Malware Analysis Report

2024-11-30 13:06

Sample ID 240620-r89lgatamg
Target Ocean.exe
SHA256 4479ecf339918676ca7d443c207be60f891b3420542f293668f9fe303940b1dc
Tags
pyinstaller upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4479ecf339918676ca7d443c207be60f891b3420542f293668f9fe303940b1dc

Threat Level: Shows suspicious behavior

The file Ocean.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller upx

Loads dropped DLL

UPX packed file

Detects Pyinstaller

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-20 14:53

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-20 14:53

Reported

2024-06-20 14:55

Platform

win7-20240419-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Ocean.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2432 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\Ocean.exe C:\Users\Admin\AppData\Local\Temp\Ocean.exe
PID 2432 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\Ocean.exe C:\Users\Admin\AppData\Local\Temp\Ocean.exe
PID 2432 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\Ocean.exe C:\Users\Admin\AppData\Local\Temp\Ocean.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Ocean.exe

"C:\Users\Admin\AppData\Local\Temp\Ocean.exe"

C:\Users\Admin\AppData\Local\Temp\Ocean.exe

"C:\Users\Admin\AppData\Local\Temp\Ocean.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 anticheat.site udp
US 72.52.178.23:443 anticheat.site tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI24322\python38.dll

MD5 7ab78070ca047f134156169c60cca0a3
SHA1 f3fe769a202936d4c533a643f9a8b7cbdda61ca4
SHA256 c57bd27215609eca66bea7f88f4b5ce3bf39486dfdbab7d5c684270507627d22
SHA512 2f3cd43beb3e0e1ea1581337289566159a707f3314852dc88c0353a65dd4a6d549aac1ea66974893ec99a3c1e28b932d7d3ab9e612d102cb6211772f594181f1

C:\Users\Admin\AppData\Local\Temp\_MEI24322\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

memory/2748-30-0x000007FEF6370000-0x000007FEF67B5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI24322\base_library.zip

MD5 ffdfd8182d9d13d60579265b9f75b47d
SHA1 a10f0311f56ad8779f7f9d427e4898973b02c211
SHA256 1e8b6d77d6f9c3c42f2b82a4eccf47ecb3ee02cf518008598722c94c32f9eac0
SHA512 e51cf25721bd402b8cd62f289a7a4253e28172788a07780bb8e30184e9abf848420a7d12f8636ee379cb4f7b7b68db59751efddb152aa4a291aa3f3c4ef169f8

C:\Users\Admin\AppData\Local\Temp\_MEI24322\_ctypes.pyd

MD5 332d773008e12399ab98d085cd60c583
SHA1 c3aa78e9ba7732b989a3cab996e63791eaf46a7f
SHA256 19b813bcd356f37e73fe7d367051eb0bd901f2bd14ca8ad4662b1503b1459cea
SHA512 381c2083ccfdb39f3986060b21ff168ee87cfafc4ad53b34de3ae473a4fc0204615af87e9ee69407d07528064c7b2a7d9f23a94939de0e26c614169b8cc418aa

C:\Users\Admin\AppData\Local\Temp\_MEI24322\libffi-7.dll

MD5 6f818913fafe8e4df7fedc46131f201f
SHA1 bbb7ba3edbd4783f7f973d97b0b568cc69cadac5
SHA256 3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56
SHA512 5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639

memory/2748-38-0x000007FEF7CE0000-0x000007FEF7CEF000-memory.dmp

memory/2748-37-0x000007FEF7CF0000-0x000007FEF7D17000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI24322\_socket.pyd

MD5 15a40afe3a6a996da1ed9c9eb13362b8
SHA1 fb7a8827fd244642a1bda9e863e8a1137a791554
SHA256 55c9f10d31037738da2110bb88074cf4b6d65e256c9411560000330ed27704c1
SHA512 f75213237180fe0395908f5e272217f8287a19083a00d23c5934061f27e07e00b5130ccd44453c2633b2406433d3e537f45923e4712ef420bb60cc9307030990

memory/2748-43-0x000007FEF7CB0000-0x000007FEF7CBD000-memory.dmp

memory/2748-42-0x000007FEF7CC0000-0x000007FEF7CDA000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI24322\select.pyd

