Malware Analysis Report

2024-11-30 13:06

Sample ID 230724-1xqtnahh3y
Target Ocean.exe
SHA256 4479ecf339918676ca7d443c207be60f891b3420542f293668f9fe303940b1dc
Tags
pyinstaller upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4479ecf339918676ca7d443c207be60f891b3420542f293668f9fe303940b1dc

Threat Level: Shows suspicious behavior

The file Ocean.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller upx

Loads dropped DLL

UPX packed file

Detects Pyinstaller

Unsigned PE

Program crash

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-07-24 22:02

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-07-24 22:02

Reported

2023-07-24 22:04

Platform

win7-20230712-en

Max time kernel

140s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Ocean.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Ocean.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Ocean.exe

"C:\Users\Admin\AppData\Local\Temp\Ocean.exe"

C:\Users\Admin\AppData\Local\Temp\Ocean.exe

"C:\Users\Admin\AppData\Local\Temp\Ocean.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2168 -s 492

Network

Country Destination Domain Proto
US 8.8.8.8:53 anticheat.site udp
US 172.67.163.206:443 anticheat.site tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI21842\python38.dll

MD5 7ab78070ca047f134156169c60cca0a3
SHA1 f3fe769a202936d4c533a643f9a8b7cbdda61ca4
SHA256 c57bd27215609eca66bea7f88f4b5ce3bf39486dfdbab7d5c684270507627d22
SHA512 2f3cd43beb3e0e1ea1581337289566159a707f3314852dc88c0353a65dd4a6d549aac1ea66974893ec99a3c1e28b932d7d3ab9e612d102cb6211772f594181f1

\Users\Admin\AppData\Local\Temp\_MEI21842\python38.dll

MD5 7ab78070ca047f134156169c60cca0a3
SHA1 f3fe769a202936d4c533a643f9a8b7cbdda61ca4
SHA256 c57bd27215609eca66bea7f88f4b5ce3bf39486dfdbab7d5c684270507627d22
SHA512 2f3cd43beb3e0e1ea1581337289566159a707f3314852dc88c0353a65dd4a6d549aac1ea66974893ec99a3c1e28b932d7d3ab9e612d102cb6211772f594181f1

memory/2168-82-0x000007FEF5A60000-0x000007FEF5EA5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI21842\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

\Users\Admin\AppData\Local\Temp\_MEI21842\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI21842\base_library.zip

MD5 ffdfd8182d9d13d60579265b9f75b47d
SHA1 a10f0311f56ad8779f7f9d427e4898973b02c211
SHA256 1e8b6d77d6f9c3c42f2b82a4eccf47ecb3ee02cf518008598722c94c32f9eac0
SHA512 e51cf25721bd402b8cd62f289a7a4253e28172788a07780bb8e30184e9abf848420a7d12f8636ee379cb4f7b7b68db59751efddb152aa4a291aa3f3c4ef169f8

C:\Users\Admin\AppData\Local\Temp\_MEI21842\_ctypes.pyd

MD5 332d773008e12399ab98d085cd60c583
SHA1 c3aa78e9ba7732b989a3cab996e63791eaf46a7f
SHA256 19b813bcd356f37e73fe7d367051eb0bd901f2bd14ca8ad4662b1503b1459cea
SHA512 381c2083ccfdb39f3986060b21ff168ee87cfafc4ad53b34de3ae473a4fc0204615af87e9ee69407d07528064c7b2a7d9f23a94939de0e26c614169b8cc418aa

\Users\Admin\AppData\Local\Temp\_MEI21842\_ctypes.pyd

MD5 332d773008e12399ab98d085cd60c583
SHA1 c3aa78e9ba7732b989a3cab996e63791eaf46a7f
SHA256 19b813bcd356f37e73fe7d367051eb0bd901f2bd14ca8ad4662b1503b1459cea
SHA512 381c2083ccfdb39f3986060b21ff168ee87cfafc4ad53b34de3ae473a4fc0204615af87e9ee69407d07528064c7b2a7d9f23a94939de0e26c614169b8cc418aa

memory/2168-88-0x000007FEF73F0000-0x000007FEF7417000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI21842\libffi-7.dll

MD5 6f818913fafe8e4df7fedc46131f201f
SHA1 bbb7ba3edbd4783f7f973d97b0b568cc69cadac5
SHA256 3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56
SHA512 5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639

memory/2168-91-0x000007FEF73E0000-0x000007FEF73EF000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI21842\libffi-7.dll

MD5 6f818913fafe8e4df7fedc46131f201f
SHA1 bbb7ba3edbd4783f7f973d97b0b568cc69cadac5
SHA256 3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56
SHA512 5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639

C:\Users\Admin\AppData\Local\Temp\_MEI21842\_socket.pyd

MD5 15a40afe3a6a996da1ed9c9eb13362b8
SHA1 fb7a8827fd244642a1bda9e863e8a1137a791554
SHA256 55c9f10d31037738da2110bb88074cf4b6d65e256c9411560000330ed27704c1
SHA512 f75213237180fe0395908f5e272217f8287a19083a00d23c5934061f27e07e00b5130ccd44453c2633b2406433d3e537f45923e4712ef420bb60cc9307030990

\Users\Admin\AppData\Local\Temp\_MEI21842\_socket.pyd

MD5 15a40afe3a6a996da1ed9c9eb13362b8
SHA1 fb7a8827fd244642a1bda9e863e8a1137a791554
SHA256 55c9f10d31037738da2110bb88074cf4b6d65e256c9411560000330ed27704c1
SHA512 f75213237180fe0395908f5e272217f8287a19083a00d23c5934061f27e07e00b5130ccd44453c2633b2406433d3e537f45923e4712ef420bb60cc9307030990

memory/2168-94-0x000007FEF73C0000-0x000007FEF73DA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI21842\select.pyd

MD5 bfce179b385145f6c0cb73aac30318c1
SHA1 ff59ab14cbeb00a9c68369d998b101102673b6e2
SHA256 04f0936ec038ff18927b5def896db658b64f6dc9e6275e6ad03a7436d4f9a80a
SHA512 a82ed3398c4f1c0d0ab8a5f5e75735d6d05d6f02c9b0a97edb478482a0f3bee0f49fea35c5afdfe373c33ade510d0ebff8dd02b0131d961be7e5b5ddcbfdb88f

