Malware Analysis Report

2025-08-10 19:49

Sample ID 250702-xh8jdazr15
Target https://github.com/Epicinver
Tags
discovery upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://github.com/Epicinver was found to be: Likely malicious.

Malicious Activity Summary

discovery upx

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

UPX packed file

Browser Information Discovery

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Enumerates system info in registry

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-02 18:52

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-02 18:52

Reported

2025-07-02 18:56

Platform

win10v2004-20250502-en

Max time kernel

180s

Max time network

181s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Epicinver

Signatures

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A
N/A N/A C:\Users\Admin\Downloads\muller.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Browser Information Discovery

discovery

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133959560373486994" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2276 wrote to memory of 5508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 1676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 1676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 5344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Epicinver

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffa20edcf8,0x7fffa20edd04,0x7fffa20edd10

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1940,i,16826720490228972541,6344344466671391514,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=1932 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2216,i,16826720490228972541,6344344466671391514,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2320,i,16826720490228972541,6344344466671391514,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=2500 /prefetch:8

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,16826720490228972541,6344344466671391514,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,16826720490228972541,6344344466671391514,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4416,i,16826720490228972541,6344344466671391514,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4448 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5208,i,16826720490228972541,6344344466671391514,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4364 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5144,i,16826720490228972541,6344344466671391514,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5444 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5816,i,16826720490228972541,6344344466671391514,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5660 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5440,i,16826720490228972541,6344344466671391514,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5776 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5824,i,16826720490228972541,6344344466671391514,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5884 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5528,i,16826720490228972541,6344344466671391514,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5820 /prefetch:8

C:\Users\Admin\Downloads\muller.exe

"C:\Users\Admin\Downloads\muller.exe"

C:\Users\Admin\Downloads\muller.exe

"C:\Users\Admin\Downloads\muller.exe"

C:\Users\Admin\Downloads\muller.exe

"C:\Users\Admin\Downloads\muller.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=3124,i,16826720490228972541,6344344466671391514,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3240 /prefetch:8

C:\Users\Admin\Downloads\muller.exe

"C:\Users\Admin\Downloads\muller.exe"

C:\Users\Admin\Downloads\muller.exe

"C:\Users\Admin\Downloads\muller.exe"

C:\Users\Admin\Downloads\muller.exe

"C:\Users\Admin\Downloads\muller.exe"

C:\Users\Admin\Downloads\muller.exe

"C:\Users\Admin\Downloads\muller.exe"

C:\Users\Admin\Downloads\muller.exe

"C:\Users\Admin\Downloads\muller.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5400,i,16826720490228972541,6344344466671391514,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4500 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.112.21:443 collector.github.com tcp
US 140.82.112.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
N/A 224.0.0.251:5353 udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
GB 20.26.156.215:443 github.com tcp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.111.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 discord.com udp
US 162.159.136.232:443 discord.com tcp
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.136.234:443 gateway.discord.gg tcp
N/A 127.0.0.1:51868 tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp
N/A 127.0.0.1:53108 tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.234:443 gateway.discord.gg tcp
N/A 127.0.0.1:55292 tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.234:443 gateway.discord.gg tcp
N/A 127.0.0.1:55465 tcp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0be65da67b926f3cb983fb382f96a817
SHA1 225c743fd6bedd3b1b5ceae0e40f9f06942c872e
SHA256 1d4a120272c53afe1ce67c552246a3724b27501f7f678a480674d80a24138216
SHA512 ecc0e3558a9a6fcbbd36539b39d3c31022e4964e2aa2bc1dccf06270b4b5b9e55ef65a3bc000a419d7eaa1c0678ac6ad6f7adddec23d1e0566904e29781b86b3

\??\pipe\crashpad_2276_JBQXPZZBIDUCOZUG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 8b43597167128952b1bf21813911ff96
SHA1 318da3c3776be208184162c6f9457273c2b7e9f7
SHA256 649553ee89e036ed352fe253e68dd0910ce1837e2a4e5ac7d267b491f9d617b9
SHA512 1c684f4c0ca882a7b2e0a05eb590eb08536cc722e9ef25e8e2ff65b01190a0fafd828ad06dd078f35636bcc6519261b379782cb660bf664645d8068201081334

