Malware Analysis Report

2024-11-30 12:58

Sample ID 240810-zdm3zsxanp
Target source_prepared.exe
SHA256 772350f2ab22dafbfa611f119a1e6be5bb112b74e765b5b2aef68ff9bd3c8c77
Tags
pyinstaller pysilon evasion execution persistence upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

772350f2ab22dafbfa611f119a1e6be5bb112b74e765b5b2aef68ff9bd3c8c77

Threat Level: Known bad

The file source_prepared.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller pysilon evasion execution persistence upx

Detect Pysilon

Pysilon family

Enumerates VirtualBox DLL files

Command and Scripting Interpreter: PowerShell

Sets file to hidden

Loads dropped DLL

Executes dropped EXE

UPX packed file

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Unsigned PE

Detects Pyinstaller

Views/modifies file attributes

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Kills process with taskkill

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-10 20:36

Signatures

Detect Pysilon

Description Indicator Process Target
N/A N/A N/A N/A

Pysilon family

pysilon

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-10 20:36

Reported

2024-08-10 20:38

Platform

win11-20240802-en

Max time kernel

110s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

Signatures

Enumerates VirtualBox DLL files

Description Indicator Process Target
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\Wave\WavePaid.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\Wave\WavePaid.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Wave\WavePaid.exe N/A
N/A N/A C:\Users\Admin\Wave\WavePaid.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WavePaid = "C:\\Users\\Admin\\Wave\\WavePaid.exe" C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Wave\WavePaid.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Wave\WavePaid.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Wave\WavePaid.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2784 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
PID 2784 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
PID 3856 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3856 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3856 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 3856 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 4952 wrote to memory of 3144 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 4952 wrote to memory of 3144 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 4952 wrote to memory of 3892 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\Wave\WavePaid.exe
PID 4952 wrote to memory of 3892 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\Wave\WavePaid.exe
PID 4952 wrote to memory of 3760 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4952 wrote to memory of 3760 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3892 wrote to memory of 3924 N/A C:\Users\Admin\Wave\WavePaid.exe C:\Users\Admin\Wave\WavePaid.exe
PID 3892 wrote to memory of 3924 N/A C:\Users\Admin\Wave\WavePaid.exe C:\Users\Admin\Wave\WavePaid.exe
PID 3924 wrote to memory of 4636 N/A C:\Users\Admin\Wave\WavePaid.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3924 wrote to memory of 4636 N/A C:\Users\Admin\Wave\WavePaid.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004E4

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Wave\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\Wave\activate.bat

C:\Windows\system32\attrib.exe

attrib +s +h .

C:\Users\Admin\Wave\WavePaid.exe

"WavePaid.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "source_prepared.exe"

C:\Users\Admin\Wave\WavePaid.exe

"WavePaid.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Wave\""

Network

Country Destination Domain Proto
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.138.232:443 discord.com tcp
US 162.159.136.232:443 discord.com tcp
N/A 127.0.0.1:52832 tcp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.136.159.162.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI27842\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI27842\setuptools\_vendor\jaraco.text-3.12.1.dist-info\LICENSE

MD5 141643e11c48898150daa83802dbc65f
SHA1 0445ed0f69910eeaee036f09a39a13c6e1f37e12
SHA256 86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741
SHA512 ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f

C:\Users\Admin\AppData\Local\Temp\_MEI27842\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

MD5 43136dde7dd276932f6197bb6d676ef4
SHA1 6b13c105452c519ea0b65ac1a975bd5e19c50122
SHA256 189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714
SHA512 e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

C:\Users\Admin\AppData\Local\Temp\_MEI27842\python312.dll

MD5 eb02b8268d6ea28db0ea71bfe24b15d6
SHA1 86f723fcc4583d7d2bd59ca2749d4b3952cd65a5
SHA256 80222651a93099a906be55044024d32e93b841c83554359d6e605d50d11e2e70
SHA512 693bbc3c896ad3c6044c832597f946c778e6c6192def3d662803e330209ec1c68d8d33bd82978279ae66b264a892a366183dcef9a3a777e0a6ee450a928268e2

C:\Users\Admin\AppData\Local\Temp\_MEI27842\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

memory/3856-1366-0x00007FFA34EB0000-0x00007FFA35575000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI27842\_ctypes.pyd

MD5 fa360b7044312e7404704e1a485876d2
SHA1 6ea4aad0692c016c6b2284db77d54d6d1fc63490
SHA256 f06c3491438f6685938789c319731ddf64ba1da02cd71f43ab8829af0e3f4e2f
SHA512 db853c338625f3e04b01b049b0cb22bdaed4e785eb43696aeda71b558f0f58113446a96a3e5356607335435ee8c78069ce8c1bcdb580d00fd4baacbec97a4b6a

C:\Users\Admin\AppData\Local\Temp\_MEI27842\python3.DLL

MD5 8dbe9bbf7118f4862e02cd2aaf43f1ab
SHA1 935bc8c5cea4502d0facf0c49c5f2b9c138608ed
SHA256 29f173e0147390a99f541ba0c0231fdd7dfbca84d0e2e561ef352bf1ec72f5db
SHA512 938f8387dcc356012ac4a952d371664700b110f7111fcc24f5df7d79791ae95bad0dbaf77d2d6c86c820bfd48a6bdbe8858b7e7ae1a77df88e596556c7135ed4

