Analysis Overview
SHA256
4479ecf339918676ca7d443c207be60f891b3420542f293668f9fe303940b1dc
Threat Level: Shows suspicious behavior
The file Ocean.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
UPX packed file
Detects Pyinstaller
Unsigned PE
Program crash
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-07-24 22:02
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-07-24 22:02
Reported
2023-07-24 22:04
Platform
win7-20230712-en
Max time kernel
140s
Max time network
122s
Command Line
Signatures
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\Ocean.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2184 wrote to memory of 2168 | N/A | C:\Users\Admin\AppData\Local\Temp\Ocean.exe | C:\Users\Admin\AppData\Local\Temp\Ocean.exe |
| PID 2184 wrote to memory of 2168 | N/A | C:\Users\Admin\AppData\Local\Temp\Ocean.exe | C:\Users\Admin\AppData\Local\Temp\Ocean.exe |
| PID 2184 wrote to memory of 2168 | N/A | C:\Users\Admin\AppData\Local\Temp\Ocean.exe | C:\Users\Admin\AppData\Local\Temp\Ocean.exe |
| PID 2168 wrote to memory of 2612 | N/A | C:\Users\Admin\AppData\Local\Temp\Ocean.exe | C:\Windows\system32\WerFault.exe |
| PID 2168 wrote to memory of 2612 | N/A | C:\Users\Admin\AppData\Local\Temp\Ocean.exe | C:\Windows\system32\WerFault.exe |
| PID 2168 wrote to memory of 2612 | N/A | C:\Users\Admin\AppData\Local\Temp\Ocean.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Ocean.exe
"C:\Users\Admin\AppData\Local\Temp\Ocean.exe"
C:\Users\Admin\AppData\Local\Temp\Ocean.exe
"C:\Users\Admin\AppData\Local\Temp\Ocean.exe"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2168 -s 492
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | anticheat.site | udp |
| US | 172.67.163.206:443 | anticheat.site | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI21842\python38.dll
| MD5 | 7ab78070ca047f134156169c60cca0a3 |
| SHA1 | f3fe769a202936d4c533a643f9a8b7cbdda61ca4 |
| SHA256 | c57bd27215609eca66bea7f88f4b5ce3bf39486dfdbab7d5c684270507627d22 |
| SHA512 | 2f3cd43beb3e0e1ea1581337289566159a707f3314852dc88c0353a65dd4a6d549aac1ea66974893ec99a3c1e28b932d7d3ab9e612d102cb6211772f594181f1 |
\Users\Admin\AppData\Local\Temp\_MEI21842\python38.dll
| MD5 | 7ab78070ca047f134156169c60cca0a3 |
| SHA1 | f3fe769a202936d4c533a643f9a8b7cbdda61ca4 |
| SHA256 | c57bd27215609eca66bea7f88f4b5ce3bf39486dfdbab7d5c684270507627d22 |
| SHA512 | 2f3cd43beb3e0e1ea1581337289566159a707f3314852dc88c0353a65dd4a6d549aac1ea66974893ec99a3c1e28b932d7d3ab9e612d102cb6211772f594181f1 |
memory/2168-82-0x000007FEF5A60000-0x000007FEF5EA5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI21842\VCRUNTIME140.dll
| MD5 | 4a365ffdbde27954e768358f4a4ce82e |
| SHA1 | a1b31102eee1d2a4ed1290da2038b7b9f6a104a3 |
| SHA256 | 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c |
| SHA512 | 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722 |
\Users\Admin\AppData\Local\Temp\_MEI21842\VCRUNTIME140.dll
| MD5 | 4a365ffdbde27954e768358f4a4ce82e |
| SHA1 | a1b31102eee1d2a4ed1290da2038b7b9f6a104a3 |
| SHA256 | 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c |
| SHA512 | 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722 |
C:\Users\Admin\AppData\Local\Temp\_MEI21842\base_library.zip
| MD5 | ffdfd8182d9d13d60579265b9f75b47d |
| SHA1 | a10f0311f56ad8779f7f9d427e4898973b02c211 |
| SHA256 | 1e8b6d77d6f9c3c42f2b82a4eccf47ecb3ee02cf518008598722c94c32f9eac0 |
| SHA512 | e51cf25721bd402b8cd62f289a7a4253e28172788a07780bb8e30184e9abf848420a7d12f8636ee379cb4f7b7b68db59751efddb152aa4a291aa3f3c4ef169f8 |
C:\Users\Admin\AppData\Local\Temp\_MEI21842\_ctypes.pyd
| MD5 | 332d773008e12399ab98d085cd60c583 |
| SHA1 | c3aa78e9ba7732b989a3cab996e63791eaf46a7f |
| SHA256 | 19b813bcd356f37e73fe7d367051eb0bd901f2bd14ca8ad4662b1503b1459cea |
| SHA512 | 381c2083ccfdb39f3986060b21ff168ee87cfafc4ad53b34de3ae473a4fc0204615af87e9ee69407d07528064c7b2a7d9f23a94939de0e26c614169b8cc418aa |
\Users\Admin\AppData\Local\Temp\_MEI21842\_ctypes.pyd
| MD5 | 332d773008e12399ab98d085cd60c583 |
| SHA1 | c3aa78e9ba7732b989a3cab996e63791eaf46a7f |
| SHA256 | 19b813bcd356f37e73fe7d367051eb0bd901f2bd14ca8ad4662b1503b1459cea |
| SHA512 | 381c2083ccfdb39f3986060b21ff168ee87cfafc4ad53b34de3ae473a4fc0204615af87e9ee69407d07528064c7b2a7d9f23a94939de0e26c614169b8cc418aa |
memory/2168-88-0x000007FEF73F0000-0x000007FEF7417000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI21842\libffi-7.dll
| MD5 | 6f818913fafe8e4df7fedc46131f201f |
| SHA1 | bbb7ba3edbd4783f7f973d97b0b568cc69cadac5 |
| SHA256 | 3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56 |
| SHA512 | 5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639 |
memory/2168-91-0x000007FEF73E0000-0x000007FEF73EF000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI21842\libffi-7.dll
| MD5 | 6f818913fafe8e4df7fedc46131f201f |
| SHA1 | bbb7ba3edbd4783f7f973d97b0b568cc69cadac5 |
| SHA256 | 3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56 |