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8ff74e8a09985d283789d347f4694343
SHA1 a924e0095d6a084de04e64fdc14b0b9392ab57bc
SHA256 ecc8a0ed3ba175d440c24d6b18aaf041317d386c5fc5d2ceecfc4dbd5d9a43b6
SHA512 6712ce814d1fc3770c26bb59489c64fabc3e3f06cc9ab527a2aef5fc0ac9754e6cde13eb81120063fa3f132e1006c7cb7286aec50c24e1c0857ef113f75d3828

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6023fbc59b5b33ca41f4a434f59ce6f7
SHA1 2493de0ee430bbca0a087c95f33e87ccca89df97
SHA256 e8de90108735b9f3173e1d0f5f2ae4c6760efade4915ec135173e349897b326f
SHA512 283d5cf037c0de625aa159f1e0dd5e44a2a5725886ffe70ef635133296fee23862ef341f7d78672cc6349b6a9035c0e46aa9a63cf1075247ae8b0f79fd7c8e2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 bc9a4d39038f50c2b0f668ac0e69998f
SHA1 dac3c821e95012ebe67c49e06f935aa7944d880d
SHA256 879e27305b81068448eb7736022b5b68ea1cc4a1d0588f9260d4339932d69fcc
SHA512 242489497632f2a3ffde72f0d943211d6b66bedd8587cac0c3777d84d9cdd41c526fe7e2137e7ec8ecd24023e98f2e9c2d852577708f6d4f1ac1c997169adea1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 83db3873386d93d72d1b1244d6ba585a
SHA1 d8f7881fc1ce1332c37e98adcf1002150a9cca53
SHA256 f518686b0fb9e37790290fecce1f0c9aaa33b906ea74bc5de02db7918d22b7be
SHA512 9c8f7d6e240b180cfe9030087f002f653eeaa5118f8ed441d68322aa03348e3cee102e31060a9076e46859942ea63c688d58f622baae75b69efc915b68278b6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585acd.TMP

MD5 92a700fa351926e396ca64833458b155
SHA1 b2ca262e48272e5d91890f7bd9473be079368ffa
SHA256 468edeb56b008d673b8cebd11607a97dc50682632bd61fde59d9948887336a01
SHA512 98b92433d0558c9334b39ac3f29e8b2cf455e0499400d875fad4757df1f708f510e7c3d752507dacc4279bb8eeae7317d567257651680313fe69f3f2170f211a

C:\Users\Admin\AppData\Local\Temp\643ea658-11c9-4d65-8d1b-ae48ba7192df.tmp

MD5 b6c8b4260a9a1ecd85f0c258677fbd56
SHA1 2eaa9de9557b0c4ee93f6fb507311872d4c42dab
SHA256 b92bcfe0dbc51c4e982891c4c4b947b627287b569da25708c9b11634997d1461
SHA512 3e44a437611c5b2b32d8362543e541ff00caed923f212192f8533718e92c459bc7fe59060f3407c5d3b789163bb9eeeb5529c47d7615c675a6fef440cc78bf25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 88e927359f5a7e153073b608ec31b043
SHA1 2062f8d818ae912668c052f6258d3028498af412
SHA256 dc10a626dafd7bcd9a5a5e84f2005286e4661a5269c0537182b1e02817f4c214
SHA512 6b6e985710e1df89c27490c3aee88a560bade782af653d679002030495878e7d18f886ca93de9c634afc82ad76f4785158e3ed9136c553590861c2426193c01a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e4688d4edb1b50e7d6d081f9d91c49ef
SHA1 93ec474a16cdc543254bb992ac118865f73b5859
SHA256 2959c6c3725ba2e92655d3e07e307cd393063b20fe0d99e93598925f138477b1
SHA512 0186b93ca52e535ea13e1d6616758f05f8703762677c685c8f71022af6e0f71993a436b620f399242621b0cf3c2b39efe17e47dcc0663e51e30aaaa3892bd9ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d92a6c154a57d1ae939cc5bc79320bad
SHA1 0d3014dedf590110046c2cd98c4ec7697a3dbcef
SHA256 70081851caef9156f9c1b696835c72aed4ee49552deb2e7e5cd0119d50ea80b4
SHA512 3f55ae56296d7142a27b72b3eda623db88f0d21a5d29388196116ab71bc54d834dc104ff34ff32ee948006e7405c4bba7c60cc6eab6467ed4df9d4a06e5e4e6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 bb51b9780b4f7d476f10c7b046ff516b
SHA1 8db10cdcd4265bf1c159d1920e8d0032017b42ff
SHA256 0d6c5587065c57e3a992f071c808109f6356b399b5f45795e8db0750c5c276e2
SHA512 a1b1910b05673d1adf9de87ff005172704a0318305559f0812f4fa943022a4e18418ed877fe4d7c42fc9cddf9c95ef1305b16240b3f8c0ffbebf8e8fb4152114