C:\Users\Admin\AppData\Local\Temp\_MEI27842\_bz2.pyd

MD5 82e4f19c1e53ee3e46913d4df0550af7
SHA1 283741406ecf64ab64df1d6d46558edd1abe2b03
SHA256 78208da0890aafc68999c94ac52f1d5383ea75364eaf1a006d8b623abe0a6bf0
SHA512 3fd8377d5f365499944a336819684e858534c8a23b8b24882f441318ec305e444e09125a0c0aedc10e31dbf94db60b8e796b03b9e36adbad37ab19c7724f36ee

C:\Users\Admin\AppData\Local\Temp\_MEI27842\libffi-8.dll

MD5 08b000c3d990bc018fcb91a1e175e06e
SHA1 bd0ce09bb3414d11c91316113c2becfff0862d0d
SHA256 135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece
SHA512 8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf

C:\Users\Admin\AppData\Local\Temp\_MEI27842\sqlite3.dll

MD5 68b435a35f9dcbc10b3cd4b30977b0bd
SHA1 9726ef574ca9bda8ec9ab85a5b97adcdf148a41f
SHA256 240d6d3efac25af08fe41a60e181f8fdcb6f95da53b3fad54b0f96680e7a8277
SHA512 8e133b72bd3776f961258793c2b82d2cd536c7ae0ed0241daa2f67d90a6968f563b72f74a1c33d9bdfb821b796612faa7a73a712369ff3b36d968e57bfcdd793

C:\Users\Admin\AppData\Local\Temp\_MEI27842\_hashlib.pyd

MD5 3a4a3a99a4a4adaf60b9faaf6a3edbda
SHA1 a55ea560accd3b11700e2e2600dc1c6e08341e2f
SHA256 26eed7aac1c142a83a236c5b35523a0922f14d643f6025dc3886398126dae492
SHA512 cb7d298e5e55d2bf999160891d6239afdc15ada83cd90a54fda6060c91a4e402909a4623dcaa9a87990f2af84d6eb8a51e919c45060c5e90511cd4aadb1cdb36

memory/3856-1424-0x00007FFA4BA80000-0x00007FFA4BA94000-memory.dmp

memory/3856-1425-0x00007FFA411B0000-0x00007FFA416D9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI27842\libcrypto-3.dll

MD5 7f1b899d2015164ab951d04ebb91e9ac
SHA1 1223986c8a1cbb57ef1725175986e15018cc9eab
SHA256 41201d2f29cf3bc16bf32c8cecf3b89e82fec3e5572eb38a578ae0fb0c5a2986
SHA512 ca227b6f998cacca3eb6a8f18d63f8f18633ab4b8464fb8b47caa010687a64516181ad0701c794d6bfe3f153662ea94779b4f70a5a5a94bb3066d8a011b4310d

C:\Users\Admin\AppData\Local\Temp\_MEI27842\_wmi.pyd

MD5 fa4fc5243e885a0a5e7b3742244ce4fd
SHA1 b089c40f7e0b673365af8e66278547de6618b3a4
SHA256 f005905cd3776ed8ca6fb049d54ae98aabb19f423f5e54efb0aa7201e80d1b16
SHA512 22ca379c5759d3d569238baaec466330fac0dace28e6474439e761ae3d5a8191216b607e63767a2634209477e60a6cc4ec56dce3cb1afed3eb8b9a590af6cea5

C:\Users\Admin\AppData\Local\Temp\_MEI27842\_uuid.pyd

MD5 8f5402bb6aac9c4ff9b4ce5ac3f0f147
SHA1 87207e916d0b01047b311d78649763d6e001c773
SHA256 793e44c75e7d746af2bb5176e46c454225f07cb27b1747f1b83d1748d81ad9ac
SHA512 65fdef32aeba850aa818a8c8bf794100725a9831b5242350e6c04d0bca075762e1b650f19c437a17b150e9fca6ad344ec4141a041fa12b5a91652361053c7e81

C:\Users\Admin\AppData\Local\Temp\_MEI27842\_tkinter.pyd

MD5 81ccc49a344eb0d332f0b1da9c9f3ddb
SHA1 59a8e41a03eec92f65c44e288e32497aebbd8bc6
SHA256 7f1acba0744ebbd10d67d6cc4ee1a4e8a67ff6e53c7d663e0a5ef0bc7f0bb90c
SHA512 c66d015130e518ef05d7300dff8ad69ec8290a38ffbb5155de539d0b800091f67be7787905ebe7c46ba04d4160aec7825e05fa14e58a517c44083d3f15ce5bb5

C:\Users\Admin\AppData\Local\Temp\_MEI27842\_ssl.pyd

MD5 e33bf2bc6c19bf37c3cc8bac6843d886
SHA1 6701a61d74f50213b141861cfd169452dde22655
SHA256 e3532d3f8c5e54371f827b9e6d0fee175ad0b2b17e25c26fdfb4efd5126b7288
SHA512 3526bcb97ad34f2e0c6894ee4cd6a945116f8af5c20c5807b9be877eb6ea9f20e571610d30d3e3b7391b23ddcd407912232796794277a3c4545cbcb2c5f8ed6f