\Users\Admin\AppData\Local\Temp\_MEI21842\select.pyd

MD5 bfce179b385145f6c0cb73aac30318c1
SHA1 ff59ab14cbeb00a9c68369d998b101102673b6e2
SHA256 04f0936ec038ff18927b5def896db658b64f6dc9e6275e6ad03a7436d4f9a80a
SHA512 a82ed3398c4f1c0d0ab8a5f5e75735d6d05d6f02c9b0a97edb478482a0f3bee0f49fea35c5afdfe373c33ade510d0ebff8dd02b0131d961be7e5b5ddcbfdb88f

memory/2168-97-0x000007FEF73B0000-0x000007FEF73BD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI21842\_ssl.pyd

MD5 a61613b2a31fb6c1d0f11a2ab42c3a9e
SHA1 a51069c3aeb3c7c8d802cf076005b1c1717ca12a
SHA256 1b39eac9d666211e670e37420d9fd43516695e7ef53832f4dbd86b6e97fc9bf3
SHA512 a35283c7fb47e79580917252cb08329c5f302a77322ffd8a0fe5cd8c081130c5fa28c5e7eb3d7eb8c6d0dca25a7d423cb303ab2ec82296eac41c91e38369ccaf

C:\Users\Admin\AppData\Local\Temp\_MEI21842\libcrypto-1_1.dll

MD5 eb33b1a0a12a1bfcb69fd2467f5c6b8c
SHA1 d30782a6bed3fd889846787d733d14519d757808
SHA256 e631bfe0b26a864f61311a03bf1f0819abdffc7bc00d14d263714f934a085069
SHA512 bee2412914003ad4697d6a22cfe7550de0e13c2a16dc5c8c1528ce361a84f987e8d43f58f0eabdacf6a09a01f7edf04b310dce41f02c4e809b04446d8dff40e2

memory/2168-101-0x000007FEF7380000-0x000007FEF73AD000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI21842\_ssl.pyd

MD5 a61613b2a31fb6c1d0f11a2ab42c3a9e
SHA1 a51069c3aeb3c7c8d802cf076005b1c1717ca12a
SHA256 1b39eac9d666211e670e37420d9fd43516695e7ef53832f4dbd86b6e97fc9bf3
SHA512 a35283c7fb47e79580917252cb08329c5f302a77322ffd8a0fe5cd8c081130c5fa28c5e7eb3d7eb8c6d0dca25a7d423cb303ab2ec82296eac41c91e38369ccaf

\Users\Admin\AppData\Local\Temp\_MEI21842\libcrypto-1_1.dll

MD5 eb33b1a0a12a1bfcb69fd2467f5c6b8c
SHA1 d30782a6bed3fd889846787d733d14519d757808
SHA256 e631bfe0b26a864f61311a03bf1f0819abdffc7bc00d14d263714f934a085069
SHA512 bee2412914003ad4697d6a22cfe7550de0e13c2a16dc5c8c1528ce361a84f987e8d43f58f0eabdacf6a09a01f7edf04b310dce41f02c4e809b04446d8dff40e2

memory/2168-103-0x000007FEF56F0000-0x000007FEF5A5F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI21842\libssl-1_1.dll

MD5 88803aac099cccf4af3496bfabdc8865
SHA1 3eee4e685e0084f13935870be3e2c7dddb1975e4
SHA256 c524b961d036c9e95ae4d9e40e8b4f897a4f0772cf1d78ac0287af84fe918cad
SHA512 50bd41771e50e9c20ad871be9433f6e88c3cd799a6f64d7ad19265228468a8572904ec2d9b3b8ff053b23230ec1326a175df09cb0380e60d8efdd11ab446f8fd

\Users\Admin\AppData\Local\Temp\_MEI21842\libssl-1_1.dll

MD5 88803aac099cccf4af3496bfabdc8865
SHA1 3eee4e685e0084f13935870be3e2c7dddb1975e4
SHA256 c524b961d036c9e95ae4d9e40e8b4f897a4f0772cf1d78ac0287af84fe918cad
SHA512 50bd41771e50e9c20ad871be9433f6e88c3cd799a6f64d7ad19265228468a8572904ec2d9b3b8ff053b23230ec1326a175df09cb0380e60d8efdd11ab446f8fd

memory/2168-106-0x000007FEF6540000-0x000007FEF65F6000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI21842\_hashlib.pyd

MD5 7a323c4fce36ab53da167e4074a68a77
SHA1 78a0e1ebbc7b357dbd37fcee32589c4d0dc94dfe
SHA256 07419b0862edabe485317c199ee61b4de838ec730789b12b8d660b6a1e5aaf76
SHA512 8dad82fa63917ff035271e8ed73c9f2ecdf5414e98d48a144f302c68cb16ea6d8dacf4fbfe11458b5d78715089ebaa45cd157ad53fb7989fd2fa81afce39e49a

C:\Users\Admin\AppData\Local\Temp\_MEI21842\_hashlib.pyd

MD5 7a323c4fce36ab53da167e4074a68a77
SHA1 78a0e1ebbc7b357dbd37fcee32589c4d0dc94dfe
SHA256 07419b0862edabe485317c199ee61b4de838ec730789b12b8d660b6a1e5aaf76
SHA512 8dad82fa63917ff035271e8ed73c9f2ecdf5414e98d48a144f302c68cb16ea6d8dacf4fbfe11458b5d78715089ebaa45cd157ad53fb7989fd2fa81afce39e49a

\Users\Admin\AppData\Local\Temp\_MEI21842\_queue.pyd

MD5 7a9eab9b45b38b485ad540fcd60fd1c2
SHA1 8fc5679207187b8e37f73c3826a0f1cef06bc7d9
SHA256 3e97629db46d159db614a2af447a8fcd3cdea807d7bdb8b32adadb372b8ed3ae
SHA512 1fa6745b5b9444d9afee8e8852b8baf6790c40d6af9c8ace0aa5b5a242c1825cf7eee467515270c55833d11878b1d6e36e67aad3090a2bd7d504f8cc75d3e81d

C:\Users\Admin\AppData\Local\Temp\_MEI21842\_queue.pyd

MD5 7a9eab9b45b38b485ad540fcd60fd1c2
SHA1 8fc5679207187b8e37f73c3826a0f1cef06bc7d9
SHA256 3e97629db46d159db614a2af447a8fcd3cdea807d7bdb8b32adadb372b8ed3ae
SHA512 1fa6745b5b9444d9afee8e8852b8baf6790c40d6af9c8ace0aa5b5a242c1825cf7eee467515270c55833d11878b1d6e36e67aad3090a2bd7d504f8cc75d3e81d

memory/2168-109-0x000007FEF6520000-0x000007FEF6531000-memory.dmp

memory/2168-112-0x000007FEF7360000-0x000007FEF736D000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI21842\charset_normalizer\md.cp38-win_amd64.pyd

