Malware Analysis Report

2024-10-10 12:04

Sample ID 240613-sfhgysxhkn
Target platypus-1.15-installer_kH6JT-1.exe
SHA256 c2e54d82cc1f2954409c6c2828f42c0ad80264163748a357c3497147c9798324
Tags
discovery
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

c2e54d82cc1f2954409c6c2828f42c0ad80264163748a357c3497147c9798324

Threat Level: Likely malicious

The file platypus-1.15-installer_kH6JT-1.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Checks BIOS information in registry

Checks installed software on the system

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 15:03

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 15:03

Reported

2024-06-13 15:05

Platform

win11-20240611-en

Max time kernel

92s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\platypus-1.15-installer_kH6JT-1.exe"

Signatures

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files (x86)\Platypus\platypus.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Platypus\platypus.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Platypus\gfx\is-SR2O9.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-OIBNN.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-6GRQ1.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-S728A.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-8N7ID.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-FDSBN.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-ANOHO.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-66K7G.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\sound\is-IRAF5.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\sound\is-888J8.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\Data\is-01RLB.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-JGQNB.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-NB8BK.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-N4711.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-BTCCG.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\music\is-UOMSR.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\Data\is-GGHP1.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-QUGLS.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-GQ5T2.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-97MSS.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-I2ABD.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-EO0JG.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-1O9LC.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-B95D2.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-ULPRV.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-2QI0T.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-7BA96.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-3F1N6.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-L22AU.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-GN3BI.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-OBIVQ.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-3KS2L.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-RE6UM.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\is-0NTOK.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\font\is-5NKJR.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-JSKS8.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-SGFIB.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-DAGEU.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-6TU3H.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-9M38C.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-TI79A.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\sound\is-UNUR9.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\sound\is-T3VI1.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\ReflexiveArcade\Channels\22665\Channel.dat C:\Users\Admin\Downloads\platypus-1.15-installer.exe N/A
File created C:\Program Files (x86)\Platypus\gfx\is-KMGN2.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-T2696.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-DHCVP.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-AIM5N.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-54JGS.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-OFM6B.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-GRGVO.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-LLI32.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-EV5HM.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\sound\is-C43PB.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-O2SEL.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-KMHAT.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\sound\is-FFBKD.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\sound\is-T79OE.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-3CA0J.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-CHKR5.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-02IIA.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-MLH43.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-F9M6L.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A
File created C:\Program Files (x86)\Platypus\gfx\is-JJMUN.tmp C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\is-IEAAV.tmp\platypus-1.15-installer_kH6JT-1.tmp N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ C:\Users\Admin\AppData\Local\Temp\is-IEAAV.tmp\platypus-1.15-installer_kH6JT-1.tmp N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Platypus\platypus.exe N/A
N/A N/A C:\Program Files (x86)\Platypus\platypus.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Platypus\platypus.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-IEAAV.tmp\platypus-1.15-installer_kH6JT-1.tmp N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Platypus\platypus.RWG N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 232 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\platypus-1.15-installer_kH6JT-1.exe C:\Users\Admin\AppData\Local\Temp\is-IEAAV.tmp\platypus-1.15-installer_kH6JT-1.tmp
PID 232 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\platypus-1.15-installer_kH6JT-1.exe C:\Users\Admin\AppData\Local\Temp\is-IEAAV.tmp\platypus-1.15-installer_kH6JT-1.tmp
PID 232 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\platypus-1.15-installer_kH6JT-1.exe C:\Users\Admin\AppData\Local\Temp\is-IEAAV.tmp\platypus-1.15-installer_kH6JT-1.tmp
PID 3460 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\is-IEAAV.tmp\platypus-1.15-installer_kH6JT-1.tmp C:\Users\Admin\Downloads\platypus-1.15-installer.exe
PID 3460 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\is-IEAAV.tmp\platypus-1.15-installer_kH6JT-1.tmp C:\Users\Admin\Downloads\platypus-1.15-installer.exe
PID 3460 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\is-IEAAV.tmp\platypus-1.15-installer_kH6JT-1.tmp C:\Users\Admin\Downloads\platypus-1.15-installer.exe
PID 2800 wrote to memory of 2684 N/A C:\Users\Admin\Downloads\platypus-1.15-installer.exe C:\Users\Admin\AppData\Local\Temp\PlatypusSetup27891.exe
PID 2800 wrote to memory of 2684 N/A C:\Users\Admin\Downloads\platypus-1.15-installer.exe C:\Users\Admin\AppData\Local\Temp\PlatypusSetup27891.exe
PID 2800 wrote to memory of 2684 N/A C:\Users\Admin\Downloads\platypus-1.15-installer.exe C:\Users\Admin\AppData\Local\Temp\PlatypusSetup27891.exe
PID 2684 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\PlatypusSetup27891.exe C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp
PID 2684 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\PlatypusSetup27891.exe C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp
PID 2684 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\PlatypusSetup27891.exe C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp
PID 4452 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp C:\Program Files (x86)\Platypus\platypus.exe
PID 4452 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp C:\Program Files (x86)\Platypus\platypus.exe
PID 4452 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp C:\Program Files (x86)\Platypus\platypus.exe
PID 4072 wrote to memory of 3168 N/A C:\Program Files (x86)\Platypus\platypus.exe C:\Program Files (x86)\Platypus\platypus.RWG
PID 4072 wrote to memory of 3168 N/A C:\Program Files (x86)\Platypus\platypus.exe C:\Program Files (x86)\Platypus\platypus.RWG
PID 4072 wrote to memory of 3168 N/A C:\Program Files (x86)\Platypus\platypus.exe C:\Program Files (x86)\Platypus\platypus.RWG
PID 4072 wrote to memory of 3168 N/A C:\Program Files (x86)\Platypus\platypus.exe C:\Program Files (x86)\Platypus\platypus.RWG
PID 4072 wrote to memory of 4460 N/A C:\Program Files (x86)\Platypus\platypus.exe C:\Program Files (x86)\Platypus\ReflexiveArcade\RAW_003.wdt
PID 4072 wrote to memory of 4460 N/A C:\Program Files (x86)\Platypus\platypus.exe C:\Program Files (x86)\Platypus\ReflexiveArcade\RAW_003.wdt
PID 4072 wrote to memory of 4460 N/A C:\Program Files (x86)\Platypus\platypus.exe C:\Program Files (x86)\Platypus\ReflexiveArcade\RAW_003.wdt