C:\Users\Admin\AppData\Local\Temp\_MEI27842\_sqlite3.pyd

MD5 5f31f58583d2d1f7cb54db8c777d2b1e
SHA1 494587d2b9e993f2e5398d1c745732ef950e43b6
SHA256 fad9ffcd3002cec44c3da9d7d48ce890d6697c0384b4c7dacab032b42a5ac186
SHA512 8a4ec67d7ad552e8adea629151665f6832fc77c5d224e0eefe90e3aec62364a7c3d7d379a6d7b91de0f9e48af14f166e3b156b4994afe7879328e0796201c8ea

C:\Users\Admin\AppData\Local\Temp\_MEI27842\_socket.pyd

MD5 da0dc29c413dfb5646d3d0818d875571
SHA1 adcd7ecd1581bcd0da48bd7a34feccada0b015d6
SHA256 c3365ad1fee140b4246f06de805422762358a782757b308f796e302fe0f5aaf8
SHA512 17a0c09e2e18a984fd8fc4861397a5bd4692bcd3b66679255d74bb200ee9258fb4677b36d1eaa4bd650d84e54d18b8d95a05b34d0484bd9d8a2b6ab36ffffcdb

C:\Users\Admin\AppData\Local\Temp\_MEI27842\_queue.pyd

MD5 326e66d3cf98d0fa1db2e4c9f1d73e31
SHA1 6ace1304d4cb62d107333c3274e6246136ab2305
SHA256 bf6a8c5872d995edab5918491fa8721e7d1b730f66c8404ee760c1e30cb1f40e
SHA512 d7740693182040d469e93962792b3e706730c2f529ab39f7d9d7adab2e3805bb35d65dc8bb2bd264da9d946f08d9c8a563342d5cb5774d73709ae4c8a3de621c

C:\Users\Admin\AppData\Local\Temp\_MEI27842\_overlapped.pyd

MD5 b310c60f224ba252785f9eb13d7fae53
SHA1 cc798637921f98ba5c7e03bf4bc1a4ff9ce32397
SHA256 62556acabdd17454354c488f6fedb2efaf27da0ffb0d3bb9d08b051e6f64e82a
SHA512 fbbf90ae8ab150285d0d0b289a620d047258d25590d29f7b538474a3c67e9eab598889fd32ffced365a4d92003a2fe505814361854048b93f302fba28d61200c

C:\Users\Admin\AppData\Local\Temp\_MEI27842\_multiprocessing.pyd

MD5 3f990241643fc6f940e8c383046dd491
SHA1 3182c37d09b90af612dcd225e6a53163c1c09bb1
SHA256 971f14a5b83b9e5dcc4b1379a43fdbb112de0b5a902d0455a69cc5ca6b1e5785
SHA512 35e5057fe916639378698363507f47a718e1caea25417835da97fd8138f15b8fa78a42e0a93fdbd9b8352414a1f8fa5273440a4b8cf78eccdd68357c7a94e894

C:\Users\Admin\AppData\Local\Temp\_MEI27842\_elementtree.pyd

MD5 7fa4283e02e5df8440e5bab00734daec
SHA1 d65be448b03419e12358479a6d9f0204e78f6c7d
SHA256 9bef538ecf64b57bdf3b3276708cc05930d402891618b46e73a5c31490f22469
SHA512 c37cbea70416798db586c5cac7174b72ab47c90b2740b4b2c49cd875455f2bf5b733f700cf7610b69e7f9de9454860266df6966bfb734a552e1c8f4a2515197b

C:\Users\Admin\AppData\Local\Temp\_MEI27842\_decimal.pyd

MD5 b7012443c9c31ffd3aed70fe89aa82a0
SHA1 420511f6515139da1610de088eaaaf39b8aad987
SHA256 3b92d5ca6268a5ad0e92e5e403c621c56b17933def9d8c31e69ab520c30930d9
SHA512 ec422b0bee30fd0675d38888f056c50ca6955788d89c2a6448ddc30539656995627cf548e1b3aa2c4a77f2349b297c466af8942f8133ef4e2dfb706c8c1785e9

C:\Users\Admin\AppData\Local\Temp\_MEI27842\_cffi_backend.cp312-win_amd64.pyd

MD5 b5ccf24f6f4b6bcf04e275712618a19a
SHA1 634cbb2b8fdf54d341b1a339a64d414dc7ef861e
SHA256 90aabbf83f31cae03a3b114ebdb3dcf28aa985600feee9eb348bb6e6fd670a61
SHA512 fcb377ac36152369ace3ef2962a3044eaded19ff3f9b18c448c41e48a5229a2bebda5df186142089b14c177b9bac6ee0409094774b75e29d5b16fb5f0f2f89e0