MD5 c3988e124508410346090e29d84b71ef
SHA1 5d4dbcd4ea2338b6869bf47d7d03be25705651b6
SHA256 d700d5aa7a28d5edd81369c1d8739c6f53ad1e3db960454948e1c5d8722f87f4
SHA512 f50d5ba31c7be1bf1aa2812cca7ecf3794658a038486ab91e481aa4ae60a47c4a016565a892fcf3a6117490472f90a1d42b660a2c390fb241e28258c243b9bf6

C:\Users\Admin\AppData\Local\Temp\_MEI21842\charset_normalizer\md.cp38-win_amd64.pyd

MD5 c3988e124508410346090e29d84b71ef
SHA1 5d4dbcd4ea2338b6869bf47d7d03be25705651b6
SHA256 d700d5aa7a28d5edd81369c1d8739c6f53ad1e3db960454948e1c5d8722f87f4
SHA512 f50d5ba31c7be1bf1aa2812cca7ecf3794658a038486ab91e481aa4ae60a47c4a016565a892fcf3a6117490472f90a1d42b660a2c390fb241e28258c243b9bf6

memory/2168-117-0x000007FEF5A60000-0x000007FEF5EA5000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI21842\charset_normalizer\md__mypyc.cp38-win_amd64.pyd

MD5 0bacf957fb8cad0d18edca25b5c1b4f3
SHA1 43a0b66ccdffe2d9964d90cd4937aae5e1c178b6
SHA256 3ff54f72d6dc73bb795e5fb1b6b38831d87d2dc17769a22c37ffd2a11526c08f
SHA512 26f385bff31f64901c2297f9e27c1e6dbab16cc1d3a61e67ba5ee61eee28b2b6a6bf9d75050426b277d1121aa154b5c3436141bdf4567d5c01d7261a62a6c0c2

C:\Users\Admin\AppData\Local\Temp\_MEI21842\charset_normalizer\md__mypyc.cp38-win_amd64.pyd

MD5 0bacf957fb8cad0d18edca25b5c1b4f3
SHA1 43a0b66ccdffe2d9964d90cd4937aae5e1c178b6
SHA256 3ff54f72d6dc73bb795e5fb1b6b38831d87d2dc17769a22c37ffd2a11526c08f
SHA512 26f385bff31f64901c2297f9e27c1e6dbab16cc1d3a61e67ba5ee61eee28b2b6a6bf9d75050426b277d1121aa154b5c3436141bdf4567d5c01d7261a62a6c0c2

memory/2168-119-0x000007FEF56E0000-0x000007FEF56EB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI21842\unicodedata.pyd

MD5 f9486e61971743562e9cdfac3b26b9b8
SHA1 827cc385d614535a17c37a899017e95abee90384
SHA256 d35630ac31c32ceb5098eb2e63b029ebee37167c6da320f07574a244a8336554
SHA512 5bac1699c2b11fba9a25112672dc30f2dd7a1058161066939667f467470cddacf6e8ddbb0afaab0395bcbffe67743231640cd70acb9dcad2645743f5f0dbcff5

memory/2168-120-0x000007FEF56B0000-0x000007FEF56D4000-memory.dmp

memory/2168-121-0x000007FEF73F0000-0x000007FEF7417000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI21842\unicodedata.pyd

MD5 f9486e61971743562e9cdfac3b26b9b8
SHA1 827cc385d614535a17c37a899017e95abee90384
SHA256 d35630ac31c32ceb5098eb2e63b029ebee37167c6da320f07574a244a8336554
SHA512 5bac1699c2b11fba9a25112672dc30f2dd7a1058161066939667f467470cddacf6e8ddbb0afaab0395bcbffe67743231640cd70acb9dcad2645743f5f0dbcff5

memory/2168-123-0x000007FEF73E0000-0x000007FEF73EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI21842\_bz2.pyd

MD5 5f464b4f06dfe3ab504169ffdc7f53ae
SHA1 2942cf1f492213842d7bb8e8198355d3607b2f3b
SHA256 0dd68268a9d47ce935ff932c3fe281e7a6d57e9cd424299d05560e56a773ef4b
SHA512 d66c3c238a1ebdfb6f81436f8d0481f3ed8a0ff1212e3efe466d6820e36db50c31dcdb1019e46dcedb753149a6cef3f9485fc232f3dd42b96b7b0604dbad6040

\Users\Admin\AppData\Local\Temp\_MEI21842\_bz2.pyd

MD5 5f464b4f06dfe3ab504169ffdc7f53ae
SHA1 2942cf1f492213842d7bb8e8198355d3607b2f3b
SHA256 0dd68268a9d47ce935ff932c3fe281e7a6d57e9cd424299d05560e56a773ef4b
SHA512 d66c3c238a1ebdfb6f81436f8d0481f3ed8a0ff1212e3efe466d6820e36db50c31dcdb1019e46dcedb753149a6cef3f9485fc232f3dd42b96b7b0604dbad6040

memory/2168-127-0x000007FEF5590000-0x000007FEF56A2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI21842\_lzma.pyd

MD5 6cf80dca091dad17790a6b1af4e85381
SHA1 bcb4052a4f960b429eb9db019734fc00b41c4427
SHA256 2b41390d1bffa9c5b7018bc0544b0a2c188ecb9b00ebc56df5a864dc47e32697
SHA512 da00f86c7a4168fa46faec79605831d26e4c86dd1d009b89f5087ac756bdfc32e0c036471639131eb881bcc53b8f1f92d947f3ef47f3dc7e56bb2e99d1357cf3

memory/2168-128-0x000007FEF5570000-0x000007FEF558C000-memory.dmp

memory/2168-129-0x000007FEF73C0000-0x000007FEF73DA000-memory.dmp

memory/2168-131-0x000007FEF5540000-0x000007FEF556E000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI21842\_lzma.pyd

MD5 6cf80dca091dad17790a6b1af4e85381
SHA1 bcb4052a4f960b429eb9db019734fc00b41c4427
SHA256 2b41390d1bffa9c5b7018bc0544b0a2c188ecb9b00ebc56df5a864dc47e32697
SHA512 da00f86c7a4168fa46faec79605831d26e4c86dd1d009b89f5087ac756bdfc32e0c036471639131eb881bcc53b8f1f92d947f3ef47f3dc7e56bb2e99d1357cf3