Processes

C:\Users\Admin\AppData\Local\Temp\platypus-1.15-installer_kH6JT-1.exe

"C:\Users\Admin\AppData\Local\Temp\platypus-1.15-installer_kH6JT-1.exe"

C:\Users\Admin\AppData\Local\Temp\is-IEAAV.tmp\platypus-1.15-installer_kH6JT-1.tmp

"C:\Users\Admin\AppData\Local\Temp\is-IEAAV.tmp\platypus-1.15-installer_kH6JT-1.tmp" /SL5="$5020E,837551,832512,C:\Users\Admin\AppData\Local\Temp\platypus-1.15-installer_kH6JT-1.exe"

C:\Users\Admin\Downloads\platypus-1.15-installer.exe

"C:\Users\Admin\Downloads\platypus-1.15-installer.exe"

C:\Users\Admin\AppData\Local\Temp\PlatypusSetup27891.exe

"C:\Users\Admin\AppData\Local\Temp\PlatypusSetup27891.exe" ""

C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp

"C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp" /SL5="$D017A,15308510,53248,C:\Users\Admin\AppData\Local\Temp\PlatypusSetup27891.exe" ""

C:\Program Files (x86)\Platypus\platypus.exe

"C:\Program Files (x86)\Platypus\platypus"

C:\Program Files (x86)\Platypus\platypus.RWG

"platypus.RWG"

C:\Program Files (x86)\Platypus\ReflexiveArcade\RAW_003.wdt

"ReflexiveArcade\RAW_003.wdt"

