eb1e78d3174dc17e493cf9895adb141589047525c1696c362898
                    • Instruction Fuzzy Hash: 1BC08CA0B8950899C810976C8C083D8220117A5328F800392423C020E4AA298D698600
                    Function 6788CEC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: %s: %s$OP_ENOTFORMAT
                    • API String ID: 2619118453-2681463864
                    • Opcode ID: 856b9ab20677bb75cf836b8c130f261d4f48d692f443e5824a84d5dfd7472ba2
                    • Instruction ID: 4b929a5b14c6c8286c59823a8d6e6780e705999b86cfae7c1175d27ffb73b22c
                    • Opcode Fuzzy Hash: 856b9ab20677bb75cf836b8c130f261d4f48d692f443e5824a84d5dfd7472ba2
                    • Instruction Fuzzy Hash: B7C02BB0B8D50899CC009BADCC0C3E8330117A532CFC003A3433C034E5DE29CDA98700
                    Function 6788CE00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: %s: %s$OP_ENOSEEK
                    • API String ID: 2619118453-3817739740
                    • Opcode ID: 2d9ef5812a69eff5739219b87002377f5dec35bf35e0dc9fc9a5c7d693cf3f0e
                    • Instruction ID: 9223a45a6d224bf5712db1dde61c3aee259dea5c630ee6321356a631a05e7070
                    • Opcode Fuzzy Hash: 2d9ef5812a69eff5739219b87002377f5dec35bf35e0dc9fc9a5c7d693cf3f0e
                    • Instruction Fuzzy Hash: E8C08CA0B8D54899C900976C8C083E8230117A9328F840352423C020E49A298D698601
                    Function 6788CE20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: %s: %s$OP_EBADLINK
                    • API String ID: 2619118453-2592433474
                    • Opcode ID: ed355338573c58299eb0bfc31127515b6b4b0778af3b2ddf57c6b62bb19fc550
                    • Instruction ID: f633b5907ef856964e48162bee8dba7432f0b16493dd2ee05f805d1301a905ad
                    • Opcode Fuzzy Hash: ed355338573c58299eb0bfc31127515b6b4b0778af3b2ddf57c6b62bb19fc550
                    • Instruction Fuzzy Hash: 63C08CA0A8960899D800976C8C083D8230117A5769F800352423C020E4DA298DA98600
                    Function 6788CE40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: %s: %s$OP_EBADPACKET
                    • API String ID: 2619118453-3913830267
                    • Opcode ID: 88b0648ea6ec8ecf2553adbce2d9b11e2e5e291f811f58b101916a7f931bc4c8
                    • Instruction ID: c3a445c484879f77721e0d408f171fd406a73052829f2438d288011250b9eeef
                    • Opcode Fuzzy Hash: 88b0648ea6ec8ecf2553adbce2d9b11e2e5e291f811f58b101916a7f931bc4c8
                    • Instruction Fuzzy Hash: D3C02BB0BCD50899CC00976CCC083D8330117A632CFC40353433C430E4DE2ACD6A8700
                    Function 6788CE60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: %s: %s$OP_ENOTAUDIO
                    • API String ID: 2619118453-1972482334
                    • Opcode ID: 5ce00389a6db5bb93bd043c9db8e9b123b17149cf84089aba5306f422da679f1
                    • Instruction ID: 9c45a5abadf28f6f8d561c7a93394a85d358b31f17810df6f4075e39a8d9f57a
                    • Opcode Fuzzy Hash: 5ce00389a6db5bb93bd043c9db8e9b123b17149cf84089aba5306f422da679f1
                    • Instruction Fuzzy Hash: 14C08CA0A895089AC8009B6C8C083D8220117A9328FC00353423C420E49E298D698600
                    Function 6788C2F5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 7COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: %s: %s$OV_FALSE
                    • API String ID: 2619118453-3187368015
                    • Opcode ID: 0025d775af0f245f43b82125064230993bfe542028c8b34afdb77ab6d91233f1
                    • Instruction ID: db98543709701b4173e3ae9e53a72fd6bdb3fe7dd20fe0106fdde7d3f5c55489
                    • Opcode Fuzzy Hash: 0025d775af0f245f43b82125064230993bfe542028c8b34afdb77ab6d91233f1
                    • Instruction Fuzzy Hash: 04C09B6174554659DD005B5DDC543D86313677576CFC01312523D571E4FF29CD698740