C:\Users\Admin\AppData\Local\Temp\_MEI21842\dearpygui\_dearpygui.pyd

MD5 daf684cb065ff66b470453f1aee06e68
SHA1 c96fd8d2e4e2b1e163d1470c37764340ef4226f5
SHA256 9ffe47ace8f41c52b017f4259cd522e3b85bb83b2b8b133c1a9b20118112a113
SHA512 7c9ab17aeb7311faaa4a499210a641b84b194ef48d06a97af89e60b3ab331c941327c745264ab325438f4be09df0820b45ea2de4941f3374481d8a42c7c3d059

\Users\Admin\AppData\Local\Temp\_MEI21842\dearpygui\_dearpygui.pyd

MD5 daf684cb065ff66b470453f1aee06e68
SHA1 c96fd8d2e4e2b1e163d1470c37764340ef4226f5
SHA256 9ffe47ace8f41c52b017f4259cd522e3b85bb83b2b8b133c1a9b20118112a113
SHA512 7c9ab17aeb7311faaa4a499210a641b84b194ef48d06a97af89e60b3ab331c941327c745264ab325438f4be09df0820b45ea2de4941f3374481d8a42c7c3d059

memory/2168-134-0x000007FEF7380000-0x000007FEF73AD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI21842\MSVCP140.dll

MD5 1ba6d1cf0508775096f9e121a24e5863
SHA1 df552810d779476610da3c8b956cc921ed6c91ae
SHA256 74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823
SHA512 9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af

\Users\Admin\AppData\Local\Temp\_MEI21842\MSVCP140.dll

MD5 1ba6d1cf0508775096f9e121a24e5863
SHA1 df552810d779476610da3c8b956cc921ed6c91ae
SHA256 74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823
SHA512 9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af

C:\Users\Admin\AppData\Local\Temp\_MEI21842\dearpygui\VCRUNTIME140_1.dll

MD5 ab03551e4ef279abed2d8c4b25f35bb8
SHA1 09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e
SHA256 f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44
SHA512 0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909

memory/2168-138-0x000007FEF4940000-0x000007FEF553F000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI21842\dearpygui\VCRUNTIME140_1.dll

MD5 ab03551e4ef279abed2d8c4b25f35bb8
SHA1 09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e
SHA256 f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44
SHA512 0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909

C:\Users\Admin\AppData\Local\Temp\_MEI21842\certifi\cacert.pem

MD5 8d0619bfe30deadf6f21196f0f8d53d3
SHA1 e7abd65a8ccafeff6caf6a2ff98d27d24d87c9ad
SHA256 b301535dca491d9814ea28faa320ac7a19d0f5d94237996fa0a3b5a936432514
SHA512 5a88e4a06b98832aaa9bbb89e382f6c7e9b65c5ecba48de8f4ff1fa58bb06a74b9c2f6b2ec185c2a306cb0b5d68d0b28d74b323432a0b2953d8dfc29fed920d7

memory/2168-141-0x000007FEF56F0000-0x000007FEF5A5F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI21842\semen.ttf

MD5 8d63a82f5fc6d6eba21050dd9111520d
SHA1 03f5c0ff412bc0aac7ef2c1e19edcbdd9b06a609
SHA256 69b1af837d101ab90b003d61d4ccc5e5320a6dcaefeb69906fa31c01a06e5837
SHA512 7ab78f5da477103cd0b860668fa4ddf252775adcab732de61c1e5cf89fedaa8c8043aeadca1a0b325756b437748bf8bec07f70dba111e108c22bd90e9041cfe9

C:\Users\Admin\AppData\Local\Temp\_MEI21842\bg.png

MD5 8f2f2fc27950af93656697fbf88944fd
SHA1 c3968809e5980294b259f578b7f3d5624461d206
SHA256 70ad6851bb512cdb708d0669f281359b0382441e4d8d00a9309dd04c80419ba9
SHA512 ae5c497e9887d88a810a5c00c6f30b157d35d76af1cfc3dd827c2b3bbeda9303b065d6494db31395f7eadc770259fedae9def26c5fc127469e7457cbef620128

C:\Users\Admin\AppData\Local\Temp\_MEI21842\IB.ttf

MD5 97decd2b78e0890e270894d96efe328f
SHA1 70239218a723b0b34643b62faad0387c205ecac2
SHA256 56419e845e9eb0d8d3cd5c860dcbc23eb24fed38674878a89e6e82f2529c711b
SHA512 f32ac87b46260f76c9ae6aeff733ae5bfbc44fe997333e5f73e2cf958bdf1ce1461b284aed817f17fed09550e9419351cf5561ef9263264239301926a37eef22

memory/2168-147-0x000007FEF6540000-0x000007FEF65F6000-memory.dmp

memory/2168-148-0x000007FEF6520000-0x000007FEF6531000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI21842\dearpygui\_dearpygui.pyd

MD5 daf684cb065ff66b470453f1aee06e68
SHA1 c96fd8d2e4e2b1e163d1470c37764340ef4226f5
SHA256 9ffe47ace8f41c52b017f4259cd522e3b85bb83b2b8b133c1a9b20118112a113
SHA512 7c9ab17aeb7311faaa4a499210a641b84b194ef48d06a97af89e60b3ab331c941327c745264ab325438f4be09df0820b45ea2de4941f3374481d8a42c7c3d059

memory/2168-150-0x000007FEF56B0000-0x000007FEF56D4000-memory.dmp

memory/2168-151-0x000007FEF5A60000-0x000007FEF5EA5000-memory.dmp

memory/2168-156-0x000007FEF7380000-0x000007FEF73AD000-memory.dmp

memory/2168-157-0x000007FEF56F0000-0x000007FEF5A5F000-memory.dmp

memory/2168-163-0x000007FEF5590000-0x000007FEF56A2000-memory.dmp

memory/2168-165-0x000007FEF5540000-0x000007FEF556E000-memory.dmp

memory/2168-166-0x000007FEF4940000-0x000007FEF553F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-07-24 22:02

Reported

2023-07-24 22:04

Platform

win10v2004-20230703-en

Max time kernel

143s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Ocean.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ocean.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ocean.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1328 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\Ocean.exe C:\Users\Admin\AppData\Local\Temp\Ocean.exe
PID 1328 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\Ocean.exe C:\Users\Admin\AppData\Local\Temp\Ocean.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Ocean.exe