Network

Country Destination Domain Proto
US 8.8.8.8:53 d2dbdb0phbn9qb.cloudfront.net udp
FR 52.84.186.58:443 d2dbdb0phbn9qb.cloudfront.net tcp
FR 52.84.186.58:443 d2dbdb0phbn9qb.cloudfront.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
US 8.8.8.8:53 58.186.84.52.in-addr.arpa udp
US 8.8.8.8:53 93.82.68.104.in-addr.arpa udp
US 199.232.194.133:443 gsf-fl.softonic.com tcp

Files

memory/232-0-0x0000000000400000-0x00000000004D8000-memory.dmp

memory/232-2-0x0000000000401000-0x00000000004B7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-IEAAV.tmp\platypus-1.15-installer_kH6JT-1.tmp

MD5 1528a9a0a3f4bbc8a0cbfb30e97d124d
SHA1 22ac16f8188a98efc8165b0aabe252931c8428b0
SHA256 909f4d5e83081d89443d582c6ce338b2fad43c5df017bbeb08ee4a693ecb7e87
SHA512 c5b3c64ee1a6c3f350092fb45b621b624061f0688b1fc4e27126cc32d88580185401ac0c277b3edcb8ae49075a79be1058db0a3419ed0ecab0ad3e2fae33e362

memory/3460-6-0x0000000000400000-0x000000000071C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-D0ETQ.tmp\mainlogo.png

MD5 d7230741a0c4f411ea262f076b379491
SHA1 e43a5d1a8e68b271a24e69d6e3eb7adf9599179b
SHA256 a449f81a7ac72a41d16a3a6b2e534094203e2d91ccb0af8afc8ad6b2f68584c7
SHA512 0bd38d6b26775173f8410afe084d4e3ba35da009d39cb7a288ab4a9036760ade66d7922a026d5733927b979490c9e6197ec731b16d689d0b90b2ba7e58ddbefd

memory/3460-19-0x0000000002DD0000-0x0000000002F10000-memory.dmp

memory/232-20-0x0000000000400000-0x00000000004D8000-memory.dmp

memory/3460-21-0x0000000000400000-0x000000000071C000-memory.dmp

memory/3460-22-0x0000000000400000-0x000000000071C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-D0ETQ.tmp\RAV_Cross.png

MD5 4167c79312b27c8002cbeea023fe8cb5
SHA1 fda8a34c9eba906993a336d01557801a68ac6681
SHA256 c3bf350627b842bed55e6a72ab53da15719b4f33c267a6a132cb99ff6afe3cd8
SHA512 4815746e5e30cbef626228601f957d993752a3d45130feeda335690b7d21ed3d6d6a6dc0ad68a1d5ba584b05791053a4fc7e9ac7b64abd47feaa8d3b919353bb

memory/3460-26-0x0000000002DD0000-0x0000000002F10000-memory.dmp

memory/3460-27-0x0000000000400000-0x000000000071C000-memory.dmp

C:\Users\Admin\Downloads\platypus-1.15-installer.exe

MD5 62c706e3ee611aecb7a6c9ea0b1c6d7f
SHA1 61bc2089a8b20f7b9c9ceaeaf030d0fc27abf736
SHA256 4c3402203ea6ede1002c43018176f36d28bfa0de813c901d9acc95e239b245a5
SHA512 e581f0904d7122957950258cb0c1b6ec39e30a4a5e27364889ee592489bb650fe43c65993dc06a2ee2b17a92f2426b3733f2ad38082523d2f74eaa7610829a0d

memory/3460-35-0x0000000000400000-0x000000000071C000-memory.dmp

memory/3460-36-0x0000000000400000-0x000000000071C000-memory.dmp

memory/3460-44-0x0000000002DD0000-0x0000000002F10000-memory.dmp

memory/3460-62-0x0000000000400000-0x000000000071C000-memory.dmp

memory/232-64-0x0000000000400000-0x00000000004D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\PlatypusSetup27891.exe