| SHA512 | 5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639 |
C:\Users\Admin\AppData\Local\Temp\_MEI21842\_socket.pyd
| MD5 | 15a40afe3a6a996da1ed9c9eb13362b8 |
| SHA1 | fb7a8827fd244642a1bda9e863e8a1137a791554 |
| SHA256 | 55c9f10d31037738da2110bb88074cf4b6d65e256c9411560000330ed27704c1 |
| SHA512 | f75213237180fe0395908f5e272217f8287a19083a00d23c5934061f27e07e00b5130ccd44453c2633b2406433d3e537f45923e4712ef420bb60cc9307030990 |
\Users\Admin\AppData\Local\Temp\_MEI21842\_socket.pyd
| MD5 | 15a40afe3a6a996da1ed9c9eb13362b8 |
| SHA1 | fb7a8827fd244642a1bda9e863e8a1137a791554 |
| SHA256 | 55c9f10d31037738da2110bb88074cf4b6d65e256c9411560000330ed27704c1 |
| SHA512 | f75213237180fe0395908f5e272217f8287a19083a00d23c5934061f27e07e00b5130ccd44453c2633b2406433d3e537f45923e4712ef420bb60cc9307030990 |
memory/2168-94-0x000007FEF73C0000-0x000007FEF73DA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI21842\select.pyd
| MD5 | bfce179b385145f6c0cb73aac30318c1 |
| SHA1 | ff59ab14cbeb00a9c68369d998b101102673b6e2 |
| SHA256 | 04f0936ec038ff18927b5def896db658b64f6dc9e6275e6ad03a7436d4f9a80a |
| SHA512 | a82ed3398c4f1c0d0ab8a5f5e75735d6d05d6f02c9b0a97edb478482a0f3bee0f49fea35c5afdfe373c33ade510d0ebff8dd02b0131d961be7e5b5ddcbfdb88f |
\Users\Admin\AppData\Local\Temp\_MEI21842\select.pyd
| MD5 | bfce179b385145f6c0cb73aac30318c1 |
| SHA1 | ff59ab14cbeb00a9c68369d998b101102673b6e2 |
| SHA256 | 04f0936ec038ff18927b5def896db658b64f6dc9e6275e6ad03a7436d4f9a80a |
| SHA512 | a82ed3398c4f1c0d0ab8a5f5e75735d6d05d6f02c9b0a97edb478482a0f3bee0f49fea35c5afdfe373c33ade510d0ebff8dd02b0131d961be7e5b5ddcbfdb88f |
memory/2168-97-0x000007FEF73B0000-0x000007FEF73BD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI21842\_ssl.pyd
| MD5 | a61613b2a31fb6c1d0f11a2ab42c3a9e |
| SHA1 | a51069c3aeb3c7c8d802cf076005b1c1717ca12a |
| SHA256 | 1b39eac9d666211e670e37420d9fd43516695e7ef53832f4dbd86b6e97fc9bf3 |
| SHA512 | a35283c7fb47e79580917252cb08329c5f302a77322ffd8a0fe5cd8c081130c5fa28c5e7eb3d7eb8c6d0dca25a7d423cb303ab2ec82296eac41c91e38369ccaf |
C:\Users\Admin\AppData\Local\Temp\_MEI21842\libcrypto-1_1.dll
| MD5 | eb33b1a0a12a1bfcb69fd2467f5c6b8c |
| SHA1 | d30782a6bed3fd889846787d733d14519d757808 |
| SHA256 | e631bfe0b26a864f61311a03bf1f0819abdffc7bc00d14d263714f934a085069 |
| SHA512 | bee2412914003ad4697d6a22cfe7550de0e13c2a16dc5c8c1528ce361a84f987e8d43f58f0eabdacf6a09a01f7edf04b310dce41f02c4e809b04446d8dff40e2 |
memory/2168-101-0x000007FEF7380000-0x000007FEF73AD000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI21842\_ssl.pyd
| MD5 | a61613b2a31fb6c1d0f11a2ab42c3a9e |
| SHA1 | a51069c3aeb3c7c8d802cf076005b1c1717ca12a |
| SHA256 | 1b39eac9d666211e670e37420d9fd43516695e7ef53832f4dbd86b6e97fc9bf3 |
| SHA512 | a35283c7fb47e79580917252cb08329c5f302a77322ffd8a0fe5cd8c081130c5fa28c5e7eb3d7eb8c6d0dca25a7d423cb303ab2ec82296eac41c91e38369ccaf |
\Users\Admin\AppData\Local\Temp\_MEI21842\libcrypto-1_1.dll
| MD5 | eb33b1a0a12a1bfcb69fd2467f5c6b8c |
| SHA1 | d30782a6bed3fd889846787d733d14519d757808 |
| SHA256 | e631bfe0b26a864f61311a03bf1f0819abdffc7bc00d14d263714f934a085069 |
| SHA512 | bee2412914003ad4697d6a22cfe7550de0e13c2a16dc5c8c1528ce361a84f987e8d43f58f0eabdacf6a09a01f7edf04b310dce41f02c4e809b04446d8dff40e2 |
memory/2168-103-0x000007FEF56F0000-0x000007FEF5A5F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI21842\libssl-1_1.dll
| MD5 | 88803aac099cccf4af3496bfabdc8865 |
| SHA1 | 3eee4e685e0084f13935870be3e2c7dddb1975e4 |
| SHA256 | c524b961d036c9e95ae4d9e40e8b4f897a4f0772cf1d78ac0287af84fe918cad |
| SHA512 | 50bd41771e50e9c20ad871be9433f6e88c3cd799a6f64d7ad19265228468a8572904ec2d9b3b8ff053b23230ec1326a175df09cb0380e60d8efdd11ab446f8fd |
\Users\Admin\AppData\Local\Temp\_MEI21842\libssl-1_1.dll
| MD5 | 88803aac099cccf4af3496bfabdc8865 |
| SHA1 | 3eee4e685e0084f13935870be3e2c7dddb1975e4 |
| SHA256 | c524b961d036c9e95ae4d9e40e8b4f897a4f0772cf1d78ac0287af84fe918cad |
| SHA512 | 50bd41771e50e9c20ad871be9433f6e88c3cd799a6f64d7ad19265228468a8572904ec2d9b3b8ff053b23230ec1326a175df09cb0380e60d8efdd11ab446f8fd |
memory/2168-106-0x000007FEF6540000-0x000007FEF65F6000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI21842\_hashlib.pyd
| MD5 | 7a323c4fce36ab53da167e4074a68a77 |
| SHA1 | 78a0e1ebbc7b357dbd37fcee32589c4d0dc94dfe |
| SHA256 | 07419b0862edabe485317c199ee61b4de838ec730789b12b8d660b6a1e5aaf76 |
| SHA512 | 8dad82fa63917ff035271e8ed73c9f2ecdf5414e98d48a144f302c68cb16ea6d8dacf4fbfe11458b5d78715089ebaa45cd157ad53fb7989fd2fa81afce39e49a |
C:\Users\Admin\AppData\Local\Temp\_MEI21842\_hashlib.pyd
| MD5 | 7a323c4fce36ab53da167e4074a68a77 |
| SHA1 | 78a0e1ebbc7b357dbd37fcee32589c4d0dc94dfe |
| SHA256 | 07419b0862edabe485317c199ee61b4de838ec730789b12b8d660b6a1e5aaf76 |
| SHA512 | 8dad82fa63917ff035271e8ed73c9f2ecdf5414e98d48a144f302c68cb16ea6d8dacf4fbfe11458b5d78715089ebaa45cd157ad53fb7989fd2fa81afce39e49a |
\Users\Admin\AppData\Local\Temp\_MEI21842\_queue.pyd
| MD5 | 7a9eab9b45b38b485ad540fcd60fd1c2 |