"C:\Users\Admin\AppData\Local\Temp\Ocean.exe"

C:\Users\Admin\AppData\Local\Temp\Ocean.exe

"C:\Users\Admin\AppData\Local\Temp\Ocean.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 anticheat.site udp
US 172.67.163.206:443 anticheat.site tcp
US 8.8.8.8:53 206.163.67.172.in-addr.arpa udp
US 8.8.8.8:53 76.214.17.2.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 126.50.247.8.in-addr.arpa udp
US 8.8.8.8:53 254.209.247.8.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 76.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI13282\python38.dll

MD5 7ab78070ca047f134156169c60cca0a3
SHA1 f3fe769a202936d4c533a643f9a8b7cbdda61ca4
SHA256 c57bd27215609eca66bea7f88f4b5ce3bf39486dfdbab7d5c684270507627d22
SHA512 2f3cd43beb3e0e1ea1581337289566159a707f3314852dc88c0353a65dd4a6d549aac1ea66974893ec99a3c1e28b932d7d3ab9e612d102cb6211772f594181f1

C:\Users\Admin\AppData\Local\Temp\_MEI13282\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI13282\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI13282\python38.dll

MD5 7ab78070ca047f134156169c60cca0a3
SHA1 f3fe769a202936d4c533a643f9a8b7cbdda61ca4
SHA256 c57bd27215609eca66bea7f88f4b5ce3bf39486dfdbab7d5c684270507627d22
SHA512 2f3cd43beb3e0e1ea1581337289566159a707f3314852dc88c0353a65dd4a6d549aac1ea66974893ec99a3c1e28b932d7d3ab9e612d102cb6211772f594181f1

memory/4164-163-0x00007FF824680000-0x00007FF824AC5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI13282\base_library.zip

MD5 ffdfd8182d9d13d60579265b9f75b47d
SHA1 a10f0311f56ad8779f7f9d427e4898973b02c211
SHA256 1e8b6d77d6f9c3c42f2b82a4eccf47ecb3ee02cf518008598722c94c32f9eac0
SHA512 e51cf25721bd402b8cd62f289a7a4253e28172788a07780bb8e30184e9abf848420a7d12f8636ee379cb4f7b7b68db59751efddb152aa4a291aa3f3c4ef169f8

C:\Users\Admin\AppData\Local\Temp\_MEI13282\_ctypes.pyd

MD5 332d773008e12399ab98d085cd60c583
SHA1 c3aa78e9ba7732b989a3cab996e63791eaf46a7f
SHA256 19b813bcd356f37e73fe7d367051eb0bd901f2bd14ca8ad4662b1503b1459cea
SHA512 381c2083ccfdb39f3986060b21ff168ee87cfafc4ad53b34de3ae473a4fc0204615af87e9ee69407d07528064c7b2a7d9f23a94939de0e26c614169b8cc418aa

C:\Users\Admin\AppData\Local\Temp\_MEI13282\_ctypes.pyd

MD5 332d773008e12399ab98d085cd60c583
SHA1 c3aa78e9ba7732b989a3cab996e63791eaf46a7f
SHA256 19b813bcd356f37e73fe7d367051eb0bd901f2bd14ca8ad4662b1503b1459cea
SHA512 381c2083ccfdb39f3986060b21ff168ee87cfafc4ad53b34de3ae473a4fc0204615af87e9ee69407d07528064c7b2a7d9f23a94939de0e26c614169b8cc418aa

C:\Users\Admin\AppData\Local\Temp\_MEI13282\libffi-7.dll

MD5 6f818913fafe8e4df7fedc46131f201f
SHA1 bbb7ba3edbd4783f7f973d97b0b568cc69cadac5
SHA256 3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56
SHA512 5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639

memory/4164-167-0x00007FF82ADB0000-0x00007FF82ADD7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI13282\libffi-7.dll

MD5 6f818913fafe8e4df7fedc46131f201f
SHA1 bbb7ba3edbd4783f7f973d97b0b568cc69cadac5
SHA256 3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56
SHA512 5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639

memory/4164-170-0x00007FF8381B0000-0x00007FF8381BF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI13282\_socket.pyd

MD5 15a40afe3a6a996da1ed9c9eb13362b8
SHA1 fb7a8827fd244642a1bda9e863e8a1137a791554
SHA256 55c9f10d31037738da2110bb88074cf4b6d65e256c9411560000330ed27704c1
SHA512 f75213237180fe0395908f5e272217f8287a19083a00d23c5934061f27e07e00b5130ccd44453c2633b2406433d3e537f45923e4712ef420bb60cc9307030990

C:\Users\Admin\AppData\Local\Temp\_MEI13282\_socket.pyd

MD5 15a40afe3a6a996da1ed9c9eb13362b8
SHA1 fb7a8827fd244642a1bda9e863e8a1137a791554
SHA256 55c9f10d31037738da2110bb88074cf4b6d65e256c9411560000330ed27704c1
SHA512 f75213237180fe0395908f5e272217f8287a19083a00d23c5934061f27e07e00b5130ccd44453c2633b2406433d3e537f45923e4712ef420bb60cc9307030990

memory/4164-176-0x00007FF833FE0000-0x00007FF833FED000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI13282\select.pyd

MD5 bfce179b385145f6c0cb73aac30318c1
SHA1 ff59ab14cbeb00a9c68369d998b101102673b6e2
SHA256 04f0936ec038ff18927b5def896db658b64f6dc9e6275e6ad03a7436d4f9a80a
SHA512 a82ed3398c4f1c0d0ab8a5f5e75735d6d05d6f02c9b0a97edb478482a0f3bee0f49fea35c5afdfe373c33ade510d0ebff8dd02b0131d961be7e5b5ddcbfdb88f

C:\Users\Admin\AppData\Local\Temp\_MEI13282\select.pyd

MD5 bfce179b385145f6c0cb73aac30318c1
SHA1 ff59ab14cbeb00a9c68369d998b101102673b6e2
SHA256 04f0936ec038ff18927b5def896db658b64f6dc9e6275e6ad03a7436d4f9a80a
SHA512 a82ed3398c4f1c0d0ab8a5f5e75735d6d05d6f02c9b0a97edb478482a0f3bee0f49fea35c5afdfe373c33ade510d0ebff8dd02b0131d961be7e5b5ddcbfdb88f

memory/4164-173-0x00007FF833560000-0x00007FF83357A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI13282\_ssl.pyd