MD5 8f964178e5bdc13d1e3dcdb7dbf3fff4
SHA1 56b8ac42ab4ac05b47cc855cc0f5ea74bb0032d4
SHA256 d8520c40672d6cee71733509d4186fd88c0e9185469332056de2cadcda9e4ced
SHA512 ff52dd3c432b2bbe9e37f806a366bd6fdb7bfb0777a63abaa973d3b1c906a0e9e422c82b073fe43a06a6b3ccba15eb8a37e31d150c8edb0886f529bb395625c1

memory/2684-68-0x0000000000400000-0x0000000000414000-memory.dmp

memory/2684-70-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-IHF74.tmp\PlatypusSetup27891.tmp

MD5 52950ac9e2b481453082f096120e355a
SHA1 159c09db1abcee9114b4f792ffba255c78a6e6c3
SHA256 25fbc88c7c967266f041ae4d47c2eae0b96086f9e440cca10729103aee7ef6cd
SHA512 5b61c28bbcaedadb3b6cd3bb8a392d18016c354c4c16e01395930666addc95994333dfc45bea1a1844f6f1585e79c729136d3714ac118b5848becde0bdb182ba

memory/2684-80-0x0000000000400000-0x0000000000414000-memory.dmp

memory/4452-81-0x0000000000400000-0x00000000004B6000-memory.dmp

C:\Program Files (x86)\Platypus\font\is-74BMJ.tmp

MD5 94c0efb7cad73a5d01aa1784a4a95725
SHA1 f9e40df0ba23e9c9d1b30181c8fdf006977957ce
SHA256 1e22e0c3e47545a840057f258b769d9c6ab3884e8b0624358093fb403d96f77c
SHA512 a78b19ff68c3c9a428e8e2aa33fafea6188e43c3494e6860719298df824b45240d95d0207312c5d6c90a7051cfadc37db043c51ffc4ccfd8e9bd8abc189a04c4

C:\Program Files (x86)\Platypus\font\is-24KJQ.tmp

MD5 df7287bb304c07a6513b6199777f3fad
SHA1 f67117bbb95ab08468bdc66272c710350da1d525
SHA256 d4437689cb8ffd7992ed04dfe7740e44545a5cc33623c82263608b474d7cdb4e
SHA512 4477f4fd355da9ad724ea15d8e7dbd0c0c0f3c9515574acf6e1496c028172fdb01bc4d541915497fa004443099b494b90d2b56e5526e11bb0e96a8823c36c287

C:\Program Files (x86)\Platypus\gfx\is-FOOTI.tmp

MD5 eb2eb157f98aa795b291d0dfa79b036a
SHA1 f01ea39494249b9827cb16eea3324a91bfb7dc46
SHA256 4fc581a2dc0c158bc5503d13e790c07ffd845deb54e679ca7726b1dbce93f8cd
SHA512 900409ee7088eef8e6af7edb3793728bae357136b70f191b36348610eba141143a744881a33dd9abfd19161c7d8cc626d8b1fae3f3f14a5f459f64416fcfb0ea

C:\Program Files (x86)\Platypus\gfx\is-2L2H7.tmp

MD5 a4f0d6341176bb7e4c64712777c319aa
SHA1 0dc8fdce7fe9973218eb46d5ac500af57a242ba0
SHA256 3f6d216a3a7549e365d87c7866a870fdd43cdff4278492b296826bb82a2b4a70
SHA512 26811596d5f5d4f12832b7071166ed591e75a103172581eec4a150109eddca99ca8699a29a7021a2d251c078605891ab30fbdb3586fa070c026c564ffdebc298

C:\Program Files (x86)\Platypus\gfx\is-BEEQI.tmp

MD5 066f0d847e7544d6fea3fb9b29091270
SHA1 06dd356fcb4594488ab3363061ac088dca1ff18a
SHA256 a60226cb6ae6ad833c5b266ac78685f18baf61d9eba8f1ff4a26777b00b0fa11
SHA512 e9b5768bf574cd2f8624be57d5af7c35e845110da489b7c61652b037c8552beb06986f50681e6b3c6de5d7a3e0a6d3511e72061d6c19f8dbbb1f4a4ff46636f8

