Malware Analysis Report

2024-11-30 11:51

Sample ID 231013-lv6d1agc6w
Target Galaxy Swapper v2.exe
SHA256 3fe2a4b474771a6b9c66ffc317b37599da776203a4fb22fd58ddf1bb18e220eb
Tags
pyinstaller pysilon upx persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3fe2a4b474771a6b9c66ffc317b37599da776203a4fb22fd58ddf1bb18e220eb

Threat Level: Known bad

The file Galaxy Swapper v2.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller pysilon upx persistence

Detect Pysilon

Pysilon family

Enumerates VirtualBox DLL files

Executes dropped EXE

Loads dropped DLL

UPX packed file

Adds Run key to start application

Detects Pyinstaller

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Kills process with taskkill

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-10-13 09:52

Signatures

Detect Pysilon

Description Indicator Process Target
N/A N/A N/A N/A

Pysilon family

pysilon

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-13 09:52

Reported

2023-10-13 09:55

Platform

win7-20230831-de

Max time kernel

41s

Max time network

66s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=1564 --field-trial-handle=1148,i,11001776720669830115,7861994867326350329,131072 /prefetch:1

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=1564 --field-trial-handle=1148,i,11001776720669830115,7861994867326350329,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe

"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe

"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4008 --field-trial-handle=1148,i,11001776720669830115,7861994867326350329,131072 /prefetch:8

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com tcp
US 8.8.8.8:53 ogs.google.com udp
NL 142.250.179.206:443 ogs.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
DE 172.217.23.195:443 ssl.gstatic.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI11882\python311.dll

MD5 5792adeab1e4414e0129ce7a228eb8b8
SHA1 e9f022e687b6d88d20ee96d9509f82e916b9ee8c
SHA256 7e1370058177d78a415b7ed113cc15472974440d84267fc44cdc5729535e3967
SHA512 c8298b5780a2a5eebed070ac296eda6902b0cac9fda7bb70e21f482d6693d6d2631ca1ac4be96b75ac0dd50c9ca35be5d0aca9c4586ba7e58021edccd482958b

\Users\Admin\AppData\Local\Temp\_MEI11882\python311.dll

MD5 5792adeab1e4414e0129ce7a228eb8b8
SHA1 e9f022e687b6d88d20ee96d9509f82e916b9ee8c
SHA256 7e1370058177d78a415b7ed113cc15472974440d84267fc44cdc5729535e3967
SHA512 c8298b5780a2a5eebed070ac296eda6902b0cac9fda7bb70e21f482d6693d6d2631ca1ac4be96b75ac0dd50c9ca35be5d0aca9c4586ba7e58021edccd482958b

memory/1492-1249-0x000007FEF3670000-0x000007FEF3C59000-memory.dmp

memory/1492-1250-0x000007FEF3670000-0x000007FEF3C59000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-13 09:52

Reported

2023-10-13 10:14

Platform

win10v2004-20230915-de

Max time kernel

796s

Max time network

1151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe"

Signatures

Enumerates VirtualBox DLL files

Description Indicator Process Target
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Windows\Galaxy Swapper v2.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows64apdata = "C:\\Users\\Admin\\Windows\\Galaxy Swapper v2.exe" C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4760 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe
PID 4760 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe
PID 2236 wrote to memory of 944 N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe C:\Windows\system32\cmd.exe
PID 2236 wrote to memory of 944 N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe C:\Windows\system32\cmd.exe
PID 2236 wrote to memory of 3668 N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2236 wrote to memory of 3668 N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2236 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe C:\Windows\system32\cmd.exe
PID 2236 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe C:\Windows\system32\cmd.exe
PID 1768 wrote to memory of 2900 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\Windows\Galaxy Swapper v2.exe
PID 1768 wrote to memory of 2900 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\Windows\Galaxy Swapper v2.exe
PID 1768 wrote to memory of 4888 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1768 wrote to memory of 4888 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe

"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe"

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe

"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x478 0x2ec

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Windows\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\Windows\activate.bat

C:\Users\Admin\Windows\Galaxy Swapper v2.exe

"Galaxy Swapper v2.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "Galaxy Swapper v2.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 29.81.57.23.in-addr.arpa udp
US 8.8.8.8:53 154.141.79.40.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 38.148.119.40.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI47602\python311.dll

MD5 5792adeab1e4414e0129ce7a228eb8b8
SHA1 e9f022e687b6d88d20ee96d9509f82e916b9ee8c
SHA256 7e1370058177d78a415b7ed113cc15472974440d84267fc44cdc5729535e3967
SHA512 c8298b5780a2a5eebed070ac296eda6902b0cac9fda7bb70e21f482d6693d6d2631ca1ac4be96b75ac0dd50c9ca35be5d0aca9c4586ba7e58021edccd482958b

C:\Users\Admin\AppData\Local\Temp\_MEI47602\python311.dll

MD5 5792adeab1e4414e0129ce7a228eb8b8
SHA1 e9f022e687b6d88d20ee96d9509f82e916b9ee8c
SHA256 7e1370058177d78a415b7ed113cc15472974440d84267fc44cdc5729535e3967
SHA512 c8298b5780a2a5eebed070ac296eda6902b0cac9fda7bb70e21f482d6693d6d2631ca1ac4be96b75ac0dd50c9ca35be5d0aca9c4586ba7e58021edccd482958b

C:\Users\Admin\AppData\Local\Temp\_MEI47602\VCRUNTIME140.dll

MD5 4585a96cc4eef6aafd5e27ea09147dc6
SHA1 489cfff1b19abbec98fda26ac8958005e88dd0cb
SHA256 a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736
SHA512 d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

memory/2236-1251-0x00007FF97CD20000-0x00007FF97D309000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI47602\VCRUNTIME140.dll