MD5 bfce179b385145f6c0cb73aac30318c1
SHA1 ff59ab14cbeb00a9c68369d998b101102673b6e2
SHA256 04f0936ec038ff18927b5def896db658b64f6dc9e6275e6ad03a7436d4f9a80a
SHA512 a82ed3398c4f1c0d0ab8a5f5e75735d6d05d6f02c9b0a97edb478482a0f3bee0f49fea35c5afdfe373c33ade510d0ebff8dd02b0131d961be7e5b5ddcbfdb88f

C:\Users\Admin\AppData\Local\Temp\_MEI24322\_ssl.pyd

MD5 a61613b2a31fb6c1d0f11a2ab42c3a9e
SHA1 a51069c3aeb3c7c8d802cf076005b1c1717ca12a
SHA256 1b39eac9d666211e670e37420d9fd43516695e7ef53832f4dbd86b6e97fc9bf3
SHA512 a35283c7fb47e79580917252cb08329c5f302a77322ffd8a0fe5cd8c081130c5fa28c5e7eb3d7eb8c6d0dca25a7d423cb303ab2ec82296eac41c91e38369ccaf

C:\Users\Admin\AppData\Local\Temp\_MEI24322\libcrypto-1_1.dll

MD5 eb33b1a0a12a1bfcb69fd2467f5c6b8c
SHA1 d30782a6bed3fd889846787d733d14519d757808
SHA256 e631bfe0b26a864f61311a03bf1f0819abdffc7bc00d14d263714f934a085069
SHA512 bee2412914003ad4697d6a22cfe7550de0e13c2a16dc5c8c1528ce361a84f987e8d43f58f0eabdacf6a09a01f7edf04b310dce41f02c4e809b04446d8dff40e2

memory/2748-47-0x000007FEF7770000-0x000007FEF779D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI24322\libssl-1_1.dll

MD5 88803aac099cccf4af3496bfabdc8865
SHA1 3eee4e685e0084f13935870be3e2c7dddb1975e4
SHA256 c524b961d036c9e95ae4d9e40e8b4f897a4f0772cf1d78ac0287af84fe918cad
SHA512 50bd41771e50e9c20ad871be9433f6e88c3cd799a6f64d7ad19265228468a8572904ec2d9b3b8ff053b23230ec1326a175df09cb0380e60d8efdd11ab446f8fd

memory/2748-51-0x000007FEF6000000-0x000007FEF636F000-memory.dmp

memory/2748-52-0x000007FEF7110000-0x000007FEF71C6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI24322\_hashlib.pyd

MD5 7a323c4fce36ab53da167e4074a68a77
SHA1 78a0e1ebbc7b357dbd37fcee32589c4d0dc94dfe
SHA256 07419b0862edabe485317c199ee61b4de838ec730789b12b8d660b6a1e5aaf76
SHA512 8dad82fa63917ff035271e8ed73c9f2ecdf5414e98d48a144f302c68cb16ea6d8dacf4fbfe11458b5d78715089ebaa45cd157ad53fb7989fd2fa81afce39e49a

C:\Users\Admin\AppData\Local\Temp\_MEI24322\_queue.pyd

MD5 7a9eab9b45b38b485ad540fcd60fd1c2
SHA1 8fc5679207187b8e37f73c3826a0f1cef06bc7d9
SHA256 3e97629db46d159db614a2af447a8fcd3cdea807d7bdb8b32adadb372b8ed3ae
SHA512 1fa6745b5b9444d9afee8e8852b8baf6790c40d6af9c8ace0aa5b5a242c1825cf7eee467515270c55833d11878b1d6e36e67aad3090a2bd7d504f8cc75d3e81d

memory/2748-58-0x000007FEF7740000-0x000007FEF774D000-memory.dmp

memory/2748-57-0x000007FEF7750000-0x000007FEF7761000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI24322\charset_normalizer\md__mypyc.cp38-win_amd64.pyd

MD5 0bacf957fb8cad0d18edca25b5c1b4f3
SHA1 43a0b66ccdffe2d9964d90cd4937aae5e1c178b6
SHA256 3ff54f72d6dc73bb795e5fb1b6b38831d87d2dc17769a22c37ffd2a11526c08f
SHA512 26f385bff31f64901c2297f9e27c1e6dbab16cc1d3a61e67ba5ee61eee28b2b6a6bf9d75050426b277d1121aa154b5c3436141bdf4567d5c01d7261a62a6c0c2

memory/2748-66-0x000007FEF6CC0000-0x000007FEF6CE4000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI24322\unicodedata.pyd