C:\Program Files (x86)\Platypus\gfx\is-DJ2Q6.tmp

MD5 ed14243fa4858d963cd78a174ff15284
SHA1 3c234810f076d0e327f27b89eb37b098492fc271
SHA256 3d48cd70f57bb65f62fc665d7b92406d2bbffc4a1c2388bcdf017bccaf1d921e
SHA512 95c2820eab795ed891a11e53f0bbca55d39c888d133f65fe0b58e8984182a1fab2b2cfdda1de4c7285435aa88589f7479cb5a255cc7bda69a1b7ed4146520b85

C:\Program Files (x86)\Platypus\gfx\is-B1GCS.tmp

MD5 9ea0de365fc6bb22729dd37b2151f6b5
SHA1 640bbe367f780a4d3637bcc3feef5a54dbab2509
SHA256 f5101b9ab7edd0e99cc593dd4337f18b05527f4db4bb1acc9c50e0845b9fdeeb
SHA512 43c9c075eb2b877c10171a1e67c9825f1332a4532e9ed951cbc5b6fbcfc1bcef97bfd730a2532ead81c912bd0c09b5f75621f7d03e0c5ee2db198542af76d6fe

C:\Program Files (x86)\Platypus\gfx\is-V9TSG.tmp

MD5 f06de93a6d1b7f7a872b674a9857a343
SHA1 d0f4c3e9945736e74fce764fa4297c704c7092c1
SHA256 87bd2f636b5b23bd26d2defc689d2dd4bfba363dde52fc95e419f93396ad0ab4
SHA512 212063d0ee3f71b06a5a9e2c48322a5ef2647c5eef36a49fd66af63fc210832ede41e57c27a1234946b585bb188fc039fc133f23e3f1a9632ad41bdeff97c3fd

C:\Program Files (x86)\Platypus\gfx\is-A7RRG.tmp

MD5 e3117cdf4e1e06fd3ea5ee8078967109
SHA1 23f9e7ade12e063d5c960fed10cb287858fff194
SHA256 70be425df2c7f40b40e851cff41b82e6915ab3942fcbcefbe2ab621179000d02
SHA512 a40fc2471a796a34a7c8fc26f6557e9729f2912b416a1098a04b5e3a8f2c77f50c996b3813af44fac4df24b1a35d49dc892cf31b6c5cc354b5d11feb4e0abe9c

C:\Program Files (x86)\Platypus\gfx\is-ETO2A.tmp

MD5 361af4f908593f1419b9d8b531318f65
SHA1 64822ff3eba050aca06af708636866b3c51aaeb7
SHA256 65ae8fb066e6071a3f104cbd47cbbc9a9ec166e3b3cd176cd5a847db9fe3187c
SHA512 d8b52bd45c33fb3020efe6c3ba3bfcd23808dd4f75204bd199648ae09c691f5b53b7c0cf0fd66bfa4d8372dd8f26d3007c253f132d160be5d0f92d03e782a345

C:\Program Files (x86)\Platypus\gfx\is-80MOC.tmp

MD5 bdbe59b518ef3efd4e67e5e9b7c62d09
SHA1 a2caea714d2d901dd6fab20c8e5b13c6b984ac2e
SHA256 25facacecc62172063577a138720bccee0abcbb29a5444c0a431ee42c2348849
SHA512 4ee0594338f4b1ef8ceee774d480b11f6546fe3b5a2c391628a11d01669a55dc92c73ce11302a41394892d13ee4ccfcec80cddd3043c89ccc2542810bb599671

C:\Program Files (x86)\Platypus\gfx\is-66K7G.tmp

MD5 cd80ef00f78835e91fb1efa615094d00
SHA1 ae6c29defe5e89e2e85a89a713e29b5ebf224b6c
SHA256 cce7e267375d8b11b9472700b7ccfc9c090c120b548f534a7cbc0248ed840e49
SHA512 242fff36e9be7b10b373c1d2ec4f08c49cc115f80ffe8ea91f9717392b44f778626c3aef56507659a3aed78ea091675b1efb133cc5c803035b736049c2f76565