MD5 4585a96cc4eef6aafd5e27ea09147dc6
SHA1 489cfff1b19abbec98fda26ac8958005e88dd0cb
SHA256 a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736
SHA512 d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

C:\Users\Admin\AppData\Local\Temp\_MEI47602\base_library.zip

MD5 2f6d57bccf7f7735acb884a980410f6a
SHA1 93a6926887a08dc09cd92864cd82b2bec7b24ec5
SHA256 1b7d326bad406e96a4c83b5a49714819467e3174ed0a74f81c9ebd96d1dd40b3
SHA512 95bcfc66dbe7b6ad324bd2dc2258a3366a3594bfc50118ab37a2a204906109e42192fb10a91172b340cc28c12640513db268c854947fb9ed8426f214ff8889b4

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_ctypes.pyd

MD5 1adfe4d0f4d68c9c539489b89717984d
SHA1 8ae31b831b3160f5b88dda58ad3959c7423f8eb2
SHA256 64e8fd952ccf5b8adca80ce8c7bc6c96ec7df381789256fe8d326f111f02e95c
SHA512 b403cc46e0874a75e3c0819784244ed6557eae19b0d76ffd86f56b3739db10ea8deec3dc1ca9e94c101263d0ccf506978443085a70c3ab0816885046b5ef5117

C:\Users\Admin\AppData\Local\Temp\_MEI47602\python3.DLL

MD5 b711598fc3ed0fe4cf2c7f3e0877979e
SHA1 299c799e5d697834aa2447d8a313588ab5c5e433
SHA256 520169aa6cf49d7ee724d1178de1be0e809e4bdcf671e06f3d422a0dd5fd294a
SHA512 b3d59eff5e38cef651c9603971bde77be7231ea8b7bdb444259390a8a9e452e107a0b6cb9cc93e37fd3b40afb2ba9e67217d648bfca52f7cdc4b60c7493b6b84

C:\Users\Admin\AppData\Local\Temp\_MEI47602\python3.dll

MD5 b711598fc3ed0fe4cf2c7f3e0877979e
SHA1 299c799e5d697834aa2447d8a313588ab5c5e433
SHA256 520169aa6cf49d7ee724d1178de1be0e809e4bdcf671e06f3d422a0dd5fd294a
SHA512 b3d59eff5e38cef651c9603971bde77be7231ea8b7bdb444259390a8a9e452e107a0b6cb9cc93e37fd3b40afb2ba9e67217d648bfca52f7cdc4b60c7493b6b84

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_ctypes.pyd

MD5 1adfe4d0f4d68c9c539489b89717984d
SHA1 8ae31b831b3160f5b88dda58ad3959c7423f8eb2
SHA256 64e8fd952ccf5b8adca80ce8c7bc6c96ec7df381789256fe8d326f111f02e95c
SHA512 b403cc46e0874a75e3c0819784244ed6557eae19b0d76ffd86f56b3739db10ea8deec3dc1ca9e94c101263d0ccf506978443085a70c3ab0816885046b5ef5117

memory/2236-1260-0x00007FF98E0C0000-0x00007FF98E0E3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI47602\libffi-8.dll

MD5 bb1feaa818eba7757ada3d06f5c57557
SHA1 f2de5f06dc6884166de165d34ef2b029bb0acf8b
SHA256 a7ac89b42d203ad40bad636ad610cf9f6da02128e5a20b8b4420530a35a4fb29
SHA512 95dd1f0c482b0b0190e561bc08fe58db39fd8bb879a2dec0cabd40d78773161eb76441a9b1230399e3add602685d0617c092fff8bf0ab6903b537a9382782a97

C:\Users\Admin\AppData\Local\Temp\_MEI47602\libffi-8.dll

MD5 bb1feaa818eba7757ada3d06f5c57557
SHA1 f2de5f06dc6884166de165d34ef2b029bb0acf8b
SHA256 a7ac89b42d203ad40bad636ad610cf9f6da02128e5a20b8b4420530a35a4fb29
SHA512 95dd1f0c482b0b0190e561bc08fe58db39fd8bb879a2dec0cabd40d78773161eb76441a9b1230399e3add602685d0617c092fff8bf0ab6903b537a9382782a97

C:\Users\Admin\AppData\Local\Temp\_MEI47602\python3.dll

MD5 b711598fc3ed0fe4cf2c7f3e0877979e
SHA1 299c799e5d697834aa2447d8a313588ab5c5e433
SHA256 520169aa6cf49d7ee724d1178de1be0e809e4bdcf671e06f3d422a0dd5fd294a
SHA512 b3d59eff5e38cef651c9603971bde77be7231ea8b7bdb444259390a8a9e452e107a0b6cb9cc93e37fd3b40afb2ba9e67217d648bfca52f7cdc4b60c7493b6b84

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_uuid.pyd

MD5 46e9d7b5d9668c9db5caa48782ca71ba
SHA1 6bbc83a542053991b57f431dd377940418848131
SHA256 f6063622c0a0a34468679413d1b18d1f3be67e747696ab972361faed4b8d6735
SHA512 c5b171ebdb51b1755281c3180b30e88796db8aa96073489613dab96b6959a205846711187266a0ba30782102ce14fbfa4d9f413a2c018494597600482329ebf7

C:\Users\Admin\AppData\Local\Temp\_MEI47602\libcrypto-1_1.dll

MD5 dffcab08f94e627de159e5b27326d2fc
SHA1 ab8954e9ae94ae76067e5a0b1df074bccc7c3b68
SHA256 135b115e77479eedd908d7a782e004ece6dd900bb1ca05cc1260d5dd6273ef15
SHA512 57e175a5883edb781cdb2286167d027fdb4b762f41fb1fc9bd26b5544096a9c5dda7bccbb6795dcc37ed5d8d03dc0a406bf1a59adb3aeb41714f1a7c8901a17d