MD5 f9486e61971743562e9cdfac3b26b9b8
SHA1 827cc385d614535a17c37a899017e95abee90384
SHA256 d35630ac31c32ceb5098eb2e63b029ebee37167c6da320f07574a244a8336554
SHA512 5bac1699c2b11fba9a25112672dc30f2dd7a1058161066939667f467470cddacf6e8ddbb0afaab0395bcbffe67743231640cd70acb9dcad2645743f5f0dbcff5

C:\Users\Admin\AppData\Local\Temp\_MEI24322\_bz2.pyd

MD5 5f464b4f06dfe3ab504169ffdc7f53ae
SHA1 2942cf1f492213842d7bb8e8198355d3607b2f3b
SHA256 0dd68268a9d47ce935ff932c3fe281e7a6d57e9cd424299d05560e56a773ef4b
SHA512 d66c3c238a1ebdfb6f81436f8d0481f3ed8a0ff1212e3efe466d6820e36db50c31dcdb1019e46dcedb753149a6cef3f9485fc232f3dd42b96b7b0604dbad6040

\Users\Admin\AppData\Local\Temp\_MEI24322\_lzma.pyd

MD5 6cf80dca091dad17790a6b1af4e85381
SHA1 bcb4052a4f960b429eb9db019734fc00b41c4427
SHA256 2b41390d1bffa9c5b7018bc0544b0a2c188ecb9b00ebc56df5a864dc47e32697
SHA512 da00f86c7a4168fa46faec79605831d26e4c86dd1d009b89f5087ac756bdfc32e0c036471639131eb881bcc53b8f1f92d947f3ef47f3dc7e56bb2e99d1357cf3

memory/2748-68-0x000007FEF5EE0000-0x000007FEF5FF2000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI24322\dearpygui\_dearpygui.pyd

MD5 daf684cb065ff66b470453f1aee06e68
SHA1 c96fd8d2e4e2b1e163d1470c37764340ef4226f5
SHA256 9ffe47ace8f41c52b017f4259cd522e3b85bb83b2b8b133c1a9b20118112a113
SHA512 7c9ab17aeb7311faaa4a499210a641b84b194ef48d06a97af89e60b3ab331c941327c745264ab325438f4be09df0820b45ea2de4941f3374481d8a42c7c3d059

\Users\Admin\AppData\Local\Temp\_MEI24322\dearpygui\VCRUNTIME140_1.dll

MD5 ab03551e4ef279abed2d8c4b25f35bb8
SHA1 09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e
SHA256 f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44
SHA512 0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909

\Users\Admin\AppData\Local\Temp\_MEI24322\MSVCP140.dll

MD5 1ba6d1cf0508775096f9e121a24e5863
SHA1 df552810d779476610da3c8b956cc921ed6c91ae
SHA256 74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823
SHA512 9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af

memory/2748-81-0x000007FEF52E0000-0x000007FEF5EDF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI24322\certifi\cacert.pem

MD5 8d0619bfe30deadf6f21196f0f8d53d3
SHA1 e7abd65a8ccafeff6caf6a2ff98d27d24d87c9ad
SHA256 b301535dca491d9814ea28faa320ac7a19d0f5d94237996fa0a3b5a936432514
SHA512 5a88e4a06b98832aaa9bbb89e382f6c7e9b65c5ecba48de8f4ff1fa58bb06a74b9c2f6b2ec185c2a306cb0b5d68d0b28d74b323432a0b2953d8dfc29fed920d7

memory/2748-75-0x000007FEF6C10000-0x000007FEF6C3E000-memory.dmp

memory/2748-74-0x000007FEF6CA0000-0x000007FEF6CBC000-memory.dmp

memory/2748-67-0x000007FEF6370000-0x000007FEF67B5000-memory.dmp

memory/2748-64-0x000007FEF7730000-0x000007FEF773B000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI24322\charset_normalizer\md.cp38-win_amd64.pyd