C:\Users\Admin\AppData\Local\Temp\_MEI27842\_asyncio.pyd

MD5 b0f2c9aa84b94aa8572393fa8003311c
SHA1 8f5d9a6eb734684adf77fb1f7f821490818010c3
SHA256 8ff2bcc6c6a877596dad57751fab926297fdafe4adc5222943163e683fab4d72
SHA512 2a725aa42b00d7cf44c285ce790e65b6a0eca322011ceb72be0ab1522667a134d523f4bb3a76a522f5913a6c62a09984cfb4873e587bc8564263671ade945434

C:\Users\Admin\AppData\Local\Temp\_MEI27842\zlib1.dll

MD5 ee06185c239216ad4c70f74e7c011aa6
SHA1 40e66b92ff38c9b1216511d5b1119fe9da6c2703
SHA256 0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466
SHA512 baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

C:\Users\Admin\AppData\Local\Temp\_MEI27842\VCRUNTIME140_1.dll

MD5 f8dfa78045620cf8a732e67d1b1eb53d
SHA1 ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256 a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
SHA512 ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

C:\Users\Admin\AppData\Local\Temp\_MEI27842\unicodedata.pyd

MD5 6dd43e115402d9e1c7cd6f21d47cfcf5
SHA1 c7fb8f33f25b0b75fc05ef0785622aa4ec09503c
SHA256 2a00f41bbc3680807042fc258f63519105220053fb2773e7d35480515fad9233
SHA512 72e266eb1ce5cbbcfd1d2a6f864538efd80b3ed844e003e2bd9566708fee0919447290a3b559ea27c32794f97a629a8fe8fc879654ffa609fca5c053dac70c69

C:\Users\Admin\AppData\Local\Temp\_MEI27842\tk86t.dll

MD5 c33191c40eafd44532eb2d68fa670765
SHA1 a44b786d8c716f574d04dfcb0e1c729b68348d60
SHA256 ff93ffd200748ad93077a7eb36785e250d3defd283e0dd8182ac80c24c9ea3c6
SHA512 a2096685c1516c936c2a2b894c1ebd74e7100aa83710f412b833eb6a4c33cd98f5bf06207c36c6209eafc0084df36e81febf4aaf1e46438fb7985ea9568cd84f

C:\Users\Admin\AppData\Local\Temp\_MEI27842\tcl86t.dll

MD5 c0e0e8b121c5b9ccc3f5102332bacff1
SHA1 2a16f8c6c5143cb70bf249f868d0b71a7b6a2116
SHA256 64aadb6388329d7d3387718fdad5d7591b7b091981c60865a44a4f7ec57c2705
SHA512 290d538f7906ecf71302ffa65335bc8f9509a25d7e0ea73a9e955e833db539b7810818b663f82aa0cc4703e6f283e3dadc2e3630dd83a204e21dc064c2ebdff1

C:\Users\Admin\AppData\Local\Temp\_MEI27842\SDL2_ttf.dll

MD5 eb0ce62f775f8bd6209bde245a8d0b93
SHA1 5a5d039e0c2a9d763bb65082e09f64c8f3696a71
SHA256 74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a
SHA512 34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

C:\Users\Admin\AppData\Local\Temp\_MEI27842\SDL2_mixer.dll

MD5 b7b45f61e3bb00ccd4ca92b2a003e3a3
SHA1 5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc
SHA256 1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095
SHA512 d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

C:\Users\Admin\AppData\Local\Temp\_MEI27842\SDL2_image.dll

MD5 25e2a737dcda9b99666da75e945227ea
SHA1 d38e086a6a0bacbce095db79411c50739f3acea4
SHA256 22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c
SHA512 63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

C:\Users\Admin\AppData\Local\Temp\_MEI27842\SDL2.dll

MD5 ec3c1d17b379968a4890be9eaab73548
SHA1 7dbc6acee3b9860b46c0290a9b94a344d1927578
SHA256 aaa11e97c3621ed680ff2388b91acb394173b96a6e8ffbf3b656079cd00a0b9f
SHA512 06a7880ec80174b48156acd6614ab42fb4422cd89c62d11a7723a3c872f213bfc6c1006df8bdc918bb79009943d2b65c6a5c5e89ad824d1a940ddd41b88a1edb

C:\Users\Admin\AppData\Local\Temp\_MEI27842\pyexpat.pyd

MD5 6810aa3025fd93097754a065bc79b33c
SHA1 1eab6b78c7e9d16183e6c11ed7e7a735f864b459
SHA256 a78bcf88e566f9ccf8861fa5be8036b2a6e457945b79bfca24358e92ef30cd6a
SHA512 a24fc0293c671c27e53ae4094d53919f87300d6da0b06001ce7909276aa5202050ec5f3c34ce56af9bb44ad13c85b3e5a3457b4fe069c208cea0112f2333aae6

C:\Users\Admin\AppData\Local\Temp\_MEI27842\portmidi.dll

MD5 0df0699727e9d2179f7fd85a61c58bdf
SHA1 82397ee85472c355725955257c0da207fa19bf59
SHA256 97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61
SHA512 196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd

C:\Users\Admin\AppData\Local\Temp\_MEI27842\libwebp-7.dll

MD5 b0dd211ec05b441767ea7f65a6f87235
SHA1 280f45a676c40bd85ed5541ceb4bafc94d7895f3
SHA256 fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e
SHA512 eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff

C:\Users\Admin\AppData\Local\Temp\_MEI27842\libtiff-5.dll

MD5 ebad1fa14342d14a6b30e01ebc6d23c1
SHA1 9c4718e98e90f176c57648fa4ed5476f438b80a7
SHA256 4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca
SHA512 91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24

C:\Users\Admin\AppData\Local\Temp\_MEI27842\libssl-3.dll

MD5 264be59ff04e5dcd1d020f16aab3c8cb
SHA1 2d7e186c688b34fdb4c85a3fce0beff39b15d50e
SHA256 358b59da9580e7102adfc1be9400acea18bc49474db26f2f8bacb4b8839ce49d
SHA512 9abb96549724affb2e69e5cb2c834ecea3f882f2f7392f2f8811b8b0db57c5340ab21be60f1798c7ab05f93692eb0aeab077caf7e9b7bb278ad374ff3c52d248

C:\Users\Admin\AppData\Local\Temp\_MEI27842\libpng16-16.dll

MD5 55009dd953f500022c102cfb3f6a8a6c
SHA1 07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb
SHA256 20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2
SHA512 4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

C:\Users\Admin\AppData\Local\Temp\_MEI27842\libopusfile-0.dll

MD5 2d5274bea7ef82f6158716d392b1be52
SHA1 ce2ff6e211450352eec7417a195b74fbd736eb24
SHA256 6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5
SHA512 9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a

C:\Users\Admin\AppData\Local\Temp\_MEI27842\libmodplug-1.dll

MD5 2bb2e7fa60884113f23dcb4fd266c4a6
SHA1 36bbd1e8f7ee1747c7007a3c297d429500183d73
SHA256 9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b
SHA512 1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

C:\Users\Admin\AppData\Local\Temp\_MEI27842\libjpeg-9.dll

MD5 c22b781bb21bffbea478b76ad6ed1a28
SHA1 66cc6495ba5e531b0fe22731875250c720262db1
SHA256 1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd
SHA512 9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

C:\Users\Admin\AppData\Local\Temp\_MEI27842\freetype.dll

MD5 04a9825dc286549ee3fa29e2b06ca944
SHA1 5bed779bf591752bb7aa9428189ec7f3c1137461
SHA256 50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde
SHA512 0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

memory/3856-1382-0x00007FFA4AC30000-0x00007FFA4AC5D000-memory.dmp

memory/3856-1381-0x00007FFA4BB40000-0x00007FFA4BB5A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI27842\_lzma.pyd

MD5 bad668bbf4f0d15429f66865af4c117b
SHA1 2a85c44d2e6aa09ce6c11f2d548b068c20b7b7f8
SHA256 45b1fcdf4f3f97f9881aaa98b00046c4045b897f4095462c0bc4631dbadac486
SHA512 798470b87f5a91b9345092593fc40c08ab36f1684eee77654d4058b37b62b40ec0deb4ac36d9be3bb7f69adfdf207bf150820cdbc27f98b0fa718ec394da7c51

memory/3856-1379-0x00007FFA4FDE0000-0x00007FFA4FDEF000-memory.dmp

memory/3856-1378-0x00007FFA4AC60000-0x00007FFA4AC85000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI27842\select.pyd

MD5 33722c8cd45091d31aef81d8a1b72fa8
SHA1 e9043d440235d244ff9934e9694c5550cae2d5ab
SHA256 366fca0b27a34835129086c8cde1e75c309849e37091db4adeda1be508f2ee12
SHA512 74217abec2727baaa5138e1b1c4bac7d0ca574cf5a377396fc1ca0d3c07beb8aaa374e8060d2b5f707426312c11e0a34527ee0190e979e996f3b822efa24852f

C:\Users\Admin\AppData\Local\Temp\_MEI27842\libopus-0.x64.dll

MD5 e56f1b8c782d39fd19b5c9ade735b51b
SHA1 3d1dc7e70a655ba9058958a17efabe76953a00b4
SHA256 fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732
SHA512 b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

C:\Users\Admin\AppData\Local\Temp\_MEI27842\libopus-0.dll

MD5 3fb9d9e8daa2326aad43a5fc5ddab689
SHA1 55523c665414233863356d14452146a760747165
SHA256 fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491
SHA512 f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

C:\Users\Admin\AppData\Local\Temp\_MEI27842\libogg-0.dll

MD5 0d65168162287df89af79bb9be79f65b
SHA1 3e5af700b8c3e1a558105284ecd21b73b765a6dc
SHA256 2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24
SHA512 69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