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 dcbe19ffeee011a6bd17a38e232fcbed
SHA1 1200a64996ffcbde72ae624bfb7134cff12905d5
SHA256 3d05fa773c39095286396199014463ac33187e7d7bcce741cab3af47283da0df
SHA512 0fdf6a0bb5c3636b49583200794c41d76cff0c7bd03b0a08070198639161d62ebfb8df7f07c14c87f9d626bef6a62e1cd348f92a00c2102e488205a88e591e69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

MD5 76438d882e708fbafe8463e1082e69c5
SHA1 c7ca17ddc154b611588b719d2f7759c059aa10a5
SHA256 2f93a648619fc4c5370ce06dba731d36288ff7fadd3c6ac952a6f2b69bf8d194
SHA512 248d60323424c3a759d3fcef587d79b02958c47f0a1e73ca06bc69322923a184f388b3963c7df043bd9dc4118e8c5a78167f80127d395cb0f3e521e934fbaf80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 3966d3afd0b0c8ff26c4eafa91e60ed9
SHA1 87f8748794d44289ac3718900a419516b56c980e
SHA256 6ae6fabd499a66b286c56df861de77e1672adba3095869bcc3cf36d48b83e5b1
SHA512 836e0f29d2422eeabba6f0e6b75326f938161fd8aff0634dc6f9d644801d05a1f7c18e616f226be17949e4b5e8350d5767af509412279e822c6efadd49f96f82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e566b308df13082090c93dc7ebc806b9
SHA1 3c7e5d709b03a0f64eb6e737fe0aa1fceefa65ef
SHA256 147ce42477e4937ca9fce7861d55cfb4bc021390dc63bcc84101156a6b91524d
SHA512 93e309f4cd4cbd29b9703cd9cdac1e3b070a91dce645c941b9f4e2c507b4747c6dabdf47dc271b989daaa3e0d487441830cd0f3331a899aba179dadaaac9e2ec

C:\Users\Admin\AppData\Local\Temp\_MEI47082\python313.dll

MD5 1c8cc9d9479c9e98ae0f6174ea6491db
SHA1 12534fcd7d3a2672744fc039aaace2bd1c649119
SHA256 9a62e2397cd2f5f044a76c876c982cff73dd82a344cb136fc282ffbeecd5eac8
SHA512 02d65f8f5c24435e6bdcc5a6205abe0e2f29b6e4594f22c062b2935a5289233ddda7cf70b7a105920866e0cd060f27fff2603bbf81334682abd30a814b98381d

memory/1708-1875-0x00007FFF7EEA0000-0x00007FFF7F509000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI47082\VCRUNTIME140.dll

MD5 32da96115c9d783a0769312c0482a62d
SHA1 2ea840a5faa87a2fe8d7e5cb4367f2418077d66b
SHA256 052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4
SHA512 616c78b4a24761d4640ae2377b873f7779322ef7bc26f8de7da0d880b227c577ed6f5ed794fc733468477b2fcdb7916def250e5dc63e79257616f99768419087

