Malware Analysis Report

2025-05-05 21:25

Sample ID 240521-wd45qadc56
Target brigadier.exe
SHA256 44c35d3c90744584a6cccfd62bbc3bb07bc921007b71dc0df936ebaa729309cd
Tags
pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

44c35d3c90744584a6cccfd62bbc3bb07bc921007b71dc0df936ebaa729309cd

Threat Level: Shows suspicious behavior

The file brigadier.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller

Loads dropped DLL

Detects Pyinstaller

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-21 17:49

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-21 17:49

Reported

2024-05-21 17:52

Platform

win7-20240221-es

Max time kernel

118s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\brigadier.exe"

Signatures

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\brigadier.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\brigadier.exe

"C:\Users\Admin\AppData\Local\Temp\brigadier.exe"

C:\Users\Admin\AppData\Local\Temp\brigadier.exe

"C:\Users\Admin\AppData\Local\Temp\brigadier.exe"

C:\Windows\System32\Wbem\wmic.exe

wmic computersystem get model /format:RAWXML

Network

Country Destination Domain Proto
US 8.8.8.8:53 swdist.apple.com udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI22562\brigadier.exe.manifest

MD5 7e8594d05bc5a232d1a0f5c219a8a5ff
SHA1 e97c6d7b8541e21bc051d5e30f0f8932a74f390d
SHA256 dec3610aee6c172332b3f0aaad22f8ed641fdc80971369715d71492210910f5f
SHA512 e29c374980c76ace055d32d44e6476c4ebde67b363ce8f5f50fb628113311cd9c5c682e2b8494607d2cd63b8d7351678144800c68be14426f9ec694eaaa4c582

C:\Users\Admin\AppData\Local\Temp\_MEI22562\python27.dll

MD5 367b77fb4be93bf0e965e0149ed96e7a
SHA1 9fbea126ff80d2bdebeb1032a27514aa933c656b
SHA256 8ef134c6fab5395aa0e3943dc4e758181583759f0f849bd9580ed87145eb5321
SHA512 8c4909f080292ca21e9a49165fa8d990162729c9d9a266b0d8561b02c26eabc060c6422a66f535d6e493f7e698542d1a1cadd0ac0e6340bf10680baebff3de71

C:\Users\Admin\AppData\Local\Temp\_MEI22562\MSVCR90.dll

MD5 ecbbed2f44afb22ba1f9ef8603c261b5
SHA1 98c1c3e0960b3653b772e71a5ea0b63362ebdbd3
SHA256 75613e14c26c84a21763cd315bdb3129c997f1c28dfbc3932379970901a22820
SHA512 bf76cb53f81278f65e2e4e3a8ec6e7b2246fe2a53e43dad49e84b567f73b7090d0eb915ea9c183da38b4a0ad03ff40ce4cca63b8609f467e40c4a3cacc394cbb

C:\Users\Admin\AppData\Local\Temp\_MEI22~1\_ctypes.pyd

MD5 28e5d05ab42adb1e7ada35f1eef1b32b
SHA1 0792867716c8a933305455a2c7f39d30807dad65
SHA256 a93e3bfe62afa5062c6257a7f347d715af346ac3aec7999b8d86a9f2580ec176
SHA512 0cb08ec46068e20a2df3fc0e69bceba5b8a807aeb580002e846d9272fea7a6ee24b8f2c571571677b61dd8c58eb998c26a656193798de5075c6943f6d701c569

C:\Users\Admin\AppData\Local\Temp\_MEI22~1\_ssl.pyd

MD5 9c6d526768f8395aecff0af0d27f0063
SHA1 a580e2782c31ffb9365ea31dce8b337aae9eee07
SHA256 2c4cb4459c37a2152698e19f27350a7dbf56c51509689b1d7a65c60fb5a75751
SHA512 52bc14aa9f6bb6822740b7be98187fba1adf86f484e130ac6df3fad6e456b41288cbb9c8abf9d7af8730e9c0f7438ed362582ee7f39a5cab9cf471bb5b84b9eb