C:\Users\Admin\AppData\Local\Temp\_MEI27842\base_library.zip

MD5 763d1a751c5d47212fbf0caea63f46f5
SHA1 845eaa1046a47b5cf376b3dbefcf7497af25f180
SHA256 378a4b40f4fa4a8229c93e0afee819085251af03402ccefa3b469651e50e60b7
SHA512 bb356dd610e6035f4002671440ce96624addf9a89fd952a6419647a528a551a6ccd0eca0ee2eeb080d9aad683b5afc9415c721fa62c3bcddcb7f1923f59d9c45

memory/3856-1429-0x00007FFA4AC20000-0x00007FFA4AC2D000-memory.dmp

memory/3856-1428-0x00007FFA4ACE0000-0x00007FFA4ACF9000-memory.dmp

memory/3856-1431-0x00007FFA46FF0000-0x00007FFA47023000-memory.dmp

memory/3856-1433-0x00007FFA34EB0000-0x00007FFA35575000-memory.dmp

memory/3856-1434-0x00007FFA465B0000-0x00007FFA4667D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI27842\charset_normalizer\md.cp312-win_amd64.pyd

MD5 ea68b13d83a5c7521453120dd7bd4dfc
SHA1 182d77f89ceb44b524b9d53d6480343f9670fc9c
SHA256 c3d31f8842c002085e2d7aa43856c2297d6740f70450c2c4bf80dc1d8360cbc7
SHA512 41d3eddc57ee9c643ab28a6e0286cd39c2724a9d1bdf24d75d1dd3ec7900396768e6afa4702272b051627855bdcb12fac8d8834d1d1ddf1638c769c89c2b488d