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_hashlib.pyd

MD5 f10d896ed25751ead72d8b03e404ea36
SHA1 eb8e0fd6e2356f76b5ea0cb72ab37399ec9d8ecb
SHA256 3660b985ca47ca1bba07db01458b3153e4e692ee57a8b23ce22f1a5ca18707c3
SHA512 7f234e0d197ba48396fabd1fccc2f19e5d4ad922a2b3fe62920cd485e5065b66813b4b2a2477d2f7f911004e1bc6e5a6ec5e873d8ff81e642fee9e77b428fb42

memory/2236-1309-0x00007FF98E350000-0x00007FF98E369000-memory.dmp

memory/2236-1311-0x00007FF98E210000-0x00007FF98E224000-memory.dmp

memory/2236-1312-0x00007FF98DD20000-0x00007FF98DD39000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_socket.pyd

MD5 bcc3e26a18d59d76fd6cf7cd64e9e14d
SHA1 b85e4e7d300dbeec942cb44e4a38f2c6314d3166
SHA256 4e19f29266a3d6c127e5e8de01d2c9b68bc55075dd3d6aabe22cf0de4b946a98
SHA512 65026247806feab6e1e5bf2b29a439bdc1543977c1457f6d3ddfbb7684e04f11aba10d58cc5e7ea0c2f07c8eb3c9b1c8a3668d7854a9a6e4340e6d3e43543b74

memory/2236-1308-0x00007FF97C9A0000-0x00007FF97CD18000-memory.dmp

memory/2236-1305-0x00007FF98DD40000-0x00007FF98DD6D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_tkinter.pyd

MD5 cf3e7e439f68aef285c58a34d074deaf
SHA1 e911d6dff1c4d23c8e4807f949a9730315d6b619
SHA256 bff186ec3a0e4cb2728c93246d85b1277ed81114e60ddf43d9be420a7c88916b
SHA512 ae793b900c890739485292a3592cc88c4e833d0c42c825248fac2089f2b35a28bd5fb353123e6d3dcd7772dc36332956499af6248c112858495219d89b6f2d5e

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_ssl.pyd

MD5 2089768e25606262921e4424a590ff05
SHA1 bc94a8ff462547ab48c2fbf705673a1552545b76
SHA256 3e6e9fc56e1a9fe5edb39ee03e5d47fa0e3f6adb17be1f087dc6f891d3b0bbca
SHA512 371aa8e5c722307fff65e00968b14280ee5046cfcf4a1d9522450688d75a3b0362f2c9ec0ec117b2fc566664f2f52a1b47fe62f28466488163f9f0f1ce367f86

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_sqlite3.pyd

MD5 eb6313b94292c827a5758eea82d018d9
SHA1 7070f715d088c669eda130d0f15e4e4e9c4b7961
SHA256 6b41dfd7d6ac12afe523d74a68f8bd984a75e438dcf2daa23a1f934ca02e89da
SHA512 23bfc3abf71b04ccffc51cedf301fadb038c458c06d14592bf1198b61758810636d9bbac9e4188e72927b49cb490aeafa313a04e3460c3fb4f22bdddf112ae56

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_socket.pyd

MD5 bcc3e26a18d59d76fd6cf7cd64e9e14d
SHA1 b85e4e7d300dbeec942cb44e4a38f2c6314d3166
SHA256 4e19f29266a3d6c127e5e8de01d2c9b68bc55075dd3d6aabe22cf0de4b946a98
SHA512 65026247806feab6e1e5bf2b29a439bdc1543977c1457f6d3ddfbb7684e04f11aba10d58cc5e7ea0c2f07c8eb3c9b1c8a3668d7854a9a6e4340e6d3e43543b74

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_queue.pyd

MD5 decdabaca104520549b0f66c136a9dc1
SHA1 423e6f3100013e5a2c97e65e94834b1b18770a87
SHA256 9d4880f7d0129b1de95becd8ea8bbbf0c044d63e87764d18f9ec00d382e43f84
SHA512 d89ee3779bf7d446514fc712dafb3ebc09069e4f665529a7a1af6494f8955ceb040bef7d18f017bcc3b6fe7addeab104535655971be6eed38d0fc09ec2c37d88

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_overlapped.pyd

MD5 e1339a750d518d9e3b8500817d8334fb
SHA1 23a2795e41153f782a23717872240ab3e4c8c9b1
SHA256 1e80734d2466925be480ccf198de76efd58393601cd3f0265850d18a629626e2
SHA512 07055de2b82824df7babf4e17cf5015cfec9d803f0f22a625ddf2ef99fcd64b0ec36cf01d6df49a56cd437795db3da2aab7a445c0333693ca38e0460682fbe42

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_multiprocessing.pyd

MD5 b6b3185a2c82bd93dfc03e837826997f
SHA1 4eed50c2a2c3e85e414d8414485a4aa244746d4e
SHA256 2313c1ba0887b185716c908b92b6391ca587f27d4e93228d7c9fc8f8ca21cefd
SHA512 24ef70f81a6b5f14492d201ddd57fe6c0ab99c7031ffdcf5daceb904f87bbe97732369abf90c58b38d4e1b367b7d732e7e24b4d3bc68d1f7c0e83f3d2fd7d49a

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_hashlib.pyd

MD5 f10d896ed25751ead72d8b03e404ea36
SHA1 eb8e0fd6e2356f76b5ea0cb72ab37399ec9d8ecb
SHA256 3660b985ca47ca1bba07db01458b3153e4e692ee57a8b23ce22f1a5ca18707c3
SHA512 7f234e0d197ba48396fabd1fccc2f19e5d4ad922a2b3fe62920cd485e5065b66813b4b2a2477d2f7f911004e1bc6e5a6ec5e873d8ff81e642fee9e77b428fb42