C:\Users\Admin\AppData\Local\Temp\_MEI47082\base_library.zip

MD5 4e86f5cea19af0f4cebe86f49be7e3ec
SHA1 3468a06b1a4ce6234e99f51dd20709d0dc649921
SHA256 2efbd11fc8ab9f9f6ef4438d270a0b256eae1d90a5b85dbbff29a42ca4ce008f
SHA512 a718d8295b630dace03a025ffcd1252aa6543cf6a83d7a6ed3a4091dcadacde49efb7660195f30519b476d263df6cebd3d2fa0f1bfb505d24e456fac9dd29c29

C:\Users\Admin\AppData\Local\Temp\_MEI47082\_ctypes.pyd

MD5 984082c8fb774f1512d1c223cf63d203
SHA1 44e4bfc018b529d8b911aedc9ade84340ff2a888
SHA256 34f8f0be6bf6631b1e78379eb69349f5017cb47c4aaea3cc0dc38b265cb8e8d7
SHA512 af9cb71b9090b1c3802f249c64b7b07c3db026472ea93bc6d36262ec424e536c50a8d13f4d95b98533475f66053c5bff02121a0786b81d24b3947d36c476c96e

C:\Users\Admin\AppData\Local\Temp\_MEI47082\python3.DLL

MD5 c947a886e61ad18d052840e095aaa5fc
SHA1 4a2d0092e50757e0b951565c02dd541ab48da96e
SHA256 85d02d4c7e28c0f183415dc2be5fe8e06aa7fa0567673c75c65c0031f59e1e8b
SHA512 d4b3d769fa4c22e914e12ac8b63263bacda72b351bea5bd53ba1d0fd6a6c57c98fc392645170f26e7c84fdf855fbe587615f4f3b1f150285420f5b26bda2da0a

C:\Users\Admin\AppData\Local\Temp\_MEI47082\libffi-8.dll

MD5 08b000c3d990bc018fcb91a1e175e06e
SHA1 bd0ce09bb3414d11c91316113c2becfff0862d0d
SHA256 135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece
SHA512 8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf

memory/1708-1885-0x00007FFFA2470000-0x00007FFFA247F000-memory.dmp

memory/1708-1884-0x00007FFFA06F0000-0x00007FFFA0717000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI47082\_bz2.pyd

MD5 06879b33232f0b8433280da89c0e97cf
SHA1 a01b55e305c4724355e2447d5d4306e0eaee31e2
SHA256 d48eb7460865e50328a49c7cce4e1e96e5723b771d71640ab6eaafde4a0557d1
SHA512 42ad95fce8211b56f5bbddf9e8200f9472f7065f3df621fe015b8458c64e4d0ed0fcd5652937c1cedc0bc58527874c95254ff31ed74ebfa109bd772d939f8368

memory/1708-1925-0x00007FFF9D000000-0x00007FFF9D02B000-memory.dmp

memory/1708-1924-0x00007FFFA1460000-0x00007FFFA147A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI47082\_ssl.pyd

MD5 d654b2f1f7959befc6b98126d76f3dbc
SHA1 17be0aadd9b5a2bb3ae88e76dd6af2b0ce35bec0
SHA256 9993e6ecf724a254d84bf8d2000150b492a14dc77c9fe7a7b2ad65a4bd90dabb
SHA512 a4154dc68c15121e6d2ee50ab6d9178ca89edb8dd3441006ab5c763691115873c4798e10cf45196bbd51e323194fd7dcfdd3c978ac1f52b9ab4e769cb0eb657e

C:\Users\Admin\AppData\Local\Temp\_MEI47082\_sqlite3.pyd

MD5 1915fdc787a1491f4807de2d8d620185
SHA1 0f706831f48c6e16fd76b09884879b15b69d21b4
SHA256 c47ce232b55190bc80982f67354976dbf03b15f92c27e07e5d88bc6c12e4d11a
SHA512 0fb09dbc9e8c93fdb68097e54937ba28a89663543d239b73c60ac59d1fd4f29e10b316032222ea7a00f738ff50e988894808bb8a8896ffb8b99e99b7a5b70f85