MD5 c3988e124508410346090e29d84b71ef
SHA1 5d4dbcd4ea2338b6869bf47d7d03be25705651b6
SHA256 d700d5aa7a28d5edd81369c1d8739c6f53ad1e3db960454948e1c5d8722f87f4
SHA512 f50d5ba31c7be1bf1aa2812cca7ecf3794658a038486ab91e481aa4ae60a47c4a016565a892fcf3a6117490472f90a1d42b660a2c390fb241e28258c243b9bf6

memory/2748-83-0x000007FEF7CC0000-0x000007FEF7CDA000-memory.dmp

memory/2748-84-0x000007FEF7770000-0x000007FEF779D000-memory.dmp

memory/2748-85-0x000007FEF6000000-0x000007FEF636F000-memory.dmp

memory/2748-103-0x000007FEF7CF0000-0x000007FEF7D17000-memory.dmp

memory/2748-102-0x000007FEF7740000-0x000007FEF774D000-memory.dmp

memory/2748-86-0x000007FEF6370000-0x000007FEF67B5000-memory.dmp

memory/2748-107-0x000007FEF7770000-0x000007FEF779D000-memory.dmp

memory/2748-106-0x000007FEF7CB0000-0x000007FEF7CBD000-memory.dmp

memory/2748-105-0x000007FEF7CC0000-0x000007FEF7CDA000-memory.dmp

memory/2748-104-0x000007FEF7CE0000-0x000007FEF7CEF000-memory.dmp

memory/2748-101-0x000007FEF52E0000-0x000007FEF5EDF000-memory.dmp

memory/2748-108-0x000007FEF7110000-0x000007FEF71C6000-memory.dmp

memory/2748-100-0x000007FEF6C10000-0x000007FEF6C3E000-memory.dmp

memory/2748-99-0x000007FEF6CA0000-0x000007FEF6CBC000-memory.dmp

memory/2748-98-0x000007FEF5EE0000-0x000007FEF5FF2000-memory.dmp

memory/2748-97-0x000007FEF6CC0000-0x000007FEF6CE4000-memory.dmp

memory/2748-96-0x000007FEF7730000-0x000007FEF773B000-memory.dmp

memory/2748-94-0x000007FEF7750000-0x000007FEF7761000-memory.dmp

memory/2748-92-0x000007FEF6000000-0x000007FEF636F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-20 14:53

Reported

2024-06-20 14:55

Platform

win10v2004-20240611-en

Max time kernel

148s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Ocean.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1420 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\Ocean.exe C:\Users\Admin\AppData\Local\Temp\Ocean.exe
PID 1420 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\Ocean.exe C:\Users\Admin\AppData\Local\Temp\Ocean.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Ocean.exe

"C:\Users\Admin\AppData\Local\Temp\Ocean.exe"

C:\Users\Admin\AppData\Local\Temp\Ocean.exe

"C:\Users\Admin\AppData\Local\Temp\Ocean.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 anticheat.site udp
US 72.52.178.23:443 anticheat.site tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 97.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 17.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI14202\python38.dll

MD5 7ab78070ca047f134156169c60cca0a3
SHA1 f3fe769a202936d4c533a643f9a8b7cbdda61ca4
SHA256 c57bd27215609eca66bea7f88f4b5ce3bf39486dfdbab7d5c684270507627d22
SHA512 2f3cd43beb3e0e1ea1581337289566159a707f3314852dc88c0353a65dd4a6d549aac1ea66974893ec99a3c1e28b932d7d3ab9e612d102cb6211772f594181f1

C:\Users\Admin\AppData\Local\Temp\_MEI14202\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

memory/3476-30-0x00007FFF7DCC0000-0x00007FFF7E105000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI14202\_ctypes.pyd

MD5 332d773008e12399ab98d085cd60c583
SHA1 c3aa78e9ba7732b989a3cab996e63791eaf46a7f
SHA256 19b813bcd356f37e73fe7d367051eb0bd901f2bd14ca8ad4662b1503b1459cea
SHA512 381c2083ccfdb39f3986060b21ff168ee87cfafc4ad53b34de3ae473a4fc0204615af87e9ee69407d07528064c7b2a7d9f23a94939de0e26c614169b8cc418aa

C:\Users\Admin\AppData\Local\Temp\_MEI14202\libffi-7.dll

MD5 6f818913fafe8e4df7fedc46131f201f
SHA1 bbb7ba3edbd4783f7f973d97b0b568cc69cadac5
SHA256 3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56
SHA512 5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639

memory/3476-38-0x00007FFF91E90000-0x00007FFF91E9F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI14202\select.pyd