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_elementtree.pyd

MD5 ff94faaa5b10e11ffb36d1ef5681ce33
SHA1 d8cd479bb762a3d89970fc383733cd4be91ca24c
SHA256 98665270dd81e6c57c74746e8496f40391575faa8f5c81b1cb62f4389735d7ee
SHA512 354c7b73bd97625921b4154847f61d6a7cb00d3c6142883c911c6a20e67890f449ac8a305074be012c8d682e163c48ab16ad62892d7f84bbf6bdcb62c46b4396

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_decimal.pyd

MD5 a8952538e090e2ff0efb0ba3c890cd04
SHA1 cdc8bd05a3178a95416e1c15b6c875ee026274df
SHA256 c4e8740c5dbbd2741fc4124908da4b65fa9c3e17d9c9bf3f634710202e0c7009
SHA512 5c16f595f17bedaa9c1fdd14c724bbb404ed59421c63f6fbd3bfd54ce8d6f550147d419ec0430d008c91b01b0c42934c2a08dae844c308feec077da713ac842e

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_cffi_backend.cp311-win_amd64.pyd

MD5 1518035a65a45c274f1557ff5655e2d7
SHA1 2676d452113c68aa316cba9a03565ec146088c3f
SHA256 9ca400d84a52ae61c5613403ba379d69c271e8e9e9c3f253f93434c9336bc6e8
SHA512 b5932a2eadd2981a3bbc0918643a9936c9aaafc606d833d5ef2758061e05a3148826060ed52a2d121fabfd719ad9736b3402683640a4c4846b6aaaa457366b66

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_asyncio.pyd

MD5 d8ea889dd0e6d149b48e455207d058ab
SHA1 a2260643af8803ae10e0a886ec444d5a0e870a69
SHA256 367dec80ffa627219edc9eb681ab21ed1fdb24b372ad7691dd7d76fde65bc029
SHA512 39153493b945fddad178303e6752f0eb764347cedaf1b180f9af73527e33781130b4484b8100cf3246468a9a552bed3b52a788573e2d84818f84e86f5db03241

C:\Users\Admin\AppData\Local\Temp\_MEI47602\zlib1.dll

MD5 7ec6cb7d2b2abe92446de11d6485ebbc
SHA1 972a44c57865a3247f0d7d17c932ea25de336cdd
SHA256 5ec6e34c0e0ee5e09a87802f305531e34e3d0c7166ed751d82766a7b9fcd4176
SHA512 c09ceea5eab2e368cc9d7872985556a513bc9a31d5f289d81aa81c13b3a8c6381b8efd5a731beb80d76df4b480518334bd8641b423b99ebce43ddf01d128cf20

C:\Users\Admin\AppData\Local\Temp\_MEI47602\VCRUNTIME140_1.dll

MD5 7e668ab8a78bd0118b94978d154c85bc
SHA1 dbac42a02a8d50639805174afd21d45f3c56e3a0
SHA256 e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f
SHA512 72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032

C:\Users\Admin\AppData\Local\Temp\_MEI47602\unicodedata.pyd

MD5 c2556dc74aea61b0bd9bd15e9cd7b0d6
SHA1 05eff76e393bfb77958614ff08229b6b770a1750
SHA256 987a6d21ce961afeaaa40ba69859d4dd80d20b77c4ca6d2b928305a873d6796d
SHA512 f29841f262934c810dd1062151aefac78cd6a42d959a8b9ac832455c646645c07fd9220866b262de1bc501e1a9570591c0050d5d3607f1683437dea1ff04c32b

C:\Users\Admin\AppData\Local\Temp\_MEI47602\tk86t.dll

MD5 a3b28c19b23fddf32c8920a4d492be47
SHA1 2b9aedaf02d2ec7dbb36596b8ceeb10657480e43
SHA256 c611b2a311da589f93e83f0662dcb8b3bb3db8450c64084da4b067b36a52ecb2
SHA512 24d44d6ddde9d05eaabfa58aadeef85443be46c535d3f290b50f2208fd79f27215f65b099389a04381b6b44a812b17687886185b49eb94f7fd193114cf3c9436

C:\Users\Admin\AppData\Local\Temp\_MEI47602\tcl86t.dll

MD5 ad6e74d50f92edcdb4420750d190610c
SHA1 af6b5fae4d3d5a064df0e727bfd63e8ff82828bc
SHA256 6074ed09ce5ff856dd8f3b27a3207cf31d8f48fa1247853773609357b511068d
SHA512 18630348aa556a672bb1675f2cae3182929c3c4a6c3c5745dfda9865b17d19f895d5f1da98ec6b03ffe921abd34b16a90a56bfede64c351f307491a7f3df6e3e

C:\Users\Admin\AppData\Local\Temp\_MEI47602\sqlite3.dll

MD5 395332e795cb6abaca7d0126d6c1f215
SHA1 b845bd8864cd35dcb61f6db3710acc2659ed9f18
SHA256 8e8870dac8c96217feff4fa8af7c687470fbccd093d97121bc1eac533f47316c
SHA512 8bc8c8c5f10127289dedb012b636bc3959acb5c15638e7ed92dacdc8d8dba87a8d994aaffc88bc7dc89ccfeef359e3e79980dfa293a9acae0dc00181096a0d66

C:\Users\Admin\AppData\Local\Temp\_MEI47602\select.pyd

MD5 90fea71c9828751e36c00168b9ba4b2b
SHA1 15b506df7d02612e3ba49f816757ad0c141e9dc1
SHA256 5bbbb4f0b4f9e5329ba1d518d6e8144b1f7d83e2d7eaf6c50eef6a304d78f37d
SHA512 e424be422bf0ef06e7f9ff21e844a84212bfa08d7f9fbd4490cbbcb6493cc38cc1223aaf8b7c9cd637323b81ee93600d107cc1c982a2288eb2a0f80e2ad1f3c5

