Malware Analysis Report

2025-05-05 21:32

Sample ID 240529-nh98jadf27
Target 2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk
SHA256 e8bdc8b72122171d2a9247a61acae18f0c6101934858c2a81e88f824a4e58741
Tags
pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

e8bdc8b72122171d2a9247a61acae18f0c6101934858c2a81e88f824a4e58741

Threat Level: Shows suspicious behavior

The file 2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller

Loads dropped DLL

Detects Pyinstaller

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-29 11:25

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-29 11:25

Reported

2024-05-29 11:27

Platform

win7-20240221-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe"

C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_MEI29762\python39.dll

MD5 11c051f93c922d6b6b4829772f27a5be
SHA1 42fbdf3403a4bc3d46d348ca37a9f835e073d440
SHA256 0eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c
SHA512 1cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-29 11:25

Reported

2024-05-29 11:27

Platform

win10v2004-20240508-en

Max time kernel

143s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe"

C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-05-29_0195edf108d9357b8f6220673f2087e7_ryuk.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x240 0x300

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI14922\python39.dll

MD5 11c051f93c922d6b6b4829772f27a5be
SHA1 42fbdf3403a4bc3d46d348ca37a9f835e073d440
SHA256 0eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c
SHA512 1cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6

C:\Users\Admin\AppData\Local\Temp\_MEI14922\VCRUNTIME140.dll

MD5 8697c106593e93c11adc34faa483c4a0
SHA1 cd080c51a97aa288ce6394d6c029c06ccb783790
SHA256 ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833
SHA512 724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

C:\Users\Admin\AppData\Local\Temp\_MEI14922\base_library.zip

MD5 3ca1f378063f99fe5a95830db7901452
SHA1 55edba0bd5047e84a2c8ef189c47e8710cb68053
SHA256 9a45f19e30d37111c46158a70c862e5039cdcccc9b791676a5e60477bc641e35
SHA512 1021f6bb6beba6f8145de39ac01bcf6300f576561cc1ebab7120d9a9e1d630dc05f4a3e7b3ed78262720bc2898847b826b635334be56c04932f709b74ea992db

C:\Users\Admin\AppData\Local\Temp\_MEI14922\_ctypes.pyd

MD5 29da9b022c16da461392795951ce32d9
SHA1 0e514a8f88395b50e797d481cbbed2b4ae490c19
SHA256 3b4012343ef7a266db0b077bbb239833779192840d1e2c43dfcbc48ffd4c5372
SHA512 5c7d83823f1922734625cf69a481928a5c47b6a3bceb7f24c9197175665b2e06bd1cfd745c55d1c5fe1572f2d8da2a1dcc1c1f5de0903477bb927aca22ecb26a

C:\Users\Admin\AppData\Local\Temp\_MEI14922\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI14922\_socket.pyd

MD5 f5dd9c5922a362321978c197d3713046
SHA1 4fbc2d3e15f8bb21ecc1bf492f451475204426cd
SHA256 4494992665305fc9401ed327398ee40064fe26342fe44df11d89d2ac1cc6f626
SHA512 ce818113bb87c6e38fa85156548c6f207aaab01db311a6d8c63c6d900d607d7beff73e64d717f08388ece4b88bf8b95b71911109082cf4b0c0a9b0663b9a8e99

C:\Users\Admin\AppData\Local\Temp\_MEI14922\select.pyd

MD5 7a442bbcc4b7aa02c762321f39487ba9
SHA1 0fcb5bbdd0c3d3c5943e557cc2a5b43e20655b83
SHA256 1dd7bba480e65802657c31e6d20b1346d11bca2192575b45eb9760a4feb468ad
SHA512 3433c46c7603ae0a73aa9a863b2aecd810f8c0cc6c2cd96c71ef6bde64c275e0fceb4ea138e46a5c9bf72f66dcdea3e9551cf2103188a1e98a92d8140879b34c

C:\Users\Admin\AppData\Local\Temp\_MEI14922\_bz2.pyd

MD5 6c7565c1efffe44cb0616f5b34faa628
SHA1 88dd24807da6b6918945201c74467ca75e155b99
SHA256 fe63361f6c439c6aa26fd795af3fd805ff5b60b3b14f9b8c60c50a8f3449060a
SHA512 822445c52bb71c884461230bb163ec5dee0ad2c46d42d01cf012447f2c158865653f86a933b52afdf583043b3bf8ba7011cc782f14197220d0325e409aa16e22

C:\Users\Admin\AppData\Local\Temp\_MEI14922\_lzma.pyd

MD5 b5355dd319fb3c122bb7bf4598ad7570
SHA1 d7688576eceadc584388a179eed3155716c26ef5
SHA256 b9bc7f1d8aa8498cb8b5dc75bb0dbb6e721b48953a3f295870938b27267fb5f5
SHA512 0e228aa84b37b4ba587f6d498cef85aa1ffec470a5c683101a23d13955a8110e1c0c614d3e74fb0aa2a181b852bceeec0461546d0de8bcbd3c58cf9dc0fb26f5