| SHA1 | 8fc5679207187b8e37f73c3826a0f1cef06bc7d9 |
| SHA256 | 3e97629db46d159db614a2af447a8fcd3cdea807d7bdb8b32adadb372b8ed3ae |
| SHA512 | 1fa6745b5b9444d9afee8e8852b8baf6790c40d6af9c8ace0aa5b5a242c1825cf7eee467515270c55833d11878b1d6e36e67aad3090a2bd7d504f8cc75d3e81d |
C:\Users\Admin\AppData\Local\Temp\_MEI21842\_queue.pyd
| MD5 | 7a9eab9b45b38b485ad540fcd60fd1c2 |
| SHA1 | 8fc5679207187b8e37f73c3826a0f1cef06bc7d9 |
| SHA256 | 3e97629db46d159db614a2af447a8fcd3cdea807d7bdb8b32adadb372b8ed3ae |
| SHA512 | 1fa6745b5b9444d9afee8e8852b8baf6790c40d6af9c8ace0aa5b5a242c1825cf7eee467515270c55833d11878b1d6e36e67aad3090a2bd7d504f8cc75d3e81d |
memory/2168-109-0x000007FEF6520000-0x000007FEF6531000-memory.dmp
memory/2168-112-0x000007FEF7360000-0x000007FEF736D000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI21842\charset_normalizer\md.cp38-win_amd64.pyd
| MD5 | c3988e124508410346090e29d84b71ef |
| SHA1 | 5d4dbcd4ea2338b6869bf47d7d03be25705651b6 |
| SHA256 | d700d5aa7a28d5edd81369c1d8739c6f53ad1e3db960454948e1c5d8722f87f4 |
| SHA512 | f50d5ba31c7be1bf1aa2812cca7ecf3794658a038486ab91e481aa4ae60a47c4a016565a892fcf3a6117490472f90a1d42b660a2c390fb241e28258c243b9bf6 |
C:\Users\Admin\AppData\Local\Temp\_MEI21842\charset_normalizer\md.cp38-win_amd64.pyd
| MD5 | c3988e124508410346090e29d84b71ef |
| SHA1 | 5d4dbcd4ea2338b6869bf47d7d03be25705651b6 |
| SHA256 | d700d5aa7a28d5edd81369c1d8739c6f53ad1e3db960454948e1c5d8722f87f4 |
| SHA512 | f50d5ba31c7be1bf1aa2812cca7ecf3794658a038486ab91e481aa4ae60a47c4a016565a892fcf3a6117490472f90a1d42b660a2c390fb241e28258c243b9bf6 |
memory/2168-117-0x000007FEF5A60000-0x000007FEF5EA5000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI21842\charset_normalizer\md__mypyc.cp38-win_amd64.pyd
| MD5 | 0bacf957fb8cad0d18edca25b5c1b4f3 |
| SHA1 | 43a0b66ccdffe2d9964d90cd4937aae5e1c178b6 |
| SHA256 | 3ff54f72d6dc73bb795e5fb1b6b38831d87d2dc17769a22c37ffd2a11526c08f |
| SHA512 | 26f385bff31f64901c2297f9e27c1e6dbab16cc1d3a61e67ba5ee61eee28b2b6a6bf9d75050426b277d1121aa154b5c3436141bdf4567d5c01d7261a62a6c0c2 |
C:\Users\Admin\AppData\Local\Temp\_MEI21842\charset_normalizer\md__mypyc.cp38-win_amd64.pyd
| MD5 | 0bacf957fb8cad0d18edca25b5c1b4f3 |
| SHA1 | 43a0b66ccdffe2d9964d90cd4937aae5e1c178b6 |
| SHA256 | 3ff54f72d6dc73bb795e5fb1b6b38831d87d2dc17769a22c37ffd2a11526c08f |
| SHA512 | 26f385bff31f64901c2297f9e27c1e6dbab16cc1d3a61e67ba5ee61eee28b2b6a6bf9d75050426b277d1121aa154b5c3436141bdf4567d5c01d7261a62a6c0c2 |
memory/2168-119-0x000007FEF56E0000-0x000007FEF56EB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI21842\unicodedata.pyd
| MD5 | f9486e61971743562e9cdfac3b26b9b8 |
| SHA1 | 827cc385d614535a17c37a899017e95abee90384 |
| SHA256 | d35630ac31c32ceb5098eb2e63b029ebee37167c6da320f07574a244a8336554 |
| SHA512 | 5bac1699c2b11fba9a25112672dc30f2dd7a1058161066939667f467470cddacf6e8ddbb0afaab0395bcbffe67743231640cd70acb9dcad2645743f5f0dbcff5 |
memory/2168-120-0x000007FEF56B0000-0x000007FEF56D4000-memory.dmp
memory/2168-121-0x000007FEF73F0000-0x000007FEF7417000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI21842\unicodedata.pyd
| MD5 | f9486e61971743562e9cdfac3b26b9b8 |
| SHA1 | 827cc385d614535a17c37a899017e95abee90384 |
| SHA256 | d35630ac31c32ceb5098eb2e63b029ebee37167c6da320f07574a244a8336554 |
| SHA512 | 5bac1699c2b11fba9a25112672dc30f2dd7a1058161066939667f467470cddacf6e8ddbb0afaab0395bcbffe67743231640cd70acb9dcad2645743f5f0dbcff5 |
memory/2168-123-0x000007FEF73E0000-0x000007FEF73EF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI21842\_bz2.pyd
| MD5 | 5f464b4f06dfe3ab504169ffdc7f53ae |
| SHA1 | 2942cf1f492213842d7bb8e8198355d3607b2f3b |
| SHA256 | 0dd68268a9d47ce935ff932c3fe281e7a6d57e9cd424299d05560e56a773ef4b |
| SHA512 | d66c3c238a1ebdfb6f81436f8d0481f3ed8a0ff1212e3efe466d6820e36db50c31dcdb1019e46dcedb753149a6cef3f9485fc232f3dd42b96b7b0604dbad6040 |
\Users\Admin\AppData\Local\Temp\_MEI21842\_bz2.pyd
| MD5 | 5f464b4f06dfe3ab504169ffdc7f53ae |
| SHA1 | 2942cf1f492213842d7bb8e8198355d3607b2f3b |
| SHA256 | 0dd68268a9d47ce935ff932c3fe281e7a6d57e9cd424299d05560e56a773ef4b |
| SHA512 | d66c3c238a1ebdfb6f81436f8d0481f3ed8a0ff1212e3efe466d6820e36db50c31dcdb1019e46dcedb753149a6cef3f9485fc232f3dd42b96b7b0604dbad6040 |
memory/2168-127-0x000007FEF5590000-0x000007FEF56A2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI21842\_lzma.pyd
| MD5 | 6cf80dca091dad17790a6b1af4e85381 |
| SHA1 | bcb4052a4f960b429eb9db019734fc00b41c4427 |
| SHA256 | 2b41390d1bffa9c5b7018bc0544b0a2c188ecb9b00ebc56df5a864dc47e32697 |
| SHA512 | da00f86c7a4168fa46faec79605831d26e4c86dd1d009b89f5087ac756bdfc32e0c036471639131eb881bcc53b8f1f92d947f3ef47f3dc7e56bb2e99d1357cf3 |
memory/2168-128-0x000007FEF5570000-0x000007FEF558C000-memory.dmp
memory/2168-129-0x000007FEF73C0000-0x000007FEF73DA000-memory.dmp
memory/2168-131-0x000007FEF5540000-0x000007FEF556E000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI21842\_lzma.pyd
| MD5 | 6cf80dca091dad17790a6b1af4e85381 |