memory/3856-1441-0x00007FFA46FC0000-0x00007FFA46FE7000-memory.dmp

memory/3856-1440-0x00007FFA46490000-0x00007FFA465AA000-memory.dmp

memory/3856-1439-0x00007FFA49AA0000-0x00007FFA49AAB000-memory.dmp

memory/3856-1438-0x00007FFA49AB0000-0x00007FFA49ABD000-memory.dmp

memory/3856-1442-0x00007FFA411B0000-0x00007FFA416D9000-memory.dmp

memory/3856-1461-0x00007FFA46D10000-0x00007FFA46D1C000-memory.dmp

memory/3856-1460-0x00007FFA4BA80000-0x00007FFA4BA94000-memory.dmp

memory/3856-1459-0x00007FFA46470000-0x00007FFA46482000-memory.dmp

memory/3856-1458-0x00007FFA46D20000-0x00007FFA46D2D000-memory.dmp

memory/3856-1457-0x00007FFA46D30000-0x00007FFA46D3C000-memory.dmp

memory/3856-1456-0x00007FFA46F90000-0x00007FFA46F9B000-memory.dmp

memory/3856-1455-0x00007FFA46D40000-0x00007FFA46D4C000-memory.dmp

memory/3856-1454-0x00007FFA46D50000-0x00007FFA46D5B000-memory.dmp

memory/3856-1453-0x00007FFA46D60000-0x00007FFA46D6B000-memory.dmp

memory/3856-1452-0x00007FFA46D70000-0x00007FFA46D7C000-memory.dmp

memory/3856-1451-0x00007FFA46D80000-0x00007FFA46D8E000-memory.dmp

memory/3856-1450-0x00007FFA46D90000-0x00007FFA46D9C000-memory.dmp

memory/3856-1449-0x00007FFA46DA0000-0x00007FFA46DAC000-memory.dmp

memory/3856-1448-0x00007FFA46EC0000-0x00007FFA46ECB000-memory.dmp

memory/3856-1447-0x00007FFA46F50000-0x00007FFA46F5C000-memory.dmp

memory/3856-1446-0x00007FFA46F60000-0x00007FFA46F6B000-memory.dmp

memory/3856-1445-0x00007FFA46F70000-0x00007FFA46F7C000-memory.dmp

memory/3856-1444-0x00007FFA46F80000-0x00007FFA46F8B000-memory.dmp

memory/3856-1443-0x00007FFA46FB0000-0x00007FFA46FBF000-memory.dmp

memory/3856-1464-0x00007FFA46410000-0x00007FFA46424000-memory.dmp

memory/3856-1463-0x00007FFA46430000-0x00007FFA46442000-memory.dmp

memory/3856-1462-0x00007FFA46450000-0x00007FFA46466000-memory.dmp

memory/3856-1466-0x00007FFA463E0000-0x00007FFA46402000-memory.dmp

memory/3856-1465-0x00007FFA46FF0000-0x00007FFA47023000-memory.dmp

memory/3856-1471-0x00007FFA46190000-0x00007FFA461A1000-memory.dmp

memory/3856-1470-0x00007FFA461B0000-0x00007FFA461FD000-memory.dmp

memory/3856-1469-0x00007FFA46310000-0x00007FFA46329000-memory.dmp

memory/3856-1468-0x00007FFA463B0000-0x00007FFA463C7000-memory.dmp

memory/3856-1467-0x00007FFA465B0000-0x00007FFA4667D000-memory.dmp

memory/3856-1472-0x00007FFA46490000-0x00007FFA465AA000-memory.dmp

memory/3856-1473-0x00007FFA46170000-0x00007FFA4618E000-memory.dmp

memory/3856-1479-0x00007FFA423D0000-0x00007FFA423FE000-memory.dmp

memory/3856-1478-0x00007FFA46FB0000-0x00007FFA46FBF000-memory.dmp

memory/3856-1477-0x00007FFA428F0000-0x00007FFA42919000-memory.dmp

memory/3856-1476-0x00007FFA460D0000-0x00007FFA46108000-memory.dmp

memory/3856-1475-0x00007FFA46110000-0x00007FFA4616D000-memory.dmp

memory/3856-1474-0x00007FFA46FC0000-0x00007FFA46FE7000-memory.dmp

memory/3856-1481-0x00007FFA34B60000-0x00007FFA34CDF000-memory.dmp

memory/3856-1480-0x00007FFA423A0000-0x00007FFA423C4000-memory.dmp

memory/3856-1487-0x00007FFA42370000-0x00007FFA4237C000-memory.dmp

memory/3856-1486-0x00007FFA42380000-0x00007FFA4238B000-memory.dmp

memory/3856-1485-0x00007FFA42390000-0x00007FFA4239C000-memory.dmp

memory/3856-1484-0x00007FFA42BC0000-0x00007FFA42BCB000-memory.dmp

memory/3856-1483-0x00007FFA42E20000-0x00007FFA42E2B000-memory.dmp

memory/3856-1482-0x00007FFA460B0000-0x00007FFA460C8000-memory.dmp

memory/3856-1494-0x00007FFA461B0000-0x00007FFA461FD000-memory.dmp

memory/3856-1506-0x00007FFA41090000-0x00007FFA4109C000-memory.dmp

memory/3856-1505-0x00007FFA423A0000-0x00007FFA423C4000-memory.dmp

memory/3856-1504-0x00007FFA410A0000-0x00007FFA410B2000-memory.dmp

memory/3856-1503-0x00007FFA34B60000-0x00007FFA34CDF000-memory.dmp

memory/3856-1502-0x00007FFA410C0000-0x00007FFA410CD000-memory.dmp

memory/3856-1501-0x00007FFA410D0000-0x00007FFA410DC000-memory.dmp

memory/3856-1500-0x00007FFA423D0000-0x00007FFA423FE000-memory.dmp

memory/3856-1499-0x00007FFA428F0000-0x00007FFA42919000-memory.dmp

memory/3856-1498-0x00007FFA41100000-0x00007FFA4110C000-memory.dmp

memory/3856-1497-0x00007FFA41110000-0x00007FFA4111B000-memory.dmp

memory/3856-1496-0x00007FFA41120000-0x00007FFA4112B000-memory.dmp

memory/3856-1495-0x00007FFA41130000-0x00007FFA4113C000-memory.dmp

memory/3856-1493-0x00007FFA463B0000-0x00007FFA463C7000-memory.dmp

memory/3856-1492-0x00007FFA41150000-0x00007FFA4115C000-memory.dmp

memory/3856-1491-0x00007FFA41140000-0x00007FFA4114E000-memory.dmp

memory/3856-1490-0x00007FFA418A0000-0x00007FFA418AC000-memory.dmp

memory/3856-1489-0x00007FFA42360000-0x00007FFA4236B000-memory.dmp

memory/3856-1488-0x00007FFA463E0000-0x00007FFA46402000-memory.dmp

memory/3856-1507-0x00007FFA3C3F0000-0x00007FFA3C426000-memory.dmp

memory/3856-1508-0x00007FFA34880000-0x00007FFA34B60000-memory.dmp

memory/3856-1509-0x00007FFA32780000-0x00007FFA34873000-memory.dmp

memory/3856-1512-0x00007FFA326E0000-0x00007FFA32779000-memory.dmp

memory/3856-1511-0x00007FFA3B460000-0x00007FFA3B481000-memory.dmp

memory/3856-1510-0x00007FFA3C3D0000-0x00007FFA3C3E7000-memory.dmp

memory/3856-1521-0x00007FFA32620000-0x00007FFA326D2000-memory.dmp

memory/3856-1520-0x00007FFA35670000-0x00007FFA3568C000-memory.dmp

memory/3856-1519-0x00007FFA3B0D0000-0x00007FFA3B0E9000-memory.dmp

memory/3856-1518-0x00007FFA35650000-0x00007FFA35664000-memory.dmp

memory/3856-1517-0x00007FFA3B160000-0x00007FFA3B17A000-memory.dmp

memory/3856-1516-0x00007FFA35690000-0x00007FFA356D1000-memory.dmp

memory/3856-1515-0x00007FFA39DE0000-0x00007FFA39E11000-memory.dmp

memory/3856-1514-0x00007FFA3B180000-0x00007FFA3B1B0000-memory.dmp

memory/3856-1513-0x00007FFA3B1B0000-0x00007FFA3B1D2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_epnlnve4.ysd.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3856-1587-0x00007FFA461B0000-0x00007FFA461FD000-memory.dmp