C:\Users\Admin\AppData\Local\Temp\_MEI47602\SDL2_ttf.dll

MD5 e3913036bdb469d933c658737dd05464
SHA1 30fd6b3571472d50d4a87b4908daef1c5516afd5
SHA256 e85aa1b2a8d7624973f9f0db7ff502e615b57edf38b0af7b030ee9cb01561416
SHA512 df6837512de2e3d03a4ce00ad20f72100139e15c80ae7062d12e4b266e4b6670b30889778621ecc869fcca691a03263158f2fa57a6bcaac9b3bda952bf88b749

C:\Users\Admin\AppData\Local\Temp\_MEI47602\SDL2_mixer.dll

MD5 4bf8a0231b35b804cdd002ca6ec234eb
SHA1 f6e2192e02ce714612c6aaa3fe85e3c9adb6447b
SHA256 867ea749aa6b8432c69c43b9606d8e6de19e88aef3aea2faf1b0643e0c6c516f
SHA512 420c45ff39491814e56fc6b4bf4eb99bb2b31eb4d8ead4d25fd84ef00b8b17973eb3a7bf7b31a0c100b813b717fcefe4245c403ec36038158c87bf24faf46623

C:\Users\Admin\AppData\Local\Temp\_MEI47602\SDL2_image.dll

MD5 71780d5b9aedb54b990b975aff28bbf3
SHA1 dd59dfd88255e26e9f6fc2c96972f37f175189c1
SHA256 f670f630df5dbdf0a6e19f7bbb5cb280db519a72ddef8567a1e9315591604e96
SHA512 959edf08748a00e0c2f84c352119def05b4c4da884a178cae47b6e776eefbc87534f084b5a279c4a778a99f84ea7b98c71fb259a54ca9a12ffa506c5824f48e6

C:\Users\Admin\AppData\Local\Temp\_MEI47602\SDL2.dll

MD5 aacc454789a522c8652717096b3b6cc4
SHA1 b08c9349abe6d8d15679cc5f77b51eeb25bcfcd8
SHA256 61f927f4ab813fccebc600ffb0870f6ebdff856914d8fc208eb86b01d6be4859
SHA512 9e04b0695c25c78e243bc1e93c0880c6d522179369b05b31843efa9b22468ecde392a898b7eaeac2ffc2c0525df07b3e2f4ca0cb0fe7d73af27a5def4f6b5f8b

C:\Users\Admin\AppData\Local\Temp\_MEI47602\pyexpat.pyd

MD5 9225fcea61b20b8cd4c86a1115d96a2a
SHA1 2f7bdc404a7151bfa8b437a0dc9ad5eb728654de
SHA256 04928a947886566f522c5f42fa5846afe69aace9ae5036e8ac4d649eed969e8d
SHA512 2c490de77873019743b1845afe717826564c3cfff9e8000bd1d80a212285bd51944ae9b05a5801eac4b04aaa222bce7c3c0c41ddb3c0044202e1963862e1a969

C:\Users\Admin\AppData\Local\Temp\_MEI47602\portmidi.dll

MD5 38f1fec9bf5e3ffdd22074ad246f3b7d
SHA1 ba6d0d842f5707c8678a9bcff4502cb0b3810eb8
SHA256 8cbfeb763ff321d7d1bc3d238bcd20f62fc7301611a4808d7daa11dfac408b4b
SHA512 566966ea6ada58dd6cf4c04f17e52db127d94b868cda160e6c953ccb0962d43f3946bcec199b37e1329ec5a502213791e6e8c8c099b512517a96ab5bef4fbf31

C:\Users\Admin\AppData\Local\Temp\_MEI47602\libwebp-7.dll

MD5 8a188af3c4037da968dc8b72e62c438f
SHA1 07de31918ca8a3f5d75431acc6ffee5570b3cdb7
SHA256 f744f63142e189ef8e1693bc89ff81008263f97cfe38a94e47b31119b761c7fa
SHA512 0500c5d7cdca551d91121812db24ae2cda604f9a84dfa0b43a32870905115a9e1ca741ffcf0081f77e782257fc415bbda8a0508c9244d077f040b883654a8f7a

C:\Users\Admin\AppData\Local\Temp\_MEI47602\libtiff-5.dll

MD5 dbc84c57a4a0eac0b72d890c34eaa9e9
SHA1 bbb475ccd76b12a820a02b12e9ac4ef2662eb04d
SHA256 ccc783f4877936cd92e0a5db05209be92984cf2140ae523f084179fc16f93000
SHA512 89014963ccf7071f0f40d296239c9cf0879375d94c89d191d0f8fcfd09ed50a634ca58b11184225a1c8a738b5b946b457cf2d6da66a890eefda9b9ac78b852db

C:\Users\Admin\AppData\Local\Temp\_MEI47602\libssl-1_1.dll

MD5 8e8a145e122a593af7d6cde06d2bb89f
SHA1 b0e7d78bb78108d407239e9f1b376e0c8c295175
SHA256 a6a14c1beccbd4128763e78c3ec588f747640297ffb3cc5604a9728e8ef246b1
SHA512 d104d81aca91c067f2d69fd8cec3f974d23fb5372a8f2752ad64391da3dbf5ffe36e2645a18a9a74b70b25462d73d9ea084318846b7646d39ce1d3e65a1c47c4

C:\Users\Admin\AppData\Local\Temp\_MEI47602\libpng16-16.dll

MD5 3175d904587f59af989251a2c2fc63e2
SHA1 770688d85522c647588ba2fc004c3ef48997819b
SHA256 16a2f6da537545f45757b5fa261b90dd87ee6a0f46d0326b270514648f43a253
SHA512 2a9e426f87a75b7efacebafbfe153015dd47498ce9578b65a43ca8042299110dd89ef37c4eebfac552d9ac196e9ae9d99381aed7935d8d715c28210be84c43af