C:\Program Files (x86)\Platypus\gfx\is-6OU5O.tmp

MD5 977f551a3749107023378ff615d51ba5
SHA1 341f176f9dfc1d4de7a22c49c58600026d144602
SHA256 174c1d37dac7c7f494beabe3445dac46f0eeb17a921dd6f082c7073a93a7c20f
SHA512 7ed72c951516d0de47f18d986ad1684301deab6cbd35a2bfbeb43ccac3be2bf44060cc3e5fe2d6463ebf61237d4f9183e16df192dade71bcca09239932b75b30

C:\Program Files (x86)\Platypus\gfx\is-QAQMI.tmp

MD5 cde9a3e3f8af4c47b9faf26f45785a25
SHA1 23721cd21b453bdd09897352f3ce0c5ee0d2ff62
SHA256 20eb5aae65091960cad7570f0eb9565f8997a821d90f72513d6ca68605310f18
SHA512 42e4c4807b287a7292c680c5f721134bab42b0450e13e534fd550420510970151ae48878b4abd4e4d67d177f95f8ae862629e92c48d8503d3356e5d264868443

C:\Program Files (x86)\Platypus\sound\is-T3VI1.tmp

MD5 37fd2e53c29277900d6eeaf1cdece58c
SHA1 e9465fffcb261bf8c8d259d6a1bde48c917bbaa2
SHA256 16963e44335315bd23747b7ecb144b9c541eb7e73c1006dc546f189311d1e50b
SHA512 cecce3f29db5ff7d22bd16b8500f3f73b0fcab4fffb0dd3ed52044ece56628547a35ddf542cb251742e4951408e6f0085a13d96d2b46a5c1045de2a408a7dcdf

C:\Program Files (x86)\Platypus\platypus.exe

MD5 d4ad07132b85d4738dccad8f4b3fe50e
SHA1 0d86aed1c85012ce1d650a57d430387621d22db4
SHA256 9a747feba2d5cbdbf75a48c665620b1bacf988f12d72598a88062bc9bd079953
SHA512 fdd02e0b19fab1ca16150ba822ad1f79b244db2d3be84827c6eaf69a575caa951e88b7f9e94b6fd77c1370e60083d4048fec47639cea2568c23be555d07e7ec6

memory/4452-2780-0x0000000000400000-0x00000000004B6000-memory.dmp

memory/4452-2786-0x0000000000400000-0x00000000004B6000-memory.dmp

memory/2684-2789-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Program Files (x86)\Platypus\ReflexiveArcade\RAW_002.wdt

MD5 0a0b92734ed6d1cff15c408f9b97b883
SHA1 6b787f593212ddb3236621ee506716fb3a601aac
SHA256 8a69e953a51f89c32638fe4cd92acf41664b1b3602aec18182aa1cac251e8bdc
SHA512 06960f9423fbc86ffb0424eb4003e2153f823c6a5124e38f2505acb2eb651972000a7767d7c67ff522bd06153ce1e7e1601f615732daf6541e1901e40bb67bba

C:\Program Files (x86)\Platypus\ReflexiveArcade\button_pressed.jpg

MD5 8d0168eb6177e2fa24bf45b4dba37a66
SHA1 ce1891a11a1ec3f46a9e49f50a779746feed6a71
SHA256 f9152e4d9be8ef3bacc7f575dc009eb57315cb68b8c01c60cfb72da0e9134cea
SHA512 ff76224762655102e953258d9541344b0938813257b4af0bfdb392bd366569f052f2e1bb8817a0799f6254324e1b572c252c4ec02c53c3014af05fb1bff47f17

C:\Program Files (x86)\Platypus\ReflexiveArcade\button_hover.jpg

MD5 71a3b22257954b60079415bc3e473342
SHA1 9db7e736c70694ecf2f8e8902085e4325631f43a
SHA256 a119840ddc89081f2670a4a60067cdc3c5943438fe7fddd2dd93d9354fb8bf0a
SHA512 95e0c4ed82efdec5e35c805641b0350d44c8f79c55375dfb901e5857154925ee58d3e9d4d2acf77fe67f4e31a7b4c8edc0434580aace14a7b55d6a3d793766da