| SHA1 | bcb4052a4f960b429eb9db019734fc00b41c4427 |
| SHA256 | 2b41390d1bffa9c5b7018bc0544b0a2c188ecb9b00ebc56df5a864dc47e32697 |
| SHA512 | da00f86c7a4168fa46faec79605831d26e4c86dd1d009b89f5087ac756bdfc32e0c036471639131eb881bcc53b8f1f92d947f3ef47f3dc7e56bb2e99d1357cf3 |
C:\Users\Admin\AppData\Local\Temp\_MEI21842\dearpygui\_dearpygui.pyd
| MD5 | daf684cb065ff66b470453f1aee06e68 |
| SHA1 | c96fd8d2e4e2b1e163d1470c37764340ef4226f5 |
| SHA256 | 9ffe47ace8f41c52b017f4259cd522e3b85bb83b2b8b133c1a9b20118112a113 |
| SHA512 | 7c9ab17aeb7311faaa4a499210a641b84b194ef48d06a97af89e60b3ab331c941327c745264ab325438f4be09df0820b45ea2de4941f3374481d8a42c7c3d059 |
\Users\Admin\AppData\Local\Temp\_MEI21842\dearpygui\_dearpygui.pyd
| MD5 | daf684cb065ff66b470453f1aee06e68 |
| SHA1 | c96fd8d2e4e2b1e163d1470c37764340ef4226f5 |
| SHA256 | 9ffe47ace8f41c52b017f4259cd522e3b85bb83b2b8b133c1a9b20118112a113 |
| SHA512 | 7c9ab17aeb7311faaa4a499210a641b84b194ef48d06a97af89e60b3ab331c941327c745264ab325438f4be09df0820b45ea2de4941f3374481d8a42c7c3d059 |
memory/2168-134-0x000007FEF7380000-0x000007FEF73AD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI21842\MSVCP140.dll
| MD5 | 1ba6d1cf0508775096f9e121a24e5863 |
| SHA1 | df552810d779476610da3c8b956cc921ed6c91ae |
| SHA256 | 74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823 |
| SHA512 | 9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af |
\Users\Admin\AppData\Local\Temp\_MEI21842\MSVCP140.dll
| MD5 | 1ba6d1cf0508775096f9e121a24e5863 |
| SHA1 | df552810d779476610da3c8b956cc921ed6c91ae |
| SHA256 | 74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823 |
| SHA512 | 9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af |
C:\Users\Admin\AppData\Local\Temp\_MEI21842\dearpygui\VCRUNTIME140_1.dll
| MD5 | ab03551e4ef279abed2d8c4b25f35bb8 |
| SHA1 | 09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e |
| SHA256 | f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44 |
| SHA512 | 0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909 |
memory/2168-138-0x000007FEF4940000-0x000007FEF553F000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI21842\dearpygui\VCRUNTIME140_1.dll
| MD5 | ab03551e4ef279abed2d8c4b25f35bb8 |
| SHA1 | 09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e |
| SHA256 | f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44 |
| SHA512 | 0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909 |
C:\Users\Admin\AppData\Local\Temp\_MEI21842\certifi\cacert.pem
| MD5 | 8d0619bfe30deadf6f21196f0f8d53d3 |
| SHA1 | e7abd65a8ccafeff6caf6a2ff98d27d24d87c9ad |
| SHA256 | b301535dca491d9814ea28faa320ac7a19d0f5d94237996fa0a3b5a936432514 |
| SHA512 | 5a88e4a06b98832aaa9bbb89e382f6c7e9b65c5ecba48de8f4ff1fa58bb06a74b9c2f6b2ec185c2a306cb0b5d68d0b28d74b323432a0b2953d8dfc29fed920d7 |
memory/2168-141-0x000007FEF56F0000-0x000007FEF5A5F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI21842\semen.ttf
| MD5 | 8d63a82f5fc6d6eba21050dd9111520d |
| SHA1 | 03f5c0ff412bc0aac7ef2c1e19edcbdd9b06a609 |
| SHA256 | 69b1af837d101ab90b003d61d4ccc5e5320a6dcaefeb69906fa31c01a06e5837 |
| SHA512 | 7ab78f5da477103cd0b860668fa4ddf252775adcab732de61c1e5cf89fedaa8c8043aeadca1a0b325756b437748bf8bec07f70dba111e108c22bd90e9041cfe9 |
C:\Users\Admin\AppData\Local\Temp\_MEI21842\bg.png
| MD5 | 8f2f2fc27950af93656697fbf88944fd |
| SHA1 | c3968809e5980294b259f578b7f3d5624461d206 |
| SHA256 | 70ad6851bb512cdb708d0669f281359b0382441e4d8d00a9309dd04c80419ba9 |
| SHA512 | ae5c497e9887d88a810a5c00c6f30b157d35d76af1cfc3dd827c2b3bbeda9303b065d6494db31395f7eadc770259fedae9def26c5fc127469e7457cbef620128 |
C:\Users\Admin\AppData\Local\Temp\_MEI21842\IB.ttf
| MD5 | 97decd2b78e0890e270894d96efe328f |
| SHA1 | 70239218a723b0b34643b62faad0387c205ecac2 |
| SHA256 | 56419e845e9eb0d8d3cd5c860dcbc23eb24fed38674878a89e6e82f2529c711b |
| SHA512 | f32ac87b46260f76c9ae6aeff733ae5bfbc44fe997333e5f73e2cf958bdf1ce1461b284aed817f17fed09550e9419351cf5561ef9263264239301926a37eef22 |
memory/2168-147-0x000007FEF6540000-0x000007FEF65F6000-memory.dmp
memory/2168-148-0x000007FEF6520000-0x000007FEF6531000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI21842\dearpygui\_dearpygui.pyd
| MD5 | daf684cb065ff66b470453f1aee06e68 |
| SHA1 | c96fd8d2e4e2b1e163d1470c37764340ef4226f5 |
| SHA256 | 9ffe47ace8f41c52b017f4259cd522e3b85bb83b2b8b133c1a9b20118112a113 |
| SHA512 | 7c9ab17aeb7311faaa4a499210a641b84b194ef48d06a97af89e60b3ab331c941327c745264ab325438f4be09df0820b45ea2de4941f3374481d8a42c7c3d059 |
memory/2168-150-0x000007FEF56B0000-0x000007FEF56D4000-memory.dmp
memory/2168-151-0x000007FEF5A60000-0x000007FEF5EA5000-memory.dmp
memory/2168-156-0x000007FEF7380000-0x000007FEF73AD000-memory.dmp
memory/2168-157-0x000007FEF56F0000-0x000007FEF5A5F000-memory.dmp
memory/2168-163-0x000007FEF5590000-0x000007FEF56A2000-memory.dmp
memory/2168-165-0x000007FEF5540000-0x000007FEF556E000-memory.dmp
memory/2168-166-0x000007FEF4940000-0x000007FEF553F000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-07-24 22:02