MD5 a61613b2a31fb6c1d0f11a2ab42c3a9e
SHA1 a51069c3aeb3c7c8d802cf076005b1c1717ca12a
SHA256 1b39eac9d666211e670e37420d9fd43516695e7ef53832f4dbd86b6e97fc9bf3
SHA512 a35283c7fb47e79580917252cb08329c5f302a77322ffd8a0fe5cd8c081130c5fa28c5e7eb3d7eb8c6d0dca25a7d423cb303ab2ec82296eac41c91e38369ccaf

C:\Users\Admin\AppData\Local\Temp\_MEI13282\libcrypto-1_1.dll

MD5 eb33b1a0a12a1bfcb69fd2467f5c6b8c
SHA1 d30782a6bed3fd889846787d733d14519d757808
SHA256 e631bfe0b26a864f61311a03bf1f0819abdffc7bc00d14d263714f934a085069
SHA512 bee2412914003ad4697d6a22cfe7550de0e13c2a16dc5c8c1528ce361a84f987e8d43f58f0eabdacf6a09a01f7edf04b310dce41f02c4e809b04446d8dff40e2

C:\Users\Admin\AppData\Local\Temp\_MEI13282\_ssl.pyd

MD5 a61613b2a31fb6c1d0f11a2ab42c3a9e
SHA1 a51069c3aeb3c7c8d802cf076005b1c1717ca12a
SHA256 1b39eac9d666211e670e37420d9fd43516695e7ef53832f4dbd86b6e97fc9bf3
SHA512 a35283c7fb47e79580917252cb08329c5f302a77322ffd8a0fe5cd8c081130c5fa28c5e7eb3d7eb8c6d0dca25a7d423cb303ab2ec82296eac41c91e38369ccaf

memory/4164-181-0x00007FF8258F0000-0x00007FF82591D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI13282\libcrypto-1_1.dll

MD5 eb33b1a0a12a1bfcb69fd2467f5c6b8c
SHA1 d30782a6bed3fd889846787d733d14519d757808
SHA256 e631bfe0b26a864f61311a03bf1f0819abdffc7bc00d14d263714f934a085069
SHA512 bee2412914003ad4697d6a22cfe7550de0e13c2a16dc5c8c1528ce361a84f987e8d43f58f0eabdacf6a09a01f7edf04b310dce41f02c4e809b04446d8dff40e2

C:\Users\Admin\AppData\Local\Temp\_MEI13282\libcrypto-1_1.dll

MD5 eb33b1a0a12a1bfcb69fd2467f5c6b8c
SHA1 d30782a6bed3fd889846787d733d14519d757808
SHA256 e631bfe0b26a864f61311a03bf1f0819abdffc7bc00d14d263714f934a085069
SHA512 bee2412914003ad4697d6a22cfe7550de0e13c2a16dc5c8c1528ce361a84f987e8d43f58f0eabdacf6a09a01f7edf04b310dce41f02c4e809b04446d8dff40e2

C:\Users\Admin\AppData\Local\Temp\_MEI13282\libssl-1_1.dll

MD5 88803aac099cccf4af3496bfabdc8865
SHA1 3eee4e685e0084f13935870be3e2c7dddb1975e4
SHA256 c524b961d036c9e95ae4d9e40e8b4f897a4f0772cf1d78ac0287af84fe918cad
SHA512 50bd41771e50e9c20ad871be9433f6e88c3cd799a6f64d7ad19265228468a8572904ec2d9b3b8ff053b23230ec1326a175df09cb0380e60d8efdd11ab446f8fd

memory/4164-185-0x00000271C1DD0000-0x00000271C213F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI13282\libssl-1_1.dll

MD5 88803aac099cccf4af3496bfabdc8865
SHA1 3eee4e685e0084f13935870be3e2c7dddb1975e4
SHA256 c524b961d036c9e95ae4d9e40e8b4f897a4f0772cf1d78ac0287af84fe918cad
SHA512 50bd41771e50e9c20ad871be9433f6e88c3cd799a6f64d7ad19265228468a8572904ec2d9b3b8ff053b23230ec1326a175df09cb0380e60d8efdd11ab446f8fd

memory/4164-186-0x00007FF823CA0000-0x00007FF82400F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI13282\_queue.pyd

MD5 7a9eab9b45b38b485ad540fcd60fd1c2
SHA1 8fc5679207187b8e37f73c3826a0f1cef06bc7d9
SHA256 3e97629db46d159db614a2af447a8fcd3cdea807d7bdb8b32adadb372b8ed3ae
SHA512 1fa6745b5b9444d9afee8e8852b8baf6790c40d6af9c8ace0aa5b5a242c1825cf7eee467515270c55833d11878b1d6e36e67aad3090a2bd7d504f8cc75d3e81d

C:\Users\Admin\AppData\Local\Temp\_MEI13282\_hashlib.pyd

MD5 7a323c4fce36ab53da167e4074a68a77
SHA1 78a0e1ebbc7b357dbd37fcee32589c4d0dc94dfe
SHA256 07419b0862edabe485317c199ee61b4de838ec730789b12b8d660b6a1e5aaf76
SHA512 8dad82fa63917ff035271e8ed73c9f2ecdf5414e98d48a144f302c68cb16ea6d8dacf4fbfe11458b5d78715089ebaa45cd157ad53fb7989fd2fa81afce39e49a

C:\Users\Admin\AppData\Local\Temp\_MEI13282\charset_normalizer\md__mypyc.cp38-win_amd64.pyd

MD5 0bacf957fb8cad0d18edca25b5c1b4f3
SHA1 43a0b66ccdffe2d9964d90cd4937aae5e1c178b6
SHA256 3ff54f72d6dc73bb795e5fb1b6b38831d87d2dc17769a22c37ffd2a11526c08f
SHA512 26f385bff31f64901c2297f9e27c1e6dbab16cc1d3a61e67ba5ee61eee28b2b6a6bf9d75050426b277d1121aa154b5c3436141bdf4567d5c01d7261a62a6c0c2

C:\Users\Admin\AppData\Local\Temp\_MEI13282\unicodedata.pyd

MD5 f9486e61971743562e9cdfac3b26b9b8
SHA1 827cc385d614535a17c37a899017e95abee90384
SHA256 d35630ac31c32ceb5098eb2e63b029ebee37167c6da320f07574a244a8336554
SHA512 5bac1699c2b11fba9a25112672dc30f2dd7a1058161066939667f467470cddacf6e8ddbb0afaab0395bcbffe67743231640cd70acb9dcad2645743f5f0dbcff5