C:\Users\Admin\AppData\Local\Temp\_MEI47602\libopusfile-0.dll

MD5 d669449f8a7dfdc0c7c8dddd95ea6855
SHA1 11f9cf6210ce8b4311f047a800f37feb901b402a
SHA256 5f0b18d22b566a05ccba829649314e14a59ff59055f1a6d0f1c8eb7700c8bdba
SHA512 7750cbaecbe489eb0a1649951f4b01c54341cdfe43dc3736450b466f574c30d23ba37d1c313b065a8f76e717d571134ea5befb86920b7643a363ea265ccf6954

C:\Users\Admin\AppData\Local\Temp\_MEI47602\libopus-0.x64.dll

MD5 864d98d88fe05bbfa8d61d19a8c10500
SHA1 09c5e0fc2762c8349112a1bd8a94e51d98394ce3
SHA256 c513c8fcdf8471a8b254087c51af2119f48daf632229ebe282f0ec1479cc4a8c
SHA512 997f1d258fd5b7a9ce3811e4a5738bceb44abcd8fab43e6dab37be632dcf0d80f577db8862b1b960745ad25609d736322d031f7f1ad6e3689f46b96f66e34e66

C:\Users\Admin\AppData\Local\Temp\_MEI47602\libopus-0.dll

MD5 94fd9860bede297d3c77eaa40511f549
SHA1 6d22c1e12a6cbaaaf4ec9938dec29827f2d6df33
SHA256 554707828c21a5cacfa2af347be15caeff205a9c772b7c72a0292be410f1d458
SHA512 268561cee431918cba7f0531068674c59ba7234179026ee0084e06a7d493f5f46b0d5c9029ea83ef7d97fa29772b54f2431513bba5bd9dbbe5d76bfc0ff3d91d

C:\Users\Admin\AppData\Local\Temp\_MEI47602\libogg-0.dll

MD5 ab504a0ac020045ad44a8f6f5f9bc783
SHA1 19fead3f5bfd83915915516c13fc44133adcd12f
SHA256 6d0c00699e42ef9f79e2accd1fa6129dd032473cd81248e1a6c65ad3cb147a51
SHA512 9a2a3278ef8a0b53fec8549a528b22d1686206a30f5e9afc1b888a1a15de16e0a3aa497cc6873655feddf13a7b1623d13b2a4aa7e422ceed8f836974b1e7d535

C:\Users\Admin\AppData\Local\Temp\_MEI47602\libmodplug-1.dll

MD5 0c985da17c6c82e61ea96d20ac0eab4d
SHA1 ee703038cae84749ea0c69c95f33497cb3ab33eb
SHA256 68c95b609f4464b34f0beca377fffaa02316655ddb18e208cf92fef486d2a42a
SHA512 cb6d4d8f15540e2ea3c1588c8893e951efba125ce85af5efc2aed09d7f33873a2675e15b2746c45c6978b3d2a6b97d9bcfb437b31d54b7bad3fcbdcea408dd21

C:\Users\Admin\AppData\Local\Temp\_MEI47602\libjpeg-9.dll

MD5 41633e0912bf97cacb5651e2fd2ad506
SHA1 d9382c55247244fc38c253490e71498fcd469182
SHA256 2919f523293c03c48debe55d338f3d17002e8e185bbf9d1978d8d8f765f9502a
SHA512 2cd6fc9f5da6f925c4ae2351882c853af46cbd1fe8d99788640afbfc89054f95ec05ddbbfb51965d7141647295b3993cc6d73c94d6f63ecd15fd88748d89a34d

C:\Users\Admin\AppData\Local\Temp\_MEI47602\libcrypto-1_1.dll

MD5 dffcab08f94e627de159e5b27326d2fc
SHA1 ab8954e9ae94ae76067e5a0b1df074bccc7c3b68
SHA256 135b115e77479eedd908d7a782e004ece6dd900bb1ca05cc1260d5dd6273ef15
SHA512 57e175a5883edb781cdb2286167d027fdb4b762f41fb1fc9bd26b5544096a9c5dda7bccbb6795dcc37ed5d8d03dc0a406bf1a59adb3aeb41714f1a7c8901a17d

C:\Users\Admin\AppData\Local\Temp\_MEI47602\freetype.dll

MD5 82f05dbb0f1cce48f7c3983e8c214e34
SHA1 019d790608c0676ea7f02bc2eb89c949196a1249
SHA256 f9f58cb7bd727fde30c3c63638a5e701cf74e4d73fd8a0ed65da3e889fd4ebb4
SHA512 393f8cc9fb76b44cfb252a7a03ba7bcb9b01952b03f861a4b8cd3287d795ad5d1bbe1379d18b7a62547851d70c1eb8e1c5756c53a5de7da7a5c5f918ddd37a69

C:\Users\Admin\AppData\Local\Temp\_MEI47602\crypto_clipper.json

MD5 28ace1f269a7b6ddc508fe2ef995eb89
SHA1 fc25b159929682bff11e6d3b413acba80300418a
SHA256 8011959661b3c6efee432bdc16b358de1c371aaccdbec068c9e65004262f988e
SHA512 4c1172eead25d9c6037729ad372975d545153213dba99e7308308f1f1c6594bb1322b6c1332e44bd3677458160211046762a5dbf72564e4c7d36f7371177dcd2

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_lzma.pyd

MD5 3798175fd77eded46a8af6b03c5e5f6d
SHA1 f637eaf42080dcc620642400571473a3fdf9174f
SHA256 3c9d5a9433b22538fc64141cd3784800c567c18e4379003329cf69a1d59b2a41
SHA512 1f7351c9e905265625d725551d8ea1de5d9999bc333d29e6510a5bca4e4d7c1472b2a637e892a485a7437ea4768329e5365b209dd39d7c1995fe3317dc5aecdf