Reported
2023-07-24 22:04
Platform
win10v2004-20230703-en
Max time kernel
143s
Max time network
147s
Command Line
Signatures
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ocean.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ocean.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1328 wrote to memory of 4164 | N/A | C:\Users\Admin\AppData\Local\Temp\Ocean.exe | C:\Users\Admin\AppData\Local\Temp\Ocean.exe |
| PID 1328 wrote to memory of 4164 | N/A | C:\Users\Admin\AppData\Local\Temp\Ocean.exe | C:\Users\Admin\AppData\Local\Temp\Ocean.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Ocean.exe
"C:\Users\Admin\AppData\Local\Temp\Ocean.exe"
C:\Users\Admin\AppData\Local\Temp\Ocean.exe
"C:\Users\Admin\AppData\Local\Temp\Ocean.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | anticheat.site | udp |
| US | 172.67.163.206:443 | anticheat.site | tcp |
| US | 8.8.8.8:53 | 206.163.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.214.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.50.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.209.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI13282\python38.dll
| MD5 | 7ab78070ca047f134156169c60cca0a3 |
| SHA1 | f3fe769a202936d4c533a643f9a8b7cbdda61ca4 |
| SHA256 | c57bd27215609eca66bea7f88f4b5ce3bf39486dfdbab7d5c684270507627d22 |
| SHA512 | 2f3cd43beb3e0e1ea1581337289566159a707f3314852dc88c0353a65dd4a6d549aac1ea66974893ec99a3c1e28b932d7d3ab9e612d102cb6211772f594181f1 |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\VCRUNTIME140.dll
| MD5 | 4a365ffdbde27954e768358f4a4ce82e |
| SHA1 | a1b31102eee1d2a4ed1290da2038b7b9f6a104a3 |
| SHA256 | 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c |
| SHA512 | 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722 |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\VCRUNTIME140.dll
| MD5 | 4a365ffdbde27954e768358f4a4ce82e |
| SHA1 | a1b31102eee1d2a4ed1290da2038b7b9f6a104a3 |
| SHA256 | 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c |
| SHA512 | 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722 |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\python38.dll
| MD5 | 7ab78070ca047f134156169c60cca0a3 |
| SHA1 | f3fe769a202936d4c533a643f9a8b7cbdda61ca4 |
| SHA256 | c57bd27215609eca66bea7f88f4b5ce3bf39486dfdbab7d5c684270507627d22 |
| SHA512 | 2f3cd43beb3e0e1ea1581337289566159a707f3314852dc88c0353a65dd4a6d549aac1ea66974893ec99a3c1e28b932d7d3ab9e612d102cb6211772f594181f1 |
memory/4164-163-0x00007FF824680000-0x00007FF824AC5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI13282\base_library.zip
| MD5 | ffdfd8182d9d13d60579265b9f75b47d |
| SHA1 | a10f0311f56ad8779f7f9d427e4898973b02c211 |
| SHA256 | 1e8b6d77d6f9c3c42f2b82a4eccf47ecb3ee02cf518008598722c94c32f9eac0 |
| SHA512 | e51cf25721bd402b8cd62f289a7a4253e28172788a07780bb8e30184e9abf848420a7d12f8636ee379cb4f7b7b68db59751efddb152aa4a291aa3f3c4ef169f8 |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\_ctypes.pyd
| MD5 | 332d773008e12399ab98d085cd60c583 |
| SHA1 | c3aa78e9ba7732b989a3cab996e63791eaf46a7f |
| SHA256 | 19b813bcd356f37e73fe7d367051eb0bd901f2bd14ca8ad4662b1503b1459cea |
| SHA512 | 381c2083ccfdb39f3986060b21ff168ee87cfafc4ad53b34de3ae473a4fc0204615af87e9ee69407d07528064c7b2a7d9f23a94939de0e26c614169b8cc418aa |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\_ctypes.pyd
| MD5 | 332d773008e12399ab98d085cd60c583 |
| SHA1 | c3aa78e9ba7732b989a3cab996e63791eaf46a7f |
| SHA256 | 19b813bcd356f37e73fe7d367051eb0bd901f2bd14ca8ad4662b1503b1459cea |
| SHA512 | 381c2083ccfdb39f3986060b21ff168ee87cfafc4ad53b34de3ae473a4fc0204615af87e9ee69407d07528064c7b2a7d9f23a94939de0e26c614169b8cc418aa |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\libffi-7.dll
| MD5 | 6f818913fafe8e4df7fedc46131f201f |
| SHA1 | bbb7ba3edbd4783f7f973d97b0b568cc69cadac5 |
| SHA256 | 3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56 |
| SHA512 | 5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639 |
memory/4164-167-0x00007FF82ADB0000-0x00007FF82ADD7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI13282\libffi-7.dll
| MD5 | 6f818913fafe8e4df7fedc46131f201f |
| SHA1 | bbb7ba3edbd4783f7f973d97b0b568cc69cadac5 |
| SHA256 | 3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56 |
| SHA512 | 5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639 |
memory/4164-170-0x00007FF8381B0000-0x00007FF8381BF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI13282\_socket.pyd
| MD5 | 15a40afe3a6a996da1ed9c9eb13362b8 |
| SHA1 | fb7a8827fd244642a1bda9e863e8a1137a791554 |
| SHA256 | 55c9f10d31037738da2110bb88074cf4b6d65e256c9411560000330ed27704c1 |
| SHA512 | f75213237180fe0395908f5e272217f8287a19083a00d23c5934061f27e07e00b5130ccd44453c2633b2406433d3e537f45923e4712ef420bb60cc9307030990 |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\_socket.pyd
| MD5 | 15a40afe3a6a996da1ed9c9eb13362b8 |
| SHA1 | fb7a8827fd244642a1bda9e863e8a1137a791554 |