C:\Users\Admin\AppData\Local\Temp\_MEI22~1\_socket.pyd

MD5 f28dc3a4451c29fea272d7ae063425c5
SHA1 ece376146a7115cd5b1ad141a59fff25b6da6a5d
SHA256 a75aa54781de3c97f5b4c2e0389d5ad39602cda6fcd5a3810667a4cf24f4286a
SHA512 746b1b608c457cdf8aa784683533e1220c60dd689f7f5266013f1194e9fd091123eb11d697119b9de65686019176062eb9aba04d2845930369829182a399b5e5

C:\Users\Admin\AppData\Local\Temp\_MEI22~1\_hashlib.pyd

MD5 6f784c403e2097d11331f8778f6d9d2c
SHA1 64ecd6ee875f89a88204e673acae9547992fd085
SHA256 cda9a6478417629cb40809aad57bd5a884f183333506d00008d16e47368fd633
SHA512 c1fbd548f03a46ee19cd003831bcb53df204cd1c71ab672955a2ff19267c523a17970f8fb9586e712665c09b54c19338037a38a425dacb857aae5b6162fa282c

C:\Users\Admin\AppData\Local\Temp\_MEI22~1\bz2.pyd

MD5 51fdb7790e680a394e9936498d3a73fa
SHA1 fab9f97feee68fbd9225de051349ac3258920fa2
SHA256 985902e0813564981059c2f57282614f5a907dc3df0273ba7bef2ad64123c921
SHA512 594153dd913a3369d310980b0e53bc6a10174e18b0b416dc1b86b2401b4bd94546bee9fbde7421e102490ccba4c8a8d7b91b3df5e3c0506cc98b51bc63e15c50

C:\Users\Admin\AppData\Local\Temp\_MEI22~1\select.pyd

MD5 c76ccf3e7883917832c3b2fa2b980aa1
SHA1 f35f0424522f3986f5917725b8c0b515bd80bf46
SHA256 417ecb5fe0caf271ae53fd9132f4a6d50cb5304d586548f964a546cd5858f347
SHA512 44e15c8b0d61c2b7f9dba92d0c43acb8d0a27b1c7fc58b9f1a89d39ae7ceabc5b7df5d8b2592949f014e34a04b0592189a5d1fe7551a0b59bd9499c0a7d16d8b

C:\Users\Admin\AppData\Local\Temp\_MEI22~1\unicodedata.pyd

MD5 6c38211cc951d7800cb961f4bb16716c
SHA1 fe49ce52862fa87fc6c2ae8731a3c22b69dcd3ba
SHA256 45edce458a292465d784e07a3ffd46580aab0a4f925c40704bc45a60325e7537
SHA512 4eb5daabfdb599e466b17ef541809cae9fb83994be28ba2b3401a79e5b94e6d991aa1821c22f54c6ea90b866ce4f6f9c857053eb4f37b3751dcf25806ed4e674

C:\Users\Admin\AppData\Local\Temp\_MEI22~1\pyexpat.pyd

MD5 2a69dab6a61d6837f3f597ea44e5415b
SHA1 1a2c541c9d7bbacce9485bef0f557722782bdb23
SHA256 24b321a24c67b6afb095f9bdc38ff1ecf74e95b59928fa36e6011c2fc37e4b96
SHA512 dbd1df10cdd066e3b435455bbc62d5c5dea1aa1bcd2a63fc985c61fe187fd4a3ddfe97e63bb8202ef60a2e16866c8d150f24905e3dc0b1460c83c0deb1c8d121

C:\Users\Admin\AppData\Local\Temp\_MEI22~1\certifi\cacert.pem

MD5 ea4ee2af66c4c57b8a275867e9dc07cd
SHA1 d904976736e6db3c69c304e96172234078242331
SHA256 fa883829ebb8cd2a602f9b21c1f85de24cf47949d520bceb1828b4cd1cb6906c
SHA512 4114105f63e72b54e506d06168b102a9130263576200fb21532140c0e9936149259879ac30a8b78f15ae7cb0b59b043db5154091312da731ac16e67e6314c412