C:\Users\Admin\AppData\Local\Temp\_MEI47082\_socket.pyd

MD5 007dfeed1e871e5231f386916c58cc1e
SHA1 ff53b3db988fd01e1e3684efeb8861d6db0e94a3
SHA256 e6cf4a5fa5fdf14b62b2e2fb73042f6a71573797f0161466dfbc92b98ccae434
SHA512 0c4ad2b062e8479f22fa2717cfddabf592a16fe570d984411d199bc461a299088745d8619719300a28d4e9fbf7ff9558349aa66e0e713222e12ed14d74ccaf18

C:\Users\Admin\AppData\Local\Temp\_MEI47082\_queue.pyd

MD5 9a95d033de9a4a50caa701b51d439a53
SHA1 9013cb746304db63baf8930d3da109a917e9a9cd
SHA256 b35c25275915a8c67daffebbfe29245fe10a9c8d43f8eed9bd0135ff50467470
SHA512 79511a7a6f8a75bf70336dc118c2e618c51ef742e891f37a9737606127a90a8e892ef418e37df925fec166854e3fa9b815ff01aed0713c82b14493afd31636fa

C:\Users\Admin\AppData\Local\Temp\_MEI47082\_overlapped.pyd

MD5 7856c0bb2958f96d410d85c2678cab2a
SHA1 e762185b140dee378cedd9be7d38f3909c146789
SHA256 f6e4a3b546e93eb9386dbf2f33ec1abf6f0bed715493fc109c524c59528c43c8
SHA512 194b03b5cae270eceb050ba8aef9253c9f395b786036e65c5509b2b6c25dcbadf408fc5d6cfbeab1b618f9712c99cb3b7710cd75348f910ca3afe0d9c87ffcec

C:\Users\Admin\AppData\Local\Temp\_MEI47082\_multiprocessing.pyd

MD5 b9f0a51a7504f7bde98e5b0b862b86bb
SHA1 8a3d1edead6012b4f8a0ba5533200fbcec6e54cc
SHA256 caa733840d30a5325fd0783503bb281e443149481d4be8e0de94bce39bdae24e
SHA512 824a0b69415724f1be388b555e59a477c0504ebed17bb8d4e82cbfa8a30382a1453201c4ce8934ee90027be98ec681e190d50de61b683e21c57ade15a754e2f9

C:\Users\Admin\AppData\Local\Temp\_MEI47082\_hashlib.pyd

MD5 fb947c2b8d462c7c83ea481420e60dd0
SHA1 3d4337e1cdae42957fc5ea6dbe751f65a83c5a06
SHA256 5309d38a7a3d7f7895ff1dcb3c5d1495c4e64c40adacbc5f4403f803399d4b5c
SHA512 a148bce93ce08223199286d6530fe3a61cda4422d157ee621ebf80aef5a2b545ecb39dbea7eefcf7240143184d189e9e209b158ffe994af51313ad6898b8f543

C:\Users\Admin\AppData\Local\Temp\_MEI47082\_elementtree.pyd

MD5 5f870c05a4fff8b950d7cf55157338ed
SHA1 a4f55809b2f131aa3d9bd227717bc41e6c491f71
SHA256 35f63431ab26d371156c6ed6f9df3c6297f9827819b92160307c2e31ed9c6b0c
SHA512 1096dee9523127eba96285ea9fe7b2caa1bd7bfac476ad33dd3a46f1676e80a16ab12edea47566c28715feafc0ae99751c043964832261153298e228a04fdcee

C:\Users\Admin\AppData\Local\Temp\_MEI47082\_decimal.pyd

MD5 b282f0296923d835b69c26acae984112
SHA1 2d9349345d4e46574571d99212d1181c7dd5b657
SHA256 ccf7f7e1f56c5abd9aff5248335349f223a415f7d019db6a4780cfec7af21095
SHA512 205f16d8f4784ae4ece0bae9af13d8e7cb8ba6d2445b84973513e67a18d4afa52c4e4f282bde127b6a43a81262c603d6d256529ff941b5fd794f27e124437759