| SHA256 | 55c9f10d31037738da2110bb88074cf4b6d65e256c9411560000330ed27704c1 |
| SHA512 | f75213237180fe0395908f5e272217f8287a19083a00d23c5934061f27e07e00b5130ccd44453c2633b2406433d3e537f45923e4712ef420bb60cc9307030990 |
memory/4164-176-0x00007FF833FE0000-0x00007FF833FED000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI13282\select.pyd
| MD5 | bfce179b385145f6c0cb73aac30318c1 |
| SHA1 | ff59ab14cbeb00a9c68369d998b101102673b6e2 |
| SHA256 | 04f0936ec038ff18927b5def896db658b64f6dc9e6275e6ad03a7436d4f9a80a |
| SHA512 | a82ed3398c4f1c0d0ab8a5f5e75735d6d05d6f02c9b0a97edb478482a0f3bee0f49fea35c5afdfe373c33ade510d0ebff8dd02b0131d961be7e5b5ddcbfdb88f |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\select.pyd
| MD5 | bfce179b385145f6c0cb73aac30318c1 |
| SHA1 | ff59ab14cbeb00a9c68369d998b101102673b6e2 |
| SHA256 | 04f0936ec038ff18927b5def896db658b64f6dc9e6275e6ad03a7436d4f9a80a |
| SHA512 | a82ed3398c4f1c0d0ab8a5f5e75735d6d05d6f02c9b0a97edb478482a0f3bee0f49fea35c5afdfe373c33ade510d0ebff8dd02b0131d961be7e5b5ddcbfdb88f |
memory/4164-173-0x00007FF833560000-0x00007FF83357A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI13282\_ssl.pyd
| MD5 | a61613b2a31fb6c1d0f11a2ab42c3a9e |
| SHA1 | a51069c3aeb3c7c8d802cf076005b1c1717ca12a |
| SHA256 | 1b39eac9d666211e670e37420d9fd43516695e7ef53832f4dbd86b6e97fc9bf3 |
| SHA512 | a35283c7fb47e79580917252cb08329c5f302a77322ffd8a0fe5cd8c081130c5fa28c5e7eb3d7eb8c6d0dca25a7d423cb303ab2ec82296eac41c91e38369ccaf |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\libcrypto-1_1.dll
| MD5 | eb33b1a0a12a1bfcb69fd2467f5c6b8c |
| SHA1 | d30782a6bed3fd889846787d733d14519d757808 |
| SHA256 | e631bfe0b26a864f61311a03bf1f0819abdffc7bc00d14d263714f934a085069 |
| SHA512 | bee2412914003ad4697d6a22cfe7550de0e13c2a16dc5c8c1528ce361a84f987e8d43f58f0eabdacf6a09a01f7edf04b310dce41f02c4e809b04446d8dff40e2 |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\_ssl.pyd
| MD5 | a61613b2a31fb6c1d0f11a2ab42c3a9e |
| SHA1 | a51069c3aeb3c7c8d802cf076005b1c1717ca12a |
| SHA256 | 1b39eac9d666211e670e37420d9fd43516695e7ef53832f4dbd86b6e97fc9bf3 |
| SHA512 | a35283c7fb47e79580917252cb08329c5f302a77322ffd8a0fe5cd8c081130c5fa28c5e7eb3d7eb8c6d0dca25a7d423cb303ab2ec82296eac41c91e38369ccaf |
memory/4164-181-0x00007FF8258F0000-0x00007FF82591D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI13282\libcrypto-1_1.dll
| MD5 | eb33b1a0a12a1bfcb69fd2467f5c6b8c |
| SHA1 | d30782a6bed3fd889846787d733d14519d757808 |
| SHA256 | e631bfe0b26a864f61311a03bf1f0819abdffc7bc00d14d263714f934a085069 |
| SHA512 | bee2412914003ad4697d6a22cfe7550de0e13c2a16dc5c8c1528ce361a84f987e8d43f58f0eabdacf6a09a01f7edf04b310dce41f02c4e809b04446d8dff40e2 |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\libcrypto-1_1.dll
| MD5 | eb33b1a0a12a1bfcb69fd2467f5c6b8c |
| SHA1 | d30782a6bed3fd889846787d733d14519d757808 |
| SHA256 | e631bfe0b26a864f61311a03bf1f0819abdffc7bc00d14d263714f934a085069 |
| SHA512 | bee2412914003ad4697d6a22cfe7550de0e13c2a16dc5c8c1528ce361a84f987e8d43f58f0eabdacf6a09a01f7edf04b310dce41f02c4e809b04446d8dff40e2 |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\libssl-1_1.dll
| MD5 | 88803aac099cccf4af3496bfabdc8865 |
| SHA1 | 3eee4e685e0084f13935870be3e2c7dddb1975e4 |
| SHA256 | c524b961d036c9e95ae4d9e40e8b4f897a4f0772cf1d78ac0287af84fe918cad |
| SHA512 | 50bd41771e50e9c20ad871be9433f6e88c3cd799a6f64d7ad19265228468a8572904ec2d9b3b8ff053b23230ec1326a175df09cb0380e60d8efdd11ab446f8fd |
memory/4164-185-0x00000271C1DD0000-0x00000271C213F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI13282\libssl-1_1.dll
| MD5 | 88803aac099cccf4af3496bfabdc8865 |
| SHA1 | 3eee4e685e0084f13935870be3e2c7dddb1975e4 |
| SHA256 | c524b961d036c9e95ae4d9e40e8b4f897a4f0772cf1d78ac0287af84fe918cad |
| SHA512 | 50bd41771e50e9c20ad871be9433f6e88c3cd799a6f64d7ad19265228468a8572904ec2d9b3b8ff053b23230ec1326a175df09cb0380e60d8efdd11ab446f8fd |
memory/4164-186-0x00007FF823CA0000-0x00007FF82400F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI13282\_queue.pyd
| MD5 | 7a9eab9b45b38b485ad540fcd60fd1c2 |
| SHA1 | 8fc5679207187b8e37f73c3826a0f1cef06bc7d9 |
| SHA256 | 3e97629db46d159db614a2af447a8fcd3cdea807d7bdb8b32adadb372b8ed3ae |
| SHA512 | 1fa6745b5b9444d9afee8e8852b8baf6790c40d6af9c8ace0aa5b5a242c1825cf7eee467515270c55833d11878b1d6e36e67aad3090a2bd7d504f8cc75d3e81d |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\_hashlib.pyd
| MD5 | 7a323c4fce36ab53da167e4074a68a77 |
| SHA1 | 78a0e1ebbc7b357dbd37fcee32589c4d0dc94dfe |
| SHA256 | 07419b0862edabe485317c199ee61b4de838ec730789b12b8d660b6a1e5aaf76 |
| SHA512 | 8dad82fa63917ff035271e8ed73c9f2ecdf5414e98d48a144f302c68cb16ea6d8dacf4fbfe11458b5d78715089ebaa45cd157ad53fb7989fd2fa81afce39e49a |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\charset_normalizer\md__mypyc.cp38-win_amd64.pyd
| MD5 | 0bacf957fb8cad0d18edca25b5c1b4f3 |
| SHA1 | 43a0b66ccdffe2d9964d90cd4937aae5e1c178b6 |