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-21 17:49

Reported

2024-05-21 17:52

Platform

win10v2004-20240226-es

Max time kernel

137s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\brigadier.exe"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\wmic.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\brigadier.exe

"C:\Users\Admin\AppData\Local\Temp\brigadier.exe"

C:\Users\Admin\AppData\Local\Temp\brigadier.exe

"C:\Users\Admin\AppData\Local\Temp\brigadier.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3484 --field-trial-handle=1984,i,6250324430674571549,669234090731242346,262144 --variations-seed-version /prefetch:8

C:\Windows\System32\Wbem\wmic.exe

wmic computersystem get model /format:RAWXML

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6064 --field-trial-handle=1984,i,6250324430674571549,669234090731242346,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 13.107.246.64:443 tcp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 181.24.90.104.in-addr.arpa udp
US 8.8.8.8:53 216.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 swdist.apple.com udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
GB 51.140.244.186:443 tcp
GB 142.250.200.14:443 tcp
GB 51.140.242.104:443 tcp
US 13.107.6.158:443 tcp
GB 216.58.201.97:443 tcp
GB 88.221.135.81:443 tcp
US 13.107.42.16:443 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
GB 142.250.187.234:443 tcp
US 8.8.8.8:53 224.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.179.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 27.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI40682\brigadier.exe.manifest

MD5 7e8594d05bc5a232d1a0f5c219a8a5ff
SHA1 e97c6d7b8541e21bc051d5e30f0f8932a74f390d
SHA256 dec3610aee6c172332b3f0aaad22f8ed641fdc80971369715d71492210910f5f
SHA512 e29c374980c76ace055d32d44e6476c4ebde67b363ce8f5f50fb628113311cd9c5c682e2b8494607d2cd63b8d7351678144800c68be14426f9ec694eaaa4c582

C:\Users\Admin\AppData\Local\Temp\_MEI40682\python27.dll

MD5 367b77fb4be93bf0e965e0149ed96e7a
SHA1 9fbea126ff80d2bdebeb1032a27514aa933c656b
SHA256 8ef134c6fab5395aa0e3943dc4e758181583759f0f849bd9580ed87145eb5321
SHA512 8c4909f080292ca21e9a49165fa8d990162729c9d9a266b0d8561b02c26eabc060c6422a66f535d6e493f7e698542d1a1cadd0ac0e6340bf10680baebff3de71

C:\Users\Admin\AppData\Local\Temp\_MEI40~1\_ctypes.pyd

MD5 28e5d05ab42adb1e7ada35f1eef1b32b
SHA1 0792867716c8a933305455a2c7f39d30807dad65
SHA256 a93e3bfe62afa5062c6257a7f347d715af346ac3aec7999b8d86a9f2580ec176
SHA512 0cb08ec46068e20a2df3fc0e69bceba5b8a807aeb580002e846d9272fea7a6ee24b8f2c571571677b61dd8c58eb998c26a656193798de5075c6943f6d701c569

C:\Users\Admin\AppData\Local\Temp\_MEI40~1\_ssl.pyd

MD5 9c6d526768f8395aecff0af0d27f0063
SHA1 a580e2782c31ffb9365ea31dce8b337aae9eee07
SHA256 2c4cb4459c37a2152698e19f27350a7dbf56c51509689b1d7a65c60fb5a75751
SHA512 52bc14aa9f6bb6822740b7be98187fba1adf86f484e130ac6df3fad6e456b41288cbb9c8abf9d7af8730e9c0f7438ed362582ee7f39a5cab9cf471bb5b84b9eb