C:\Users\Admin\AppData\Local\Temp\_MEI13282\unicodedata.pyd

MD5 f9486e61971743562e9cdfac3b26b9b8
SHA1 827cc385d614535a17c37a899017e95abee90384
SHA256 d35630ac31c32ceb5098eb2e63b029ebee37167c6da320f07574a244a8336554
SHA512 5bac1699c2b11fba9a25112672dc30f2dd7a1058161066939667f467470cddacf6e8ddbb0afaab0395bcbffe67743231640cd70acb9dcad2645743f5f0dbcff5

C:\Users\Admin\AppData\Local\Temp\_MEI13282\charset_normalizer\md__mypyc.cp38-win_amd64.pyd

MD5 0bacf957fb8cad0d18edca25b5c1b4f3
SHA1 43a0b66ccdffe2d9964d90cd4937aae5e1c178b6
SHA256 3ff54f72d6dc73bb795e5fb1b6b38831d87d2dc17769a22c37ffd2a11526c08f
SHA512 26f385bff31f64901c2297f9e27c1e6dbab16cc1d3a61e67ba5ee61eee28b2b6a6bf9d75050426b277d1121aa154b5c3436141bdf4567d5c01d7261a62a6c0c2

C:\Users\Admin\AppData\Local\Temp\_MEI13282\charset_normalizer\md.cp38-win_amd64.pyd

MD5 c3988e124508410346090e29d84b71ef
SHA1 5d4dbcd4ea2338b6869bf47d7d03be25705651b6
SHA256 d700d5aa7a28d5edd81369c1d8739c6f53ad1e3db960454948e1c5d8722f87f4
SHA512 f50d5ba31c7be1bf1aa2812cca7ecf3794658a038486ab91e481aa4ae60a47c4a016565a892fcf3a6117490472f90a1d42b660a2c390fb241e28258c243b9bf6

memory/4164-194-0x00007FF8339D0000-0x00007FF8339DD000-memory.dmp

memory/4164-191-0x00007FF82B420000-0x00007FF82B431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI13282\charset_normalizer\md.cp38-win_amd64.pyd

MD5 c3988e124508410346090e29d84b71ef
SHA1 5d4dbcd4ea2338b6869bf47d7d03be25705651b6
SHA256 d700d5aa7a28d5edd81369c1d8739c6f53ad1e3db960454948e1c5d8722f87f4
SHA512 f50d5ba31c7be1bf1aa2812cca7ecf3794658a038486ab91e481aa4ae60a47c4a016565a892fcf3a6117490472f90a1d42b660a2c390fb241e28258c243b9bf6

C:\Users\Admin\AppData\Local\Temp\_MEI13282\_queue.pyd

MD5 7a9eab9b45b38b485ad540fcd60fd1c2
SHA1 8fc5679207187b8e37f73c3826a0f1cef06bc7d9
SHA256 3e97629db46d159db614a2af447a8fcd3cdea807d7bdb8b32adadb372b8ed3ae
SHA512 1fa6745b5b9444d9afee8e8852b8baf6790c40d6af9c8ace0aa5b5a242c1825cf7eee467515270c55833d11878b1d6e36e67aad3090a2bd7d504f8cc75d3e81d

memory/4164-188-0x00007FF824250000-0x00007FF824306000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI13282\_hashlib.pyd

MD5 7a323c4fce36ab53da167e4074a68a77
SHA1 78a0e1ebbc7b357dbd37fcee32589c4d0dc94dfe
SHA256 07419b0862edabe485317c199ee61b4de838ec730789b12b8d660b6a1e5aaf76
SHA512 8dad82fa63917ff035271e8ed73c9f2ecdf5414e98d48a144f302c68cb16ea6d8dacf4fbfe11458b5d78715089ebaa45cd157ad53fb7989fd2fa81afce39e49a

C:\Users\Admin\AppData\Local\Temp\_MEI13282\_bz2.pyd

MD5 5f464b4f06dfe3ab504169ffdc7f53ae
SHA1 2942cf1f492213842d7bb8e8198355d3607b2f3b
SHA256 0dd68268a9d47ce935ff932c3fe281e7a6d57e9cd424299d05560e56a773ef4b
SHA512 d66c3c238a1ebdfb6f81436f8d0481f3ed8a0ff1212e3efe466d6820e36db50c31dcdb1019e46dcedb753149a6cef3f9485fc232f3dd42b96b7b0604dbad6040

C:\Users\Admin\AppData\Local\Temp\_MEI13282\_bz2.pyd

MD5 5f464b4f06dfe3ab504169ffdc7f53ae
SHA1 2942cf1f492213842d7bb8e8198355d3607b2f3b
SHA256 0dd68268a9d47ce935ff932c3fe281e7a6d57e9cd424299d05560e56a773ef4b
SHA512 d66c3c238a1ebdfb6f81436f8d0481f3ed8a0ff1212e3efe466d6820e36db50c31dcdb1019e46dcedb753149a6cef3f9485fc232f3dd42b96b7b0604dbad6040

memory/4164-203-0x00007FF823C70000-0x00007FF823C94000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI13282\_lzma.pyd

MD5 6cf80dca091dad17790a6b1af4e85381
SHA1 bcb4052a4f960b429eb9db019734fc00b41c4427
SHA256 2b41390d1bffa9c5b7018bc0544b0a2c188ecb9b00ebc56df5a864dc47e32697
SHA512 da00f86c7a4168fa46faec79605831d26e4c86dd1d009b89f5087ac756bdfc32e0c036471639131eb881bcc53b8f1f92d947f3ef47f3dc7e56bb2e99d1357cf3

C:\Users\Admin\AppData\Local\Temp\_MEI13282\_lzma.pyd

MD5 6cf80dca091dad17790a6b1af4e85381
SHA1 bcb4052a4f960b429eb9db019734fc00b41c4427
SHA256 2b41390d1bffa9c5b7018bc0544b0a2c188ecb9b00ebc56df5a864dc47e32697
SHA512 da00f86c7a4168fa46faec79605831d26e4c86dd1d009b89f5087ac756bdfc32e0c036471639131eb881bcc53b8f1f92d947f3ef47f3dc7e56bb2e99d1357cf3

memory/4164-206-0x00007FF823B50000-0x00007FF823C62000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI13282\dearpygui\_dearpygui.pyd