| SHA256 | 3ff54f72d6dc73bb795e5fb1b6b38831d87d2dc17769a22c37ffd2a11526c08f |
| SHA512 | 26f385bff31f64901c2297f9e27c1e6dbab16cc1d3a61e67ba5ee61eee28b2b6a6bf9d75050426b277d1121aa154b5c3436141bdf4567d5c01d7261a62a6c0c2 |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\unicodedata.pyd
| MD5 | f9486e61971743562e9cdfac3b26b9b8 |
| SHA1 | 827cc385d614535a17c37a899017e95abee90384 |
| SHA256 | d35630ac31c32ceb5098eb2e63b029ebee37167c6da320f07574a244a8336554 |
| SHA512 | 5bac1699c2b11fba9a25112672dc30f2dd7a1058161066939667f467470cddacf6e8ddbb0afaab0395bcbffe67743231640cd70acb9dcad2645743f5f0dbcff5 |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\unicodedata.pyd
| MD5 | f9486e61971743562e9cdfac3b26b9b8 |
| SHA1 | 827cc385d614535a17c37a899017e95abee90384 |
| SHA256 | d35630ac31c32ceb5098eb2e63b029ebee37167c6da320f07574a244a8336554 |
| SHA512 | 5bac1699c2b11fba9a25112672dc30f2dd7a1058161066939667f467470cddacf6e8ddbb0afaab0395bcbffe67743231640cd70acb9dcad2645743f5f0dbcff5 |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\charset_normalizer\md__mypyc.cp38-win_amd64.pyd
| MD5 | 0bacf957fb8cad0d18edca25b5c1b4f3 |
| SHA1 | 43a0b66ccdffe2d9964d90cd4937aae5e1c178b6 |
| SHA256 | 3ff54f72d6dc73bb795e5fb1b6b38831d87d2dc17769a22c37ffd2a11526c08f |
| SHA512 | 26f385bff31f64901c2297f9e27c1e6dbab16cc1d3a61e67ba5ee61eee28b2b6a6bf9d75050426b277d1121aa154b5c3436141bdf4567d5c01d7261a62a6c0c2 |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\charset_normalizer\md.cp38-win_amd64.pyd
| MD5 | c3988e124508410346090e29d84b71ef |
| SHA1 | 5d4dbcd4ea2338b6869bf47d7d03be25705651b6 |
| SHA256 | d700d5aa7a28d5edd81369c1d8739c6f53ad1e3db960454948e1c5d8722f87f4 |
| SHA512 | f50d5ba31c7be1bf1aa2812cca7ecf3794658a038486ab91e481aa4ae60a47c4a016565a892fcf3a6117490472f90a1d42b660a2c390fb241e28258c243b9bf6 |
memory/4164-194-0x00007FF8339D0000-0x00007FF8339DD000-memory.dmp
memory/4164-191-0x00007FF82B420000-0x00007FF82B431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI13282\charset_normalizer\md.cp38-win_amd64.pyd
| MD5 | c3988e124508410346090e29d84b71ef |
| SHA1 | 5d4dbcd4ea2338b6869bf47d7d03be25705651b6 |
| SHA256 | d700d5aa7a28d5edd81369c1d8739c6f53ad1e3db960454948e1c5d8722f87f4 |
| SHA512 | f50d5ba31c7be1bf1aa2812cca7ecf3794658a038486ab91e481aa4ae60a47c4a016565a892fcf3a6117490472f90a1d42b660a2c390fb241e28258c243b9bf6 |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\_queue.pyd
| MD5 | 7a9eab9b45b38b485ad540fcd60fd1c2 |
| SHA1 | 8fc5679207187b8e37f73c3826a0f1cef06bc7d9 |
| SHA256 | 3e97629db46d159db614a2af447a8fcd3cdea807d7bdb8b32adadb372b8ed3ae |
| SHA512 | 1fa6745b5b9444d9afee8e8852b8baf6790c40d6af9c8ace0aa5b5a242c1825cf7eee467515270c55833d11878b1d6e36e67aad3090a2bd7d504f8cc75d3e81d |
memory/4164-188-0x00007FF824250000-0x00007FF824306000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI13282\_hashlib.pyd
| MD5 | 7a323c4fce36ab53da167e4074a68a77 |
| SHA1 | 78a0e1ebbc7b357dbd37fcee32589c4d0dc94dfe |
| SHA256 | 07419b0862edabe485317c199ee61b4de838ec730789b12b8d660b6a1e5aaf76 |
| SHA512 | 8dad82fa63917ff035271e8ed73c9f2ecdf5414e98d48a144f302c68cb16ea6d8dacf4fbfe11458b5d78715089ebaa45cd157ad53fb7989fd2fa81afce39e49a |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\_bz2.pyd
| MD5 | 5f464b4f06dfe3ab504169ffdc7f53ae |
| SHA1 | 2942cf1f492213842d7bb8e8198355d3607b2f3b |
| SHA256 | 0dd68268a9d47ce935ff932c3fe281e7a6d57e9cd424299d05560e56a773ef4b |
| SHA512 | d66c3c238a1ebdfb6f81436f8d0481f3ed8a0ff1212e3efe466d6820e36db50c31dcdb1019e46dcedb753149a6cef3f9485fc232f3dd42b96b7b0604dbad6040 |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\_bz2.pyd
| MD5 | 5f464b4f06dfe3ab504169ffdc7f53ae |
| SHA1 | 2942cf1f492213842d7bb8e8198355d3607b2f3b |
| SHA256 | 0dd68268a9d47ce935ff932c3fe281e7a6d57e9cd424299d05560e56a773ef4b |
| SHA512 | d66c3c238a1ebdfb6f81436f8d0481f3ed8a0ff1212e3efe466d6820e36db50c31dcdb1019e46dcedb753149a6cef3f9485fc232f3dd42b96b7b0604dbad6040 |
memory/4164-203-0x00007FF823C70000-0x00007FF823C94000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI13282\_lzma.pyd
| MD5 | 6cf80dca091dad17790a6b1af4e85381 |
| SHA1 | bcb4052a4f960b429eb9db019734fc00b41c4427 |
| SHA256 | 2b41390d1bffa9c5b7018bc0544b0a2c188ecb9b00ebc56df5a864dc47e32697 |
| SHA512 | da00f86c7a4168fa46faec79605831d26e4c86dd1d009b89f5087ac756bdfc32e0c036471639131eb881bcc53b8f1f92d947f3ef47f3dc7e56bb2e99d1357cf3 |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\_lzma.pyd
| MD5 | 6cf80dca091dad17790a6b1af4e85381 |
| SHA1 | bcb4052a4f960b429eb9db019734fc00b41c4427 |
| SHA256 | 2b41390d1bffa9c5b7018bc0544b0a2c188ecb9b00ebc56df5a864dc47e32697 |
| SHA512 | da00f86c7a4168fa46faec79605831d26e4c86dd1d009b89f5087ac756bdfc32e0c036471639131eb881bcc53b8f1f92d947f3ef47f3dc7e56bb2e99d1357cf3 |
memory/4164-206-0x00007FF823B50000-0x00007FF823C62000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI13282\dearpygui\_dearpygui.pyd
| MD5 | daf684cb065ff66b470453f1aee06e68 |
| SHA1 | c96fd8d2e4e2b1e163d1470c37764340ef4226f5 |