C:\Users\Admin\AppData\Local\Temp\_MEI40~1\_socket.pyd

MD5 f28dc3a4451c29fea272d7ae063425c5
SHA1 ece376146a7115cd5b1ad141a59fff25b6da6a5d
SHA256 a75aa54781de3c97f5b4c2e0389d5ad39602cda6fcd5a3810667a4cf24f4286a
SHA512 746b1b608c457cdf8aa784683533e1220c60dd689f7f5266013f1194e9fd091123eb11d697119b9de65686019176062eb9aba04d2845930369829182a399b5e5

C:\Users\Admin\AppData\Local\Temp\_MEI40~1\_hashlib.pyd

MD5 6f784c403e2097d11331f8778f6d9d2c
SHA1 64ecd6ee875f89a88204e673acae9547992fd085
SHA256 cda9a6478417629cb40809aad57bd5a884f183333506d00008d16e47368fd633
SHA512 c1fbd548f03a46ee19cd003831bcb53df204cd1c71ab672955a2ff19267c523a17970f8fb9586e712665c09b54c19338037a38a425dacb857aae5b6162fa282c

C:\Users\Admin\AppData\Local\Temp\_MEI40~1\bz2.pyd

MD5 51fdb7790e680a394e9936498d3a73fa
SHA1 fab9f97feee68fbd9225de051349ac3258920fa2
SHA256 985902e0813564981059c2f57282614f5a907dc3df0273ba7bef2ad64123c921
SHA512 594153dd913a3369d310980b0e53bc6a10174e18b0b416dc1b86b2401b4bd94546bee9fbde7421e102490ccba4c8a8d7b91b3df5e3c0506cc98b51bc63e15c50

C:\Users\Admin\AppData\Local\Temp\_MEI40~1\select.pyd

MD5 c76ccf3e7883917832c3b2fa2b980aa1
SHA1 f35f0424522f3986f5917725b8c0b515bd80bf46
SHA256 417ecb5fe0caf271ae53fd9132f4a6d50cb5304d586548f964a546cd5858f347
SHA512 44e15c8b0d61c2b7f9dba92d0c43acb8d0a27b1c7fc58b9f1a89d39ae7ceabc5b7df5d8b2592949f014e34a04b0592189a5d1fe7551a0b59bd9499c0a7d16d8b

C:\Users\Admin\AppData\Local\Temp\_MEI40~1\unicodedata.pyd

MD5 6c38211cc951d7800cb961f4bb16716c
SHA1 fe49ce52862fa87fc6c2ae8731a3c22b69dcd3ba
SHA256 45edce458a292465d784e07a3ffd46580aab0a4f925c40704bc45a60325e7537
SHA512 4eb5daabfdb599e466b17ef541809cae9fb83994be28ba2b3401a79e5b94e6d991aa1821c22f54c6ea90b866ce4f6f9c857053eb4f37b3751dcf25806ed4e674

C:\Users\Admin\AppData\Local\Temp\_MEI40~1\pyexpat.pyd

MD5 2a69dab6a61d6837f3f597ea44e5415b
SHA1 1a2c541c9d7bbacce9485bef0f557722782bdb23
SHA256 24b321a24c67b6afb095f9bdc38ff1ecf74e95b59928fa36e6011c2fc37e4b96
SHA512 dbd1df10cdd066e3b435455bbc62d5c5dea1aa1bcd2a63fc985c61fe187fd4a3ddfe97e63bb8202ef60a2e16866c8d150f24905e3dc0b1460c83c0deb1c8d121

C:\Users\Admin\AppData\Local\Temp\_MEI40~1\certifi\cacert.pem

MD5 ea4ee2af66c4c57b8a275867e9dc07cd
SHA1 d904976736e6db3c69c304e96172234078242331
SHA256 fa883829ebb8cd2a602f9b21c1f85de24cf47949d520bceb1828b4cd1cb6906c
SHA512 4114105f63e72b54e506d06168b102a9130263576200fb21532140c0e9936149259879ac30a8b78f15ae7cb0b59b043db5154091312da731ac16e67e6314c412