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_lzma.pyd

MD5 3798175fd77eded46a8af6b03c5e5f6d
SHA1 f637eaf42080dcc620642400571473a3fdf9174f
SHA256 3c9d5a9433b22538fc64141cd3784800c567c18e4379003329cf69a1d59b2a41
SHA512 1f7351c9e905265625d725551d8ea1de5d9999bc333d29e6510a5bca4e4d7c1472b2a637e892a485a7437ea4768329e5365b209dd39d7c1995fe3317dc5aecdf

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_bz2.pyd

MD5 2d461b41f6e9a305dde68e9c59e4110a
SHA1 97c2266f47a651e37a72c153116d81d93c7556e8
SHA256 abbe3933a34a9653a757244e8e55b0d7d3a108527a3e9e8a7f2013b5f2a9eff4
SHA512 eef132df6e52eb783bad3e6af0d57cb48cda2eb0edb6e282753b02d21970c1eea6bab03c835ff9f28f2d3e25f5e9e18f176a8c5680522c09da358a1c48cf14c8

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_bz2.pyd

MD5 2d461b41f6e9a305dde68e9c59e4110a
SHA1 97c2266f47a651e37a72c153116d81d93c7556e8
SHA256 abbe3933a34a9653a757244e8e55b0d7d3a108527a3e9e8a7f2013b5f2a9eff4
SHA512 eef132df6e52eb783bad3e6af0d57cb48cda2eb0edb6e282753b02d21970c1eea6bab03c835ff9f28f2d3e25f5e9e18f176a8c5680522c09da358a1c48cf14c8

memory/2236-1261-0x00007FF995660000-0x00007FF99566F000-memory.dmp

memory/2236-1313-0x00007FF97CD20000-0x00007FF97D309000-memory.dmp

memory/2236-1314-0x00007FF98E0C0000-0x00007FF98E0E3000-memory.dmp

memory/2236-1319-0x00007FF97C9A0000-0x00007FF97CD18000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI47602\select.pyd

MD5 90fea71c9828751e36c00168b9ba4b2b
SHA1 15b506df7d02612e3ba49f816757ad0c141e9dc1
SHA256 5bbbb4f0b4f9e5329ba1d518d6e8144b1f7d83e2d7eaf6c50eef6a304d78f37d
SHA512 e424be422bf0ef06e7f9ff21e844a84212bfa08d7f9fbd4490cbbcb6493cc38cc1223aaf8b7c9cd637323b81ee93600d107cc1c982a2288eb2a0f80e2ad1f3c5

C:\Users\Admin\AppData\Local\Temp\_MEI47602\libssl-1_1.dll

MD5 8e8a145e122a593af7d6cde06d2bb89f
SHA1 b0e7d78bb78108d407239e9f1b376e0c8c295175
SHA256 a6a14c1beccbd4128763e78c3ec588f747640297ffb3cc5604a9728e8ef246b1
SHA512 d104d81aca91c067f2d69fd8cec3f974d23fb5372a8f2752ad64391da3dbf5ffe36e2645a18a9a74b70b25462d73d9ea084318846b7646d39ce1d3e65a1c47c4

memory/2236-1325-0x00007FF98DC60000-0x00007FF98DD18000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI47602\charset_normalizer\md.cp311-win_amd64.pyd

MD5 5733500569fd188a6d8b5451b20b2410
SHA1 0d67f1dd322557467640638266ffaa6be16c552e
SHA256 b063faae068f5c6635f8742ae57dd26dc5874ddd3fc7724a23e75f9aef36c493
SHA512 42c143ae71248550eeee15725d8b37d3480dcad7ec51b6ed93eccbb75057baa3f766c23861ce277d5711aa75b8079964cc72cd3142e28c4b8658689276ce35e9

memory/2236-1330-0x00007FF98EEF0000-0x00007FF98EEFD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI47602\charset_normalizer\md.cp311-win_amd64.pyd

MD5 5733500569fd188a6d8b5451b20b2410
SHA1 0d67f1dd322557467640638266ffaa6be16c552e
SHA256 b063faae068f5c6635f8742ae57dd26dc5874ddd3fc7724a23e75f9aef36c493
SHA512 42c143ae71248550eeee15725d8b37d3480dcad7ec51b6ed93eccbb75057baa3f766c23861ce277d5711aa75b8079964cc72cd3142e28c4b8658689276ce35e9

memory/2236-1327-0x00007FF993090000-0x00007FF9930BE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_queue.pyd

MD5 decdabaca104520549b0f66c136a9dc1
SHA1 423e6f3100013e5a2c97e65e94834b1b18770a87
SHA256 9d4880f7d0129b1de95becd8ea8bbbf0c044d63e87764d18f9ec00d382e43f84
SHA512 d89ee3779bf7d446514fc712dafb3ebc09069e4f665529a7a1af6494f8955ceb040bef7d18f017bcc3b6fe7addeab104535655971be6eed38d0fc09ec2c37d88

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_ssl.pyd

MD5 2089768e25606262921e4424a590ff05
SHA1 bc94a8ff462547ab48c2fbf705673a1552545b76
SHA256 3e6e9fc56e1a9fe5edb39ee03e5d47fa0e3f6adb17be1f087dc6f891d3b0bbca
SHA512 371aa8e5c722307fff65e00968b14280ee5046cfcf4a1d9522450688d75a3b0362f2c9ec0ec117b2fc566664f2f52a1b47fe62f28466488163f9f0f1ce367f86