MD5 daf684cb065ff66b470453f1aee06e68
SHA1 c96fd8d2e4e2b1e163d1470c37764340ef4226f5
SHA256 9ffe47ace8f41c52b017f4259cd522e3b85bb83b2b8b133c1a9b20118112a113
SHA512 7c9ab17aeb7311faaa4a499210a641b84b194ef48d06a97af89e60b3ab331c941327c745264ab325438f4be09df0820b45ea2de4941f3374481d8a42c7c3d059

memory/4164-208-0x00007FF833530000-0x00007FF83353B000-memory.dmp

memory/4164-207-0x00007FF823B30000-0x00007FF823B4C000-memory.dmp

memory/4164-209-0x00007FF8237D0000-0x00007FF8237FE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI13282\dearpygui\_dearpygui.pyd

MD5 daf684cb065ff66b470453f1aee06e68
SHA1 c96fd8d2e4e2b1e163d1470c37764340ef4226f5
SHA256 9ffe47ace8f41c52b017f4259cd522e3b85bb83b2b8b133c1a9b20118112a113
SHA512 7c9ab17aeb7311faaa4a499210a641b84b194ef48d06a97af89e60b3ab331c941327c745264ab325438f4be09df0820b45ea2de4941f3374481d8a42c7c3d059

memory/4164-213-0x00007FF824680000-0x00007FF824AC5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI13282\dearpygui\VCRUNTIME140_1.dll

MD5 ab03551e4ef279abed2d8c4b25f35bb8
SHA1 09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e
SHA256 f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44
SHA512 0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909

C:\Users\Admin\AppData\Local\Temp\_MEI13282\dearpygui\VCRUNTIME140_1.dll

MD5 ab03551e4ef279abed2d8c4b25f35bb8
SHA1 09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e
SHA256 f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44
SHA512 0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909

C:\Users\Admin\AppData\Local\Temp\_MEI13282\MSVCP140.dll

MD5 1ba6d1cf0508775096f9e121a24e5863
SHA1 df552810d779476610da3c8b956cc921ed6c91ae
SHA256 74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823
SHA512 9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af

C:\Users\Admin\AppData\Local\Temp\_MEI13282\dearpygui\VCRUNTIME140_1.dll

MD5 ab03551e4ef279abed2d8c4b25f35bb8
SHA1 09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e
SHA256 f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44
SHA512 0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909

memory/4164-216-0x00007FF82ADB0000-0x00007FF82ADD7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI13282\MSVCP140.dll

MD5 1ba6d1cf0508775096f9e121a24e5863
SHA1 df552810d779476610da3c8b956cc921ed6c91ae
SHA256 74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823
SHA512 9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af

C:\Users\Admin\AppData\Local\Temp\_MEI13282\certifi\cacert.pem

MD5 8d0619bfe30deadf6f21196f0f8d53d3
SHA1 e7abd65a8ccafeff6caf6a2ff98d27d24d87c9ad
SHA256 b301535dca491d9814ea28faa320ac7a19d0f5d94237996fa0a3b5a936432514
SHA512 5a88e4a06b98832aaa9bbb89e382f6c7e9b65c5ecba48de8f4ff1fa58bb06a74b9c2f6b2ec185c2a306cb0b5d68d0b28d74b323432a0b2953d8dfc29fed920d7

memory/4164-218-0x00007FF8227C0000-0x00007FF8233BF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI13282\bg.png

MD5 8f2f2fc27950af93656697fbf88944fd
SHA1 c3968809e5980294b259f578b7f3d5624461d206
SHA256 70ad6851bb512cdb708d0669f281359b0382441e4d8d00a9309dd04c80419ba9
SHA512 ae5c497e9887d88a810a5c00c6f30b157d35d76af1cfc3dd827c2b3bbeda9303b065d6494db31395f7eadc770259fedae9def26c5fc127469e7457cbef620128

C:\Users\Admin\AppData\Local\Temp\_MEI13282\IB.ttf

MD5 97decd2b78e0890e270894d96efe328f
SHA1 70239218a723b0b34643b62faad0387c205ecac2
SHA256 56419e845e9eb0d8d3cd5c860dcbc23eb24fed38674878a89e6e82f2529c711b
SHA512 f32ac87b46260f76c9ae6aeff733ae5bfbc44fe997333e5f73e2cf958bdf1ce1461b284aed817f17fed09550e9419351cf5561ef9263264239301926a37eef22

C:\Users\Admin\AppData\Local\Temp\_MEI13282\semen.ttf

MD5 8d63a82f5fc6d6eba21050dd9111520d
SHA1 03f5c0ff412bc0aac7ef2c1e19edcbdd9b06a609
SHA256 69b1af837d101ab90b003d61d4ccc5e5320a6dcaefeb69906fa31c01a06e5837
SHA512 7ab78f5da477103cd0b860668fa4ddf252775adcab732de61c1e5cf89fedaa8c8043aeadca1a0b325756b437748bf8bec07f70dba111e108c22bd90e9041cfe9

memory/4164-225-0x00007FF833560000-0x00007FF83357A000-memory.dmp

memory/4164-226-0x00007FF8258F0000-0x00007FF82591D000-memory.dmp

memory/4164-227-0x00000271C1DD0000-0x00000271C213F000-memory.dmp

memory/4164-228-0x00007FF823CA0000-0x00007FF82400F000-memory.dmp

memory/4164-229-0x00007FF824250000-0x00007FF824306000-memory.dmp

memory/4164-230-0x00007FF824680000-0x00007FF824AC5000-memory.dmp

memory/4164-242-0x00007FF823B50000-0x00007FF823C62000-memory.dmp

memory/4164-245-0x00007FF8227C0000-0x00007FF8233BF000-memory.dmp

memory/4164-246-0x00007FF8227C0000-0x00007FF8233BF000-memory.dmp

memory/4164-247-0x00007FF824680000-0x00007FF824AC5000-memory.dmp

memory/4164-262-0x00007FF8227C0000-0x00007FF8233BF000-memory.dmp

memory/4164-263-0x00007FF824680000-0x00007FF824AC5000-memory.dmp

memory/4164-278-0x00007FF8227C0000-0x00007FF8233BF000-memory.dmp

memory/4164-279-0x00007FF824680000-0x00007FF824AC5000-memory.dmp

memory/4164-294-0x00007FF8227C0000-0x00007FF8233BF000-memory.dmp