C:\Users\Admin\AppData\Local\Temp\_MEI14922\pyexpat.pyd

MD5 0dc9848a5fce6ec03799ac65602dc053
SHA1 ddfd97a45c0db5117e047bf45d66873b53160978
SHA256 adc9c63f92629ed4b860fc1855400b59a1ae73dd489fd49db326dcfcad48550e
SHA512 d1b2f71000cab1115971d44c690fdb8966b9b402216b87ec1f1e8e8a1cca3ce1e1145b8d650c8ad737e6e24c59503aaf9310de3e96a0ac6596187c800013ac71

C:\Users\Admin\AppData\Local\Temp\_MEI14922\_tkinter.pyd

MD5 07392b548d2049e35981b7049dfecac7
SHA1 15914110949d98a5fa65705e27f9c11df9e3bab6
SHA256 879839e906969afbfaaed0ef4b58d0d4276d9b4c483decc883fe6b63bd9b67ad
SHA512 448272fd92a9ca6ad2da7a156f7872e2f61ef7e7af210c61893d4103960186eac9118f4d8b123e8a4d953e35bf607ef13f2d46a9553f395d3e131db8d93c4e68

C:\Users\Admin\AppData\Local\Temp\_MEI14922\tk86t.dll

MD5 fdc8a5d96f9576bd70aa1cadc2f21748
SHA1 bae145525a18ce7e5bc69c5f43c6044de7b6e004
SHA256 1a6d0871be2fa7153de22be008a20a5257b721657e6d4b24da8b1f940345d0d5
SHA512 816ada61c1fd941d10e6bb4350baa77f520e2476058249b269802be826bab294a9c18edc5d590f5ed6f8dafed502ab7ffb29db2f44292cb5bedf2f5fa609f49c

C:\Users\Admin\AppData\Local\Temp\_MEI14922\tcl86t.dll

MD5 c0b23815701dbae2a359cb8adb9ae730
SHA1 5be6736b645ed12e97b9462b77e5a43482673d90
SHA256 f650d6bc321bcda3fc3ac3dec3ac4e473fb0b7b68b6c948581bcfc54653e6768
SHA512 ed60384e95be8ea5930994db8527168f78573f8a277f8d21c089f0018cd3b9906da764ed6fcc1bd4efad009557645e206fbb4e5baef9ab4b2e3c8bb5c3b5d725

C:\Users\Admin\AppData\Local\Temp\_MEI14922\tcl\encoding\cp1252.enc

MD5 5900f51fd8b5ff75e65594eb7dd50533
SHA1 2e21300e0bc8a847d0423671b08d3c65761ee172
SHA256 14df3ae30e81e7620be6bbb7a9e42083af1ae04d94cf1203565f8a3c0542ace0
SHA512 ea0455ff4cd5c0d4afb5e79b671565c2aede2857d534e1371f0c10c299c74cb4ad113d56025f58b8ae9e88e2862f0864a4836fed236f5730360b2223fde479dc

C:\Users\Admin\AppData\Local\Temp\_MEI14922\_hashlib.pyd

MD5 f377a418addeeb02f223f45f6f168fe6
SHA1 5d8d42dec5d08111e020614600bbf45091c06c0b
SHA256 9551431425e9680660c6baf7b67a262040fd2efceb241e4c9430560c3c1fafac
SHA512 6f60bfac34ed55ff5d6ae10c6ec5511906c983e0650e5d47dac7b8a97a2e0739266cae009449cced8dff59037e2dbfc92065fbbdfde2636d13679e1629650280

C:\Users\Admin\AppData\Local\Temp\_MEI14922\libcrypto-1_1.dll

MD5 cc4cbf715966cdcad95a1e6c95592b3d
SHA1 d5873fea9c084bcc753d1c93b2d0716257bea7c3
SHA256 594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1
SHA512 3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

C:\Users\Admin\AppData\Local\Temp\_MEI14922\SDL2.dll

MD5 f9a859a7690fc35c5a925739ebe65fa2
SHA1 9255b9df335ce9189e76f47b2ca99851aaddbab9
SHA256 f65b50d693484d5d5a2bb8df1cf520628dd744e99e9a937bb936839b990943a0
SHA512 c71856243d4e5bbc10715e066496e435da6ed608a3a93b7c0d0b70bbae9b06b15c2780ff97e873ef11f28a4fc3113d8e614d1727c26c24009adf88387f47b182