C:\Program Files (x86)\Platypus\ReflexiveArcade\button_normal.jpg

MD5 a571a548abab325a279a76c5e7710ff4
SHA1 f25ff50564fdc60144772b86d832eb24ae75954e
SHA256 ee172320592870019b6dbd8affcabbdd337730f2856a555180c4eb9597b06098
SHA512 d91504a329e525f49f4ee6279e959c5d500d308da931373807b4a7bb781d633115981961706bf5682d746593fa4358c32688b4aedc0dc0d53a8cac088d05acf3

C:\Program Files (x86)\Platypus\ReflexiveArcade\Background.jpg

MD5 180c3ffe6c77572a6cc83d6938a8683d
SHA1 f034034125be7dee4b26b411d2a29a844bb556b6
SHA256 102f5ea3471e6ee9302bd06299e907559ec9a553268e3d7e0c1fe93e1742702d
SHA512 644db15e824ae4aa8b52f71d9fba9a699b1bd7d8fa5ee3224431455d7210be685e221088ee0b6764bc9af1151347adbb5702f097bee6c498d8c50e43a7764c9b

C:\Program Files (x86)\Platypus\ReflexiveArcade\RAW_003.wdt

MD5 28fa893ded284fa807abf99e1c0bcd8f
SHA1 bf2ad7f777ba06bde5567c368513e4847a434586
SHA256 09437e51bb2b38af87017810717ad9f0e100d1d0c57ac6aefba82c7a6e64c9ce
SHA512 8c92fbccf4f66fed32d0ebcfdaa57564ea54c9b04e9b3ac09e546147e57124e265c9fdec81bc533098e03ebb6452ef5ec624b5a88bd57b888720870983bac79d

C:\Program Files (x86)\Platypus\ReflexiveArcade\ReflexiveArcade.dll

MD5 2d54b53788bff2c8cca8621b69a29fba
SHA1 9ce8b9509c748d63961eb12e394397d9727a8f88
SHA256 32959b4bce18fb51a670cab372573f069ef9f77796e8eee78432f0970d4eb0d7
SHA512 95a437b128b60b9992f8dd8ff882805e9b90117acd11326d218857aac42cb9f8d010d8634e6cd3825dd9728f587775093a3a6260c0d74b52c668ebcea1a44299

C:\Program Files (x86)\Platypus\ReflexiveArcade\Arcade.DAT

MD5 88e9fea9708bd39c345629fe036723b0
SHA1 d8cffe33f450be7845c2982d5bda4b28de9cb2bf
SHA256 ba0f157c5e2c323533bd4b4b82fa641cc1791594325a7298d5b7da200b029347
SHA512 278ae80bee113d1c03637ff5a33b90929e547336bf7132cd1e3f97034d8abb59230aa1d148cdcc438382d5a25b93718d71b1459def03a3967ddaedc603ff0b2d

C:\Program Files (x86)\Platypus\ReflexiveArcade\RAW_004.wdt

MD5 e5f2f093f920adf60dcece1b3f5fdb53
SHA1 bd94a18f4e3227624427dba13d213a4e7cffae1c
SHA256 3b7686d01082c136b10b3638db3c9d192ac728d2d4bd3e33ef78a916ea4d23a7
SHA512 3de0e6ac4c10d5ddab38b0dec0499be065405c6e2db33059a547b0c571652b8e2e5095162a44d2acc3268d18003cc11cf00e90d245523c3127643c529f5975fe

C:\Program Files (x86)\Platypus\platypus.RWG

MD5 a3712158edbc7c52dca2de546e2f4abc
SHA1 2d2d41bdd3e9895e4b74c0374964de8c00048607
SHA256 0fe5e7fa5fd16a21cd7715dedfb99f04a1b044f9946dd42ad36af3dd5d33ee57
SHA512 23212e69d445f834f44af25ed4ce0a34ee8b0f7823cfed6a38a882835664cf595a3619a65d77b5703ed5296b40e34af308206247ea81d89268e878109781bb3b