                    Function 6788CF80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 5COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: %s: %s$OP_EOF
                    • API String ID: 2619118453-1834885626
                    • Opcode ID: f1bc892d6ab9566c56da584db3f5fe535aad2c9525b26e0f2f4ff7974815e62e
                    • Instruction ID: 29fa5cd825d7f2b1a6bb212b79cfd638f016d10456381bd2086593491c4f2659
                    • Opcode Fuzzy Hash: f1bc892d6ab9566c56da584db3f5fe535aad2c9525b26e0f2f4ff7974815e62e
                    • Instruction Fuzzy Hash: 65B092A02CD649A8D900978CD8083E87316A7A534DF410663462C034699E2A8D59C641
                    Function 6788CF00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 5COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: %s: %s$OP_EIMPL
                    • API String ID: 2619118453-252479002
                    • Opcode ID: 2759c091d064db65b36270b83b780e270be9e8d1025c16b039b14d4986d1f805
                    • Instruction ID: 3c988be5619de8f21843c6bdeb59bb1782555165b4c627ca7fd754b4bbcc54c4
                    • Opcode Fuzzy Hash: 2759c091d064db65b36270b83b780e270be9e8d1025c16b039b14d4986d1f805
                    • Instruction Fuzzy Hash: F9B092A028D64AA8D900978CD8583E9731257A634DF810663462C0206D9E2A8D598601
                    Function 6788CF20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 5COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: %s: %s$OP_EFAULT
                    • API String ID: 2619118453-2367972638
                    • Opcode ID: 3bf808c95fd9ced5b10f2fc7aa739c5e3b043479066b40c8ba900900bae1f157
                    • Instruction ID: cc25af08ab537a28cc278ec71cddf9ab7b9d5fa7a37749cd38fd3e4c1b81ecb7
                    • Opcode Fuzzy Hash: 3bf808c95fd9ced5b10f2fc7aa739c5e3b043479066b40c8ba900900bae1f157
                    • Instruction Fuzzy Hash: 2DB092A028D649A8E90097CCE8483E8731257A534DF410763462D02079DE2A8D998601
                    Function 6788CF40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 5COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: %s: %s$OP_EREAD
                    • API String ID: 2619118453-3674582046
                    • Opcode ID: 0995acab453240bdcbead8e98b72f41319e4706d6e6f2bacf2042bd08ead2db7
                    • Instruction ID: a2e06cbca4277df795cd5238be24a6194bf8bec7dd204618052525e45eb3a62f
                    • Opcode Fuzzy Hash: 0995acab453240bdcbead8e98b72f41319e4706d6e6f2bacf2042bd08ead2db7
                    • Instruction Fuzzy Hash: 89B092A028D649A8D900978CD8083E8731657A534DF410663462C028699E2A8D598601
                    Function 6788CF60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 5COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: %s: %s$OP_HOLE
                    • API String ID: 2619118453-2167680998
                    • Opcode ID: bef67e3b0b865b399dfc62e847a619c836b44cc65e320aa7beac9146517399f7
                    • Instruction ID: 16b93bad9036cd9462e8f315b2ccda7f59fdfcb58782014479206339ebaba603
                    • Opcode Fuzzy Hash: bef67e3b0b865b399dfc62e847a619c836b44cc65e320aa7beac9146517399f7
                    • Instruction Fuzzy Hash: ABB092A028DA49A8D900978CD8083E8731A57A574DF410663472C124699E2A8D59C601
                    Function 6788CEE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 5COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: Error
                    • String ID: %s: %s$OP_EINVAL
                    • API String ID: 2619118453-4086545115
                    • Opcode ID: 8923087f74b8947cc372ce9ee7fc3f28a04d27c17c207cd181c5bb78bcf18db5
                    • Instruction ID: 54f0d85cc1ee97cfb1d34df08e5cd04651deb946857e14c084ea540dc3620aaf
                    • Opcode Fuzzy Hash: 8923087f74b8947cc372ce9ee7fc3f28a04d27c17c207cd181c5bb78bcf18db5