memory/3856-1586-0x00007FFA46310000-0x00007FFA46329000-memory.dmp

memory/3856-1561-0x00007FFA46FC0000-0x00007FFA46FE7000-memory.dmp

memory/3856-1558-0x00007FFA465B0000-0x00007FFA4667D000-memory.dmp

memory/3856-1557-0x00007FFA46FF0000-0x00007FFA47023000-memory.dmp

memory/3856-1555-0x00007FFA4ACE0000-0x00007FFA4ACF9000-memory.dmp

memory/3856-1554-0x00007FFA411B0000-0x00007FFA416D9000-memory.dmp

memory/3856-1552-0x00007FFA4AC30000-0x00007FFA4AC5D000-memory.dmp

memory/3856-1548-0x00007FFA34EB0000-0x00007FFA35575000-memory.dmp

memory/3856-1585-0x00007FFA463B0000-0x00007FFA463C7000-memory.dmp

memory/3856-1584-0x00007FFA463E0000-0x00007FFA46402000-memory.dmp

memory/3856-1582-0x00007FFA46430000-0x00007FFA46442000-memory.dmp

memory/3856-1581-0x00007FFA46450000-0x00007FFA46466000-memory.dmp

memory/3856-1578-0x00007FFA46D20000-0x00007FFA46D2D000-memory.dmp

memory/3856-1571-0x00007FFA46D90000-0x00007FFA46D9C000-memory.dmp

memory/3856-1565-0x00007FFA46F80000-0x00007FFA46F8B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI38922\setuptools\_vendor\importlib_resources-6.4.0.dist-info\LICENSE

MD5 3b83ef96387f14655fc854ddc3c6bd57
SHA1 2b8b815229aa8a61e483fb4ba0588b8b6c491890
SHA256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30
SHA512 98f6b79b778f7b0a15415bd750c3a8a097d650511cb4ec8115188e115c47053fe700f578895c097051c9bc3dfb6197c2b13a15de203273e1a3218884f86e90e8

C:\Users\Admin\AppData\Local\Temp\_MEI38922\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\top_level.txt

MD5 0ba8d736b7b4ab182687318b0497e61e
SHA1 311ba5ffd098689179f299ef20768ee1a29f586d
SHA256 d099cddcb7d71f82c845f5cbf9014e18227341664edc42f1e11d5dfe5a2ea103
SHA512 7cccbb4afa2fade40d529482301beae152e0c71ee3cc41736eb19e35cfc5ee3b91ef958cf5ca6b7330333b8494feb6682fd833d5aa16bf4a8f1f721fd859832c

C:\Users\Admin\AppData\Local\Temp\_MEI38922\setuptools\_vendor\packaging-24.1.dist-info\WHEEL

MD5 24019423ea7c0c2df41c8272a3791e7b
SHA1 aae9ecfb44813b68ca525ba7fa0d988615399c86
SHA256 1196c6921ec87b83e865f450f08d19b8ff5592537f4ef719e83484e546abe33e
SHA512 09ab8e4daa9193cfdee6cf98ccae9db0601f3dcd4944d07bf3ae6fa5bcb9dc0dcafd369de9a650a38d1b46c758db0721eba884446a8a5ad82bb745fd5db5f9b1

memory/3924-3042-0x00007FFA46FF0000-0x00007FFA47023000-memory.dmp

memory/3924-3055-0x00007FFA46DA0000-0x00007FFA46DAC000-memory.dmp

memory/3924-3054-0x00007FFA46EC0000-0x00007FFA46ECB000-memory.dmp

memory/3924-3053-0x00007FFA46F50000-0x00007FFA46F5C000-memory.dmp

memory/3924-3052-0x00007FFA46F60000-0x00007FFA46F6B000-memory.dmp

memory/3924-3051-0x00007FFA46F70000-0x00007FFA46F7C000-memory.dmp

memory/3924-3050-0x00007FFA46F80000-0x00007FFA46F8B000-memory.dmp

memory/3924-3049-0x00007FFA46F90000-0x00007FFA46F9B000-memory.dmp

memory/3924-3048-0x00007FFA46FB0000-0x00007FFA46FBF000-memory.dmp

memory/3924-3047-0x00007FFA46490000-0x00007FFA465AA000-memory.dmp

memory/3924-3046-0x00007FFA46FC0000-0x00007FFA46FE7000-memory.dmp

memory/3924-3045-0x00007FFA49AA0000-0x00007FFA49AAB000-memory.dmp

memory/3924-3044-0x00007FFA49AB0000-0x00007FFA49ABD000-memory.dmp

memory/3924-3043-0x00007FFA465B0000-0x00007FFA4667D000-memory.dmp

memory/3924-3039-0x00007FFA411B0000-0x00007FFA416D9000-memory.dmp

memory/3924-3038-0x00007FFA4BA80000-0x00007FFA4BA94000-memory.dmp

memory/3924-3033-0x00007FFA34EB0000-0x00007FFA35575000-memory.dmp

memory/3924-3041-0x00007FFA4AC20000-0x00007FFA4AC2D000-memory.dmp

memory/3924-3040-0x00007FFA4ACE0000-0x00007FFA4ACF9000-memory.dmp

memory/3924-3037-0x00007FFA4AC30000-0x00007FFA4AC5D000-memory.dmp

memory/3924-3036-0x00007FFA4BB40000-0x00007FFA4BB5A000-memory.dmp

memory/3924-3035-0x00007FFA4FDE0000-0x00007FFA4FDEF000-memory.dmp

memory/3924-3034-0x00007FFA4AC60000-0x00007FFA4AC85000-memory.dmp