C:\Users\Admin\AppData\Local\Temp\_MEI47082\_asyncio.pyd

MD5 c8826b3ddf7eb7e6c5523b16cb52a04a
SHA1 c3f1fd8d7885385e5effb0e178b26b08343300b6
SHA256 e2c753cf78dc388298f15ce3d90b064a3a832f5805eabd3270dfdb64b48e42a7
SHA512 ffa20c8009265482b74d08e81f09101a6215e9a121a22940fc3801e0d17b68960df1b53cb2aca48d6eec9b9d6fe850260f812f385b5602ed28066be44169688a

C:\Users\Admin\AppData\Local\Temp\_MEI47082\zlib1.dll

MD5 a35d7eeae683a35acb99e72e01cf132f
SHA1 cc37f1e0641f6afc821ef45a65986422eb853366
SHA256 c84547746f4c328daa9637414bbb252ec7124005d0cb7d4a8c62779cf641271c
SHA512 dd7996756a3aed62251f90cd0ae95feafa7bc1cfe7c51e7e2e09bfd30bf0bbb2775fe397a1963f63aed7ad49957b4dd75faed022c6ec4ed9576822f650612f2c

C:\Users\Admin\AppData\Local\Temp\_MEI47082\VCRUNTIME140_1.dll

MD5 c0c0b4c611561f94798b62eb43097722
SHA1 523f515eed3af6d50e57a3eaeb906f4ccc1865fe
SHA256 6a99bc0128e0c7d6cbbf615fcc26909565e17d4ca3451b97f8987f9c6acbc6c8
SHA512 35db454dbcc7ed89842c0440b92ce0b0b0db41dbd5432a36a0b7e1eddf51704b1f0d6cff5e3a3b0c3ff5db3d8632fed000471180ad72e39d8dbe68a757ccdfb0

C:\Users\Admin\AppData\Local\Temp\_MEI47082\unicodedata.pyd

MD5 444892d936818c528cc4e2c43dc05cd0
SHA1 2efa53ed8bfbfe047c37c0b074b4665dedeb47c9
SHA256 438604e9ae17022e55e8a1d6bb9c2dfdd20f652d939bdea75d12380ca6f007e1
SHA512 c3a13e99f608c27a91ddde6c4cbd1112c87d6ffe133ce3552171939358ac2b24a8909607ef0342eced76704c1da15c619f611e60ec5e9f0473686e9498396f2d

C:\Users\Admin\AppData\Local\Temp\_MEI47082\tk86t.dll

MD5 8ba190a5bd32e3dc7fd6855dda85fe1b
SHA1 b689700186c9b4b1e5177c63b4cdfd656d6b2912
SHA256 d2eab144f2c0891c7e25dfa09f57bd79f1cfaae954568c12cd119b4de60ff13f
SHA512 b95932ed1f0dfc6a351dcad5c1adfe806f3945dc7352adfbcc7358a2095316a0200fa3418a1be49e289898b04ce44d5733b8164c0975d357d29599f4341a7ec6

C:\Users\Admin\AppData\Local\Temp\_MEI47082\tcl86t.dll

MD5 400457639d7eb472176e289fcc81994f
SHA1 3547ef3ab8263f55b8430d4604a8277037b9fead
SHA256 f2e2d178474c66a81651f90f5d2d9337fd1aa8e2981fecfb42367e4161e605b0
SHA512 249d06a3abedb6d45939523416bafe6eeca611d5acfb0eb7b1fde07729ab074e395ea7a5550e123a504213e4eab89bb4273c6b1f38c5fe84f52fe64b456ecc56

C:\Users\Admin\AppData\Local\Temp\_MEI47082\sqlite3.dll

MD5 f9c22c7484a6e00773fd16fc1ef08104
SHA1 1cb257ab3e6064ac2b9beaf057e308e29ba7e550
SHA256 4b39fef2acfa91b7456389eb9300f3bef8e117d118b04e84a6dd6ea1520fbe2b
SHA512 6c5243f065a465e1443169d643f41635d16bf2aea2ed0a673792552996a1b58dfdd250412b23b0526b8e5a70cf203731ef12578bc71516a587a6501167b2fad7