C:\Users\Admin\AppData\Local\Temp\_MEI14922\pygame\rect.cp39-win_amd64.pyd

MD5 96fd1c737bd636274f172ff06b4dd017
SHA1 e91714af6dcc7ef2057d3e9652e0c2f1aaad5600
SHA256 04117401738a630ba9a82a94d6cbf29e85635f4d381f3b4866da44a93296bef6
SHA512 67b52156beae1ae8e86b719d797d35fec0c71c6fa00ee06414532f1c1a0c9a4f7aa826d495360cfdb8446d77f19fff32ef8016d74a44bc751521d068c29e8074

C:\Users\Admin\AppData\Local\Temp\_MEI14922\pygame\math.cp39-win_amd64.pyd

MD5 6f70d6dd54b7105508073976f6c52491
SHA1 cbb2724981b3c85c2436d581192f1f4c0365a091
SHA256 7f58296d3aa1f02d0259cf9a59618769956a4756dc64be8d641d7f92c9f42eb2
SHA512 04cee6efefd576d2d93dc675935c25f2f1692a5701df352196396c0a7c2c488ffe106402635303572d9c551ad85107d0caadfaf05ea2052db1e7c89211b26ac9

C:\Users\Admin\AppData\Local\Temp\_MEI14922\pygame\image.cp39-win_amd64.pyd

MD5 b085306fe0e21ecd412f3a62a9ea7933
SHA1 ec7d096e6725f79bda983752216b36811b1048f5
SHA256 aaab258812cdc98b91cc03fc41972e872f47843385b35d955a8533401fa4e3c6
SHA512 87b6309b86ab54a80d3b1069b8a0a7cd08121a9ab71f377117605807c5ccf02b6b725c7192ffd2a111d8331f37c4d3e274cd541ae85a314621cb908fb420e814

C:\Users\Admin\AppData\Local\Temp\_MEI14922\SDL2_image.dll

MD5 b8d249a5e394b4e6a954c557af1b80e6
SHA1 b03bb9d09447114a018110bfb91d56ef8d5ec3bb
SHA256 1e364af75fee0c83506fbdfd4d5b0e386c4e9c6a33ddbddac61ddb131e360194
SHA512 2f2e248c3963711f1a9f5d8baea5b8527d1df1748cd7e33bf898a380ae748f7a65629438711ff9a5343e64762ec0b5dc478cdf19fbf7111dac9d11a8427e0007

C:\Users\Admin\AppData\Local\Temp\_MEI14922\pygame\imageext.cp39-win_amd64.pyd

MD5 5b018f2d1a598cd2742b788122c9f3d1
SHA1 287e4ac693075ccb370dc62813a6545d5cbe9e00
SHA256 efbbf692458db27da557a441660475279596276e567f8d71caeb3a8ea1f4aa0b
SHA512 4c26a07a7f86c9ab1e9f9ef8fb835f01fa212bd328ec5e0d720e7b1396dedc424d96a27091f456a55a506021bdd81ba9af98cae61f0d25d20f0e3681c97770d7

C:\Users\Admin\AppData\Local\Temp\_MEI14922\pygame\event.cp39-win_amd64.pyd

MD5 3058f55a84d6160544897f98038ded41
SHA1 e826fd435c51576048a5248f84164a9cf76257bb
SHA256 0aca0036497d2bbc091a80bfc2389af5e3365d998b00b64773d57244a466b485
SHA512 627e940d24f656317eee2a53925e4c117e228aa544a3c41c2365f3ac12a8c0baf5aeaee76992ec61fef590370d10cbdbe562a8733805212af4ee084a6c8cd8ae

C:\Users\Admin\AppData\Local\Temp\_MEI14922\pygame\draw.cp39-win_amd64.pyd

MD5 1e6035e8e22d1ca90101626a289af98d
SHA1 ba25e91bdb05ebf81ee2231b1883b1e9e76304c3
SHA256 fff7e5cb45b37c7a298dde90d6f5bf25afd8cc37aeff45d5da878941951823d9
SHA512 19cc4030365c5768f77288052601400ef423f75ecc9fb8cac931eb00ad8090c8bfd9eca9284c8ff768e4af6cf20f0d9fb3da43a0324ae3c4716b08e5864165f3

C:\Users\Admin\AppData\Local\Temp\_MEI14922\pygame\surface.cp39-win_amd64.pyd

MD5 01a1b36bb5284650a6b28fc211118a47
SHA1 3bc57beb3b276373af5910554a2f02b1d5b32949
SHA256 150906b8709f4651841b75b7b01e15b170ede7eb2d92a014fc13ad5a09758a68
SHA512 505a220b86e604c7cd6a490cc633157f8a5f197f5f18903c84ac6f74d0c425da2e250e4fc1e049c584da214139816af665d3f6d6da8a49fc1ceeb00cee39546d