MD5 bfce179b385145f6c0cb73aac30318c1
SHA1 ff59ab14cbeb00a9c68369d998b101102673b6e2
SHA256 04f0936ec038ff18927b5def896db658b64f6dc9e6275e6ad03a7436d4f9a80a
SHA512 a82ed3398c4f1c0d0ab8a5f5e75735d6d05d6f02c9b0a97edb478482a0f3bee0f49fea35c5afdfe373c33ade510d0ebff8dd02b0131d961be7e5b5ddcbfdb88f

C:\Users\Admin\AppData\Local\Temp\_MEI14202\_ssl.pyd

MD5 a61613b2a31fb6c1d0f11a2ab42c3a9e
SHA1 a51069c3aeb3c7c8d802cf076005b1c1717ca12a
SHA256 1b39eac9d666211e670e37420d9fd43516695e7ef53832f4dbd86b6e97fc9bf3
SHA512 a35283c7fb47e79580917252cb08329c5f302a77322ffd8a0fe5cd8c081130c5fa28c5e7eb3d7eb8c6d0dca25a7d423cb303ab2ec82296eac41c91e38369ccaf

C:\Users\Admin\AppData\Local\Temp\_MEI14202\libcrypto-1_1.dll

MD5 eb33b1a0a12a1bfcb69fd2467f5c6b8c
SHA1 d30782a6bed3fd889846787d733d14519d757808
SHA256 e631bfe0b26a864f61311a03bf1f0819abdffc7bc00d14d263714f934a085069
SHA512 bee2412914003ad4697d6a22cfe7550de0e13c2a16dc5c8c1528ce361a84f987e8d43f58f0eabdacf6a09a01f7edf04b310dce41f02c4e809b04446d8dff40e2

memory/3476-52-0x00007FFF8CA00000-0x00007FFF8CAB6000-memory.dmp

memory/3476-54-0x0000020B981A0000-0x0000020B9850F000-memory.dmp

memory/3476-53-0x00007FFF7D950000-0x00007FFF7DCBF000-memory.dmp

memory/3476-51-0x00007FFF8CD20000-0x00007FFF8CD4D000-memory.dmp

memory/3476-50-0x00007FFF8F1E0000-0x00007FFF8F1ED000-memory.dmp

memory/3476-49-0x00007FFF91E70000-0x00007FFF91E8A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI14202\libssl-1_1.dll

MD5 88803aac099cccf4af3496bfabdc8865
SHA1 3eee4e685e0084f13935870be3e2c7dddb1975e4
SHA256 c524b961d036c9e95ae4d9e40e8b4f897a4f0772cf1d78ac0287af84fe918cad
SHA512 50bd41771e50e9c20ad871be9433f6e88c3cd799a6f64d7ad19265228468a8572904ec2d9b3b8ff053b23230ec1326a175df09cb0380e60d8efdd11ab446f8fd

C:\Users\Admin\AppData\Local\Temp\_MEI14202\_socket.pyd

MD5 15a40afe3a6a996da1ed9c9eb13362b8
SHA1 fb7a8827fd244642a1bda9e863e8a1137a791554
SHA256 55c9f10d31037738da2110bb88074cf4b6d65e256c9411560000330ed27704c1
SHA512 f75213237180fe0395908f5e272217f8287a19083a00d23c5934061f27e07e00b5130ccd44453c2633b2406433d3e537f45923e4712ef420bb60cc9307030990

memory/3476-37-0x00007FFF91F60000-0x00007FFF91F87000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI14202\base_library.zip

MD5 ffdfd8182d9d13d60579265b9f75b47d
SHA1 a10f0311f56ad8779f7f9d427e4898973b02c211
SHA256 1e8b6d77d6f9c3c42f2b82a4eccf47ecb3ee02cf518008598722c94c32f9eac0
SHA512 e51cf25721bd402b8cd62f289a7a4253e28172788a07780bb8e30184e9abf848420a7d12f8636ee379cb4f7b7b68db59751efddb152aa4a291aa3f3c4ef169f8

C:\Users\Admin\AppData\Local\Temp\_MEI14202\_hashlib.pyd

MD5 7a323c4fce36ab53da167e4074a68a77
SHA1 78a0e1ebbc7b357dbd37fcee32589c4d0dc94dfe
SHA256 07419b0862edabe485317c199ee61b4de838ec730789b12b8d660b6a1e5aaf76
SHA512 8dad82fa63917ff035271e8ed73c9f2ecdf5414e98d48a144f302c68cb16ea6d8dacf4fbfe11458b5d78715089ebaa45cd157ad53fb7989fd2fa81afce39e49a

memory/3476-57-0x00007FFF8CC20000-0x00007FFF8CC31000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI14202\_queue.pyd