| SHA256 | 9ffe47ace8f41c52b017f4259cd522e3b85bb83b2b8b133c1a9b20118112a113 |
| SHA512 | 7c9ab17aeb7311faaa4a499210a641b84b194ef48d06a97af89e60b3ab331c941327c745264ab325438f4be09df0820b45ea2de4941f3374481d8a42c7c3d059 |
memory/4164-208-0x00007FF833530000-0x00007FF83353B000-memory.dmp
memory/4164-207-0x00007FF823B30000-0x00007FF823B4C000-memory.dmp
memory/4164-209-0x00007FF8237D0000-0x00007FF8237FE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI13282\dearpygui\_dearpygui.pyd
| MD5 | daf684cb065ff66b470453f1aee06e68 |
| SHA1 | c96fd8d2e4e2b1e163d1470c37764340ef4226f5 |
| SHA256 | 9ffe47ace8f41c52b017f4259cd522e3b85bb83b2b8b133c1a9b20118112a113 |
| SHA512 | 7c9ab17aeb7311faaa4a499210a641b84b194ef48d06a97af89e60b3ab331c941327c745264ab325438f4be09df0820b45ea2de4941f3374481d8a42c7c3d059 |
memory/4164-213-0x00007FF824680000-0x00007FF824AC5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI13282\dearpygui\VCRUNTIME140_1.dll
| MD5 | ab03551e4ef279abed2d8c4b25f35bb8 |
| SHA1 | 09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e |
| SHA256 | f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44 |
| SHA512 | 0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909 |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\dearpygui\VCRUNTIME140_1.dll
| MD5 | ab03551e4ef279abed2d8c4b25f35bb8 |
| SHA1 | 09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e |
| SHA256 | f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44 |
| SHA512 | 0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909 |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\MSVCP140.dll
| MD5 | 1ba6d1cf0508775096f9e121a24e5863 |
| SHA1 | df552810d779476610da3c8b956cc921ed6c91ae |
| SHA256 | 74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823 |
| SHA512 | 9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\dearpygui\VCRUNTIME140_1.dll
| MD5 | ab03551e4ef279abed2d8c4b25f35bb8 |
| SHA1 | 09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e |
| SHA256 | f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44 |
| SHA512 | 0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909 |
memory/4164-216-0x00007FF82ADB0000-0x00007FF82ADD7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI13282\MSVCP140.dll
| MD5 | 1ba6d1cf0508775096f9e121a24e5863 |
| SHA1 | df552810d779476610da3c8b956cc921ed6c91ae |
| SHA256 | 74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823 |
| SHA512 | 9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\certifi\cacert.pem
| MD5 | 8d0619bfe30deadf6f21196f0f8d53d3 |
| SHA1 | e7abd65a8ccafeff6caf6a2ff98d27d24d87c9ad |
| SHA256 | b301535dca491d9814ea28faa320ac7a19d0f5d94237996fa0a3b5a936432514 |
| SHA512 | 5a88e4a06b98832aaa9bbb89e382f6c7e9b65c5ecba48de8f4ff1fa58bb06a74b9c2f6b2ec185c2a306cb0b5d68d0b28d74b323432a0b2953d8dfc29fed920d7 |
memory/4164-218-0x00007FF8227C0000-0x00007FF8233BF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI13282\bg.png
| MD5 | 8f2f2fc27950af93656697fbf88944fd |
| SHA1 | c3968809e5980294b259f578b7f3d5624461d206 |
| SHA256 | 70ad6851bb512cdb708d0669f281359b0382441e4d8d00a9309dd04c80419ba9 |
| SHA512 | ae5c497e9887d88a810a5c00c6f30b157d35d76af1cfc3dd827c2b3bbeda9303b065d6494db31395f7eadc770259fedae9def26c5fc127469e7457cbef620128 |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\IB.ttf
| MD5 | 97decd2b78e0890e270894d96efe328f |
| SHA1 | 70239218a723b0b34643b62faad0387c205ecac2 |
| SHA256 | 56419e845e9eb0d8d3cd5c860dcbc23eb24fed38674878a89e6e82f2529c711b |
| SHA512 | f32ac87b46260f76c9ae6aeff733ae5bfbc44fe997333e5f73e2cf958bdf1ce1461b284aed817f17fed09550e9419351cf5561ef9263264239301926a37eef22 |
C:\Users\Admin\AppData\Local\Temp\_MEI13282\semen.ttf
| MD5 | 8d63a82f5fc6d6eba21050dd9111520d |
| SHA1 | 03f5c0ff412bc0aac7ef2c1e19edcbdd9b06a609 |
| SHA256 | 69b1af837d101ab90b003d61d4ccc5e5320a6dcaefeb69906fa31c01a06e5837 |
| SHA512 | 7ab78f5da477103cd0b860668fa4ddf252775adcab732de61c1e5cf89fedaa8c8043aeadca1a0b325756b437748bf8bec07f70dba111e108c22bd90e9041cfe9 |
memory/4164-225-0x00007FF833560000-0x00007FF83357A000-memory.dmp
memory/4164-226-0x00007FF8258F0000-0x00007FF82591D000-memory.dmp
memory/4164-227-0x00000271C1DD0000-0x00000271C213F000-memory.dmp
memory/4164-228-0x00007FF823CA0000-0x00007FF82400F000-memory.dmp
memory/4164-229-0x00007FF824250000-0x00007FF824306000-memory.dmp
memory/4164-230-0x00007FF824680000-0x00007FF824AC5000-memory.dmp
memory/4164-242-0x00007FF823B50000-0x00007FF823C62000-memory.dmp
memory/4164-245-0x00007FF8227C0000-0x00007FF8233BF000-memory.dmp
memory/4164-246-0x00007FF8227C0000-0x00007FF8233BF000-memory.dmp
memory/4164-247-0x00007FF824680000-0x00007FF824AC5000-memory.dmp
memory/4164-262-0x00007FF8227C0000-0x00007FF8233BF000-memory.dmp
memory/4164-263-0x00007FF824680000-0x00007FF824AC5000-memory.dmp
memory/4164-278-0x00007FF8227C0000-0x00007FF8233BF000-memory.dmp
memory/4164-279-0x00007FF824680000-0x00007FF824AC5000-memory.dmp
memory/4164-294-0x00007FF8227C0000-0x00007FF8233BF000-memory.dmp