C:\Users\Admin\AppData\Local\Temp\_MEI14922\pygame\display.cp39-win_amd64.pyd

MD5 6c6fe75872ba3664998e1f99813f2ab3
SHA1 1404066137c0ca635b886072a293f0a815545be8
SHA256 adb366a1d97930ee926af0a247aef2b0c7ac826211f068098e6637fb644e0b2d
SHA512 97c1c361883df761ecc2935a11e282999662cb39ffb0bb152b8505a5d36357a7e5ea9dd180ded33a9c78c18470e8da0d8e3de41a3e71a1a1dab56cf24b5615b1

C:\Users\Admin\AppData\Local\Temp\_MEI14922\pygame\bufferproxy.cp39-win_amd64.pyd

MD5 1cdfccede3184818436710d3ed43771b
SHA1 9bbada5bd64e267d6c9d35395eef64cf857a4684
SHA256 a90ad251b05e2d23de00d13ecaff4b6157395959b5a8162cb238aa1044fb459f
SHA512 75d69057bc54e0cee2e60c1e48c78a443c4b11b48493f53ff87f112b6426227377c2d4ee1d4690461b13613f7839070b6eb1f079e8386caba59187ec0d80293f

C:\Users\Admin\AppData\Local\Temp\_MEI14922\pygame\color.cp39-win_amd64.pyd

MD5 ff5519bb0140f57610534cef8e932901
SHA1 0561dae046d51a80c3071a5386ffbbf1febe2232
SHA256 40dbee572d6532c7df63d3d62b31da6f38db39e0d20180104fc99dddc8da6d1a
SHA512 b2ba528e2f7fb12fcaa25366a7a59078d9b796d3b737cdf7f51ad09f0e1d465c4ae94da6d263e6e100be74f913f492dfc36df6ac0b313e225e735e7ecb09677c

C:\Users\Admin\AppData\Local\Temp\_MEI14922\pygame\surflock.cp39-win_amd64.pyd

MD5 98d4d640c03d4da1568e287493e774b3
SHA1 5ae5c88e98c808b713c32ccc66876d4851f859bf
SHA256 6a967618c2d3d36135e9e9380b6fb239f9af458e3e7a80809ee0ec4ee553508b
SHA512 15b649de2406e996f829554452588db0f9a3f3af80f7f1907028cd26a84480b8938fbdb254e0381de5cd7d47b34f1661840d2cde792e7c5bf993745ceb144c2b

C:\Users\Admin\AppData\Local\Temp\_MEI14922\pygame\rwobject.cp39-win_amd64.pyd

MD5 485ce04e840812abfd5ecaa386e88c8a
SHA1 023bd14f06a814135dd9975b17df15aed158b1aa
SHA256 7918e3b619ff48e5dc361c32abe1244bc36c100ac8caf04459f3d0441609668b
SHA512 4ecf2df519080563a468f42992249e4295216a49d5b695d168065163a3f9565b1e197a98b3a212973edc831c7a7db93f0079f7f10fb3a6ebabda45b4f635ba81

C:\Users\Admin\AppData\Local\Temp\_MEI14922\pygame\constants.cp39-win_amd64.pyd

MD5 0a7af57684c231566e2469ff19e9400a
SHA1 1eb7c772de65b88a0db8a8990686af231c863317
SHA256 ba3d4a4e708ecf974746d47802d70a76ee16d830b36bcdbd17d7109403869282
SHA512 2e917558f417fb94166a51b4241d2d99e7d64b40def70f149d34861a1db25964f2ce702c4cfa07081ce8ab3fd40f4e6f2e6f4951efe2e1980fe44d3cabc0e629

C:\Users\Admin\AppData\Local\Temp\_MEI14922\pygame\base.cp39-win_amd64.pyd

MD5 8a76b6138bebf84b5a4db03bd87520e9
SHA1 a093601ac2622826b636ecf07410043f88a8bd9b
SHA256 e0a093bd647809b4ff486c840f8222fdd00b4ad7b53c094bfccc7230fef162b0
SHA512 37d61a3b97ea40f5e570595a7687aac899af8e860f488a7be62cb6ced0134df1764981648428c813fbd22009c843eca25e6c2305ac7d60f7a83ddeab2476decc

C:\Users\Admin\AppData\Local\Temp\_MEI14922\_queue.pyd

MD5 4ab2ceb88276eba7e41628387eacb41e
SHA1 58f7963ba11e1d3942414ef6dab3300a33c8a2bd
SHA256 d82ab111224c54bab3eefdcfeb3ba406d74d2884518c5a2e9174e5c6101bd839
SHA512 b0d131e356ce35e603acf0168e540c89f600ba2ab2099ccf212e0b295c609702ac4a7b0a7dbc79f46eda50e7ea2cf09917832345dd8562d916d118aba2fa3888

memory/3168-1058-0x000000005C310000-0x000000005C498000-memory.dmp