MD5 7a9eab9b45b38b485ad540fcd60fd1c2
SHA1 8fc5679207187b8e37f73c3826a0f1cef06bc7d9
SHA256 3e97629db46d159db614a2af447a8fcd3cdea807d7bdb8b32adadb372b8ed3ae
SHA512 1fa6745b5b9444d9afee8e8852b8baf6790c40d6af9c8ace0aa5b5a242c1825cf7eee467515270c55833d11878b1d6e36e67aad3090a2bd7d504f8cc75d3e81d

memory/3476-60-0x00007FFF8CEF0000-0x00007FFF8CEFD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI14202\charset_normalizer\md.cp38-win_amd64.pyd

MD5 c3988e124508410346090e29d84b71ef
SHA1 5d4dbcd4ea2338b6869bf47d7d03be25705651b6
SHA256 d700d5aa7a28d5edd81369c1d8739c6f53ad1e3db960454948e1c5d8722f87f4
SHA512 f50d5ba31c7be1bf1aa2812cca7ecf3794658a038486ab91e481aa4ae60a47c4a016565a892fcf3a6117490472f90a1d42b660a2c390fb241e28258c243b9bf6

C:\Users\Admin\AppData\Local\Temp\_MEI14202\charset_normalizer\md__mypyc.cp38-win_amd64.pyd

MD5 0bacf957fb8cad0d18edca25b5c1b4f3
SHA1 43a0b66ccdffe2d9964d90cd4937aae5e1c178b6
SHA256 3ff54f72d6dc73bb795e5fb1b6b38831d87d2dc17769a22c37ffd2a11526c08f
SHA512 26f385bff31f64901c2297f9e27c1e6dbab16cc1d3a61e67ba5ee61eee28b2b6a6bf9d75050426b277d1121aa154b5c3436141bdf4567d5c01d7261a62a6c0c2

memory/3476-64-0x00007FFF8CC90000-0x00007FFF8CC9B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI14202\unicodedata.pyd

MD5 f9486e61971743562e9cdfac3b26b9b8
SHA1 827cc385d614535a17c37a899017e95abee90384
SHA256 d35630ac31c32ceb5098eb2e63b029ebee37167c6da320f07574a244a8336554
SHA512 5bac1699c2b11fba9a25112672dc30f2dd7a1058161066939667f467470cddacf6e8ddbb0afaab0395bcbffe67743231640cd70acb9dcad2645743f5f0dbcff5

memory/3476-68-0x00007FFF8CBF0000-0x00007FFF8CC14000-memory.dmp

memory/3476-69-0x00007FFF8C820000-0x00007FFF8C932000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI14202\_bz2.pyd

MD5 5f464b4f06dfe3ab504169ffdc7f53ae
SHA1 2942cf1f492213842d7bb8e8198355d3607b2f3b
SHA256 0dd68268a9d47ce935ff932c3fe281e7a6d57e9cd424299d05560e56a773ef4b
SHA512 d66c3c238a1ebdfb6f81436f8d0481f3ed8a0ff1212e3efe466d6820e36db50c31dcdb1019e46dcedb753149a6cef3f9485fc232f3dd42b96b7b0604dbad6040

C:\Users\Admin\AppData\Local\Temp\_MEI14202\_lzma.pyd

MD5 6cf80dca091dad17790a6b1af4e85381
SHA1 bcb4052a4f960b429eb9db019734fc00b41c4427
SHA256 2b41390d1bffa9c5b7018bc0544b0a2c188ecb9b00ebc56df5a864dc47e32697
SHA512 da00f86c7a4168fa46faec79605831d26e4c86dd1d009b89f5087ac756bdfc32e0c036471639131eb881bcc53b8f1f92d947f3ef47f3dc7e56bb2e99d1357cf3

memory/3476-75-0x00007FFF8CBD0000-0x00007FFF8CBEC000-memory.dmp

memory/3476-76-0x00007FFF8CBA0000-0x00007FFF8CBCE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI14202\dearpygui\_dearpygui.pyd