                    • Instruction Fuzzy Hash: 23B092A028D64AECD900978CD8583E8771267A534DF410663862C0206D9E2ACE598601
                    Function 62E86800 Relevance: 5.2, APIs: 4, Instructions: 157COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: memcpy
                    • String ID:
                    • API String ID: 3510742995-0
                    • Opcode ID: 130099a78ee0fecf6d296afed50ace754c1680d3e88b642ac823db01844b318c
                    • Instruction ID: ed16107f7f30df2ac5e4e78e33b3d314f267dfe68f024f351e3a687456108d85
                    • Opcode Fuzzy Hash: 130099a78ee0fecf6d296afed50ace754c1680d3e88b642ac823db01844b318c
                    • Instruction Fuzzy Hash: DA614A76621B8186DB14CF79D49479C33A4F749B9CF249229EEAD47B88EF39C590C340
                    Function 62E8C030 Relevance: 5.1, APIs: 4, Instructions: 110COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796412889.0000000062E81000.00000020.00000001.01000000.00000019.sdmp, Offset: 62E80000, based on PE: true
                    • Associated: 00000001.00000002.1796396360.0000000062E80000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796463128.0000000062E95000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796481725.0000000062E9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796526371.0000000062E9F000.00000004.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796540727.0000000062EA2000.00000008.00000001.01000000.00000019.sdmpDownload File
                    • Associated: 00000001.00000002.1796558544.0000000062EA3000.00000002.00000001.01000000.00000019.sdmpDownload File
                    Similarity
                    • API ID: memcpy
                    • String ID:
                    • API String ID: 3510742995-0
                    • Opcode ID: 6d53d60ec8cd33ff9329483f60a3b602d16f8de6332c9b67aafb22e787506dfa
                    • Instruction ID: ab4893c58d16fcc5b85300e24c1fc575191ef115dd242e0281bed6db0e91b093
                    • Opcode Fuzzy Hash: 6d53d60ec8cd33ff9329483f60a3b602d16f8de6332c9b67aafb22e787506dfa
                    • Instruction Fuzzy Hash: 6D31C273B125208BC789CE36E89065D66A6F785FACF24A13ADE0957748DA79C8C1CB40
                    Function 6788E2D0 Relevance: 5.0, APIs: 4, Instructions: 36stringCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.1796696847.0000000067881000.00000020.00000001.01000000.00000027.sdmp, Offset: 67880000, based on PE: true
                    • Associated: 00000001.00000002.1796607273.0000000067880000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796716202.0000000067897000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.0000000067898000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796729581.000000006789E000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796760386.00000000678A1000.00000002.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796775051.00000000678A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A3000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796788906.00000000678A6000.00000008.00000001.01000000.00000027.sdmpDownload File
                    • Associated: 00000001.00000002.1796818785.00000000678A7000.00000002.00000001.01000000.00000027.sdmpDownload File
                    Similarity
                    • API ID: malloc$memcpystrlen
                    • String ID:
                    • API String ID: 3553820921-0
                    • Opcode ID: a5be6efb7cc2ac789c82e889f605508009748b9ee1e325c42c1cc36d2ea640c5
                    • Instruction ID: 5eb876bba288808a92be269fcd383eb895404dd12151220b6ae9875ea473008e
                    • Opcode Fuzzy Hash: a5be6efb7cc2ac789c82e889f605508009748b9ee1e325c42c1cc36d2ea640c5
                    • Instruction Fuzzy Hash: 03F0E22234670580FE0A8B9EB91026C5291AB6EFE4F4848349F1C0B354FF3CCC938741