memory/2236-1322-0x00007FF9930C0000-0x00007FF9930CD000-memory.dmp

memory/2236-1331-0x00007FF98E130000-0x00007FF98E13B000-memory.dmp

memory/2236-1332-0x00007FF98E100000-0x00007FF98E123000-memory.dmp

memory/2236-1333-0x00007FF97EFF0000-0x00007FF97F10C000-memory.dmp

memory/2236-1336-0x00007FF98D800000-0x00007FF98D80C000-memory.dmp

memory/2236-1335-0x00007FF98DF10000-0x00007FF98DF1B000-memory.dmp

memory/2236-1337-0x00007FF98D6A0000-0x00007FF98D6AB000-memory.dmp

memory/2236-1338-0x00007FF987200000-0x00007FF98720D000-memory.dmp

memory/2236-1334-0x00007FF98DC20000-0x00007FF98DC58000-memory.dmp

memory/2236-1339-0x00007FF984AD0000-0x00007FF984ADC000-memory.dmp

memory/2236-1340-0x00007FF984540000-0x00007FF98454C000-memory.dmp

memory/2236-1341-0x00007FF984530000-0x00007FF98453B000-memory.dmp

memory/2236-1343-0x00007FF984290000-0x00007FF98429C000-memory.dmp

memory/2236-1342-0x00007FF9843C0000-0x00007FF9843CB000-memory.dmp

memory/2236-1344-0x00007FF984280000-0x00007FF98428C000-memory.dmp

memory/2236-1345-0x00007FF984270000-0x00007FF98427D000-memory.dmp

memory/2236-1346-0x00007FF984240000-0x00007FF98424C000-memory.dmp

memory/2236-1347-0x00007FF97F410000-0x00007FF97F425000-memory.dmp

memory/2236-1348-0x00007FF97EFB0000-0x00007FF97EFC4000-memory.dmp

memory/2236-1350-0x00007FF98DC10000-0x00007FF98DC1C000-memory.dmp

memory/2236-1349-0x00007FF98E0F0000-0x00007FF98E0FB000-memory.dmp

memory/2236-1352-0x00007FF98D590000-0x00007FF98D59C000-memory.dmp

memory/2236-1351-0x00007FF98D810000-0x00007FF98D81B000-memory.dmp

memory/2236-1353-0x00007FF985180000-0x00007FF98518E000-memory.dmp

memory/2236-1354-0x00007FF984250000-0x00007FF984262000-memory.dmp

memory/2236-1355-0x00007FF97EFD0000-0x00007FF97EFE2000-memory.dmp

memory/2236-1356-0x00007FF98DD20000-0x00007FF98DD39000-memory.dmp

memory/2236-1357-0x00007FF98DC60000-0x00007FF98DD18000-memory.dmp

memory/2236-1358-0x00007FF97EF90000-0x00007FF97EFAB000-memory.dmp

memory/2236-1359-0x00007FF97EF70000-0x00007FF97EF82000-memory.dmp

memory/2236-1360-0x00007FF97EF10000-0x00007FF97EF4F000-memory.dmp

memory/2236-1361-0x00007FF97EF00000-0x00007FF97EF0E000-memory.dmp

memory/2236-1362-0x00007FF97EF50000-0x00007FF97EF65000-memory.dmp

memory/2236-1363-0x00007FF97EED0000-0x00007FF97EEEC000-memory.dmp

memory/2236-1364-0x00007FF97EE70000-0x00007FF97EECD000-memory.dmp

memory/2236-1365-0x00007FF98E100000-0x00007FF98E123000-memory.dmp

memory/2236-1366-0x00007FF97EFF0000-0x00007FF97F10C000-memory.dmp

memory/2236-1367-0x00007FF98DC20000-0x00007FF98DC58000-memory.dmp

memory/2236-1368-0x00007FF97EE40000-0x00007FF97EE69000-memory.dmp

memory/2236-1369-0x00007FF97CD20000-0x00007FF97D309000-memory.dmp

memory/2236-1370-0x00007FF98E0C0000-0x00007FF98E0E3000-memory.dmp

memory/2236-1406-0x00007FF97EF90000-0x00007FF97EFAB000-memory.dmp

memory/2236-1407-0x00007FF97EF70000-0x00007FF97EF82000-memory.dmp

memory/2236-1409-0x00007FF97EF10000-0x00007FF97EF4F000-memory.dmp

memory/2236-1413-0x00007FF97EE40000-0x00007FF97EE69000-memory.dmp

memory/2236-1414-0x00007FF97EAA0000-0x00007FF97EACE000-memory.dmp

memory/2236-1415-0x00007FF97EA70000-0x00007FF97EA93000-memory.dmp

memory/2236-1416-0x00007FF97DAE0000-0x00007FF97DC57000-memory.dmp

memory/2236-1417-0x00007FF97EE10000-0x00007FF97EE2C000-memory.dmp

memory/2236-1418-0x00007FF97EA60000-0x00007FF97EA6B000-memory.dmp

memory/2236-1419-0x00007FF97EA40000-0x00007FF97EA4C000-memory.dmp

memory/2236-1421-0x00007FF97EA20000-0x00007FF97EA2C000-memory.dmp

memory/2236-1420-0x00007FF97EA30000-0x00007FF97EA3B000-memory.dmp

memory/2236-1428-0x00007FF97E9A0000-0x00007FF97E9AB000-memory.dmp

memory/2236-1427-0x00007FF97E9B0000-0x00007FF97E9BB000-memory.dmp

memory/2236-1426-0x00007FF97E9C0000-0x00007FF97E9CC000-memory.dmp

memory/2236-1425-0x00007FF97E9D0000-0x00007FF97E9DC000-memory.dmp

memory/2236-1424-0x00007FF97E9F0000-0x00007FF97E9FD000-memory.dmp

memory/2236-1423-0x00007FF97EA00000-0x00007FF97EA0C000-memory.dmp

memory/2236-1422-0x00007FF97EA10000-0x00007FF97EA1B000-memory.dmp

memory/2236-1470-0x00007FF97CD20000-0x00007FF97D309000-memory.dmp

memory/2236-1471-0x00007FF98E0C0000-0x00007FF98E0E3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_c2mke30p.ocs.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82