MD5 daf684cb065ff66b470453f1aee06e68
SHA1 c96fd8d2e4e2b1e163d1470c37764340ef4226f5
SHA256 9ffe47ace8f41c52b017f4259cd522e3b85bb83b2b8b133c1a9b20118112a113
SHA512 7c9ab17aeb7311faaa4a499210a641b84b194ef48d06a97af89e60b3ab331c941327c745264ab325438f4be09df0820b45ea2de4941f3374481d8a42c7c3d059

C:\Users\Admin\AppData\Local\Temp\_MEI14202\dearpygui\VCRUNTIME140_1.dll

MD5 ab03551e4ef279abed2d8c4b25f35bb8
SHA1 09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e
SHA256 f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44
SHA512 0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909

memory/3476-82-0x00007FFF7CD50000-0x00007FFF7D94F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI14202\certifi\cacert.pem

MD5 8d0619bfe30deadf6f21196f0f8d53d3
SHA1 e7abd65a8ccafeff6caf6a2ff98d27d24d87c9ad
SHA256 b301535dca491d9814ea28faa320ac7a19d0f5d94237996fa0a3b5a936432514
SHA512 5a88e4a06b98832aaa9bbb89e382f6c7e9b65c5ecba48de8f4ff1fa58bb06a74b9c2f6b2ec185c2a306cb0b5d68d0b28d74b323432a0b2953d8dfc29fed920d7

C:\Users\Admin\AppData\Local\Temp\_MEI14202\MSVCP140.dll

MD5 1ba6d1cf0508775096f9e121a24e5863
SHA1 df552810d779476610da3c8b956cc921ed6c91ae
SHA256 74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823
SHA512 9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af

memory/3476-84-0x00007FFF7DCC0000-0x00007FFF7E105000-memory.dmp

memory/3476-85-0x00007FFF91E70000-0x00007FFF91E8A000-memory.dmp

memory/3476-86-0x00007FFF8CD20000-0x00007FFF8CD4D000-memory.dmp

memory/3476-87-0x00007FFF8CA00000-0x00007FFF8CAB6000-memory.dmp

memory/3476-89-0x0000020B981A0000-0x0000020B9850F000-memory.dmp

memory/3476-88-0x00007FFF7D950000-0x00007FFF7DCBF000-memory.dmp

memory/3476-90-0x00007FFF7DCC0000-0x00007FFF7E105000-memory.dmp

memory/3476-102-0x00007FFF8C820000-0x00007FFF8C932000-memory.dmp

memory/3476-101-0x00007FFF8CBF0000-0x00007FFF8CC14000-memory.dmp

memory/3476-105-0x00007FFF7CD50000-0x00007FFF7D94F000-memory.dmp

memory/3476-106-0x00007FFF7DCC0000-0x00007FFF7E105000-memory.dmp

memory/3476-117-0x00007FFF8CBF0000-0x00007FFF8CC14000-memory.dmp

memory/3476-134-0x00007FFF8CBA0000-0x00007FFF8CBCE000-memory.dmp

memory/3476-133-0x00007FFF8CBD0000-0x00007FFF8CBEC000-memory.dmp

memory/3476-132-0x00007FFF8C820000-0x00007FFF8C932000-memory.dmp

memory/3476-131-0x00007FFF8CC90000-0x00007FFF8CC9B000-memory.dmp

memory/3476-130-0x00007FFF8CEF0000-0x00007FFF8CEFD000-memory.dmp

memory/3476-129-0x00007FFF8CC20000-0x00007FFF8CC31000-memory.dmp

memory/3476-121-0x00007FFF7CD50000-0x00007FFF7D94F000-memory.dmp

memory/3476-127-0x00007FFF8CA00000-0x00007FFF8CAB6000-memory.dmp

memory/3476-126-0x00007FFF8CD20000-0x00007FFF8CD4D000-memory.dmp

memory/3476-124-0x00007FFF91E70000-0x00007FFF91E8A000-memory.dmp

memory/3476-128-0x00007FFF7D950000-0x00007FFF7DCBF000-memory.dmp

memory/3476-125-0x00007FFF8F1E0000-0x00007FFF8F1ED000-memory.dmp

memory/3476-123-0x00007FFF91E90000-0x00007FFF91E9F000-memory.dmp

memory/3476-122-0x00007FFF91F60000-0x00007FFF91F87000-memory.dmp