C:\Users\Admin\AppData\Local\Temp\_MEI47082\select.pyd

MD5 2f9e83150e64083398869c2dd442961f
SHA1 64e0d7a0d38ae6c24ece9d9b30f9ad6a572097ba
SHA256 b86b85a74039c550f62233c08e6705181172b10fe24336cea47f4e321c7602ed
SHA512 89e0011a2c74f355e6da8bf57a8d2847e6a35c5e20f19ff69f6eedb8ba3f61121f515ca3297f355f73125d436cd231b9d613b2908308743661cfc8f9d3266151

C:\Users\Admin\AppData\Local\Temp\_MEI47082\SDL2_ttf.dll

MD5 9f5ece4e13e42058fa5ea65215c41c5d
SHA1 eddcecb4f10f2bb9b61c57b88fb6bd1b1d560a07
SHA256 f5f2690285fc087376ff03edb8849ab5f24c6e9d60ae3661013bea621786582b
SHA512 09cf0927b7cdb84f9ddec465ba10874af6160f947e58e9ff9ead2aa6d10e7d164dd8c5e2df6314f0dd8a84d0b104b48dbac8cc96522f749d54041b3e8ec03400

C:\Users\Admin\AppData\Local\Temp\_MEI47082\SDL2_mixer.dll

MD5 1230b474eca2c4cefb13cf0aaa2fc5d0
SHA1 e23f9cf8cb7dd47e92a02f7508922f01d4d1364b
SHA256 6879a16d963159cb0666e654ea4d5e9a92abffd96cfc6fffe6b39ae81b4ffca3
SHA512 2520fdfbd1370bb9683c29fe1722f771e3d4c7df635987371190be5445237f9e96ae506bbeb79035f6f483ac116995b56bb1e9fc35b6f6a6d49bb940dbf72ead

C:\Users\Admin\AppData\Local\Temp\_MEI47082\SDL2_image.dll

MD5 7174d7a8eec42d7700c5f4adfff39b57
SHA1 b850f0814e77a67f0414a85aae88c9534ca857e5
SHA256 155eab85fe565f6dd1ecb29d6496425539c994bc0d14b52cabd850df5927f9bf
SHA512 9a79cc9661cdab7efeb096f1eb121807ba937b444546d46a321613f6d2792ebf09cc62ff067ece7cb0458b988d6081feadd33e93a52c24faac53dc1539bf32c9

C:\Users\Admin\AppData\Local\Temp\_MEI47082\SDL2.dll

MD5 e6b8557814aa0c8f6e31a70121df081d
SHA1 ce2cc23f2a8e04dbbeed7d10b83e6f7a95b4b444
SHA256 0948d896065f7bbb35b5c946eb213c979f696da8426817f9f5127f0eff280a27
SHA512 64ed994b0416fda843b21ee84c509afb25fa436b6ca15601d52718b4adbf5804f443abc2842c4e8826251033d302319b491be2b7ebc07977e8551815c09c5e36

C:\Users\Admin\AppData\Local\Temp\_MEI47082\pyexpat.pyd

MD5 46dc1c591583fc2e215eaeabab52ac7a
SHA1 7beeb2fb30a4838e5bf010f67f9913415514b151
SHA256 3dfc095a2cfcbc3c91895a779bbe275afadc4875742f4dd5548a20931c1e1844
SHA512 4aa1cdb1ea287989e840954f5d58af3ed3663a6f993d8b412dc26ff14ad228ea3ed13558713392f997469ff501f0f4ab5d893b3e43bedf111a02027deb0d4902

C:\Users\Admin\AppData\Local\Temp\_MEI47082\portmidi.dll

MD5 1b443fe9c75d57eedcf5fd67493573e2
SHA1 27504e51f5f19d3d73ed2a0ba473dc5cda787679
SHA256 96b2ba3d433b0e0a0ce72c72725e033ca35b570225b55b38fb7d71c716418ee3
SHA512 02f0ee765490d999ac621f54411b039ef42dddeba17d2edbb9970db20e481d29aed4d607d8330a7c5cd7133b214f13dcb427e89903f9baaef20ffc4a431bb0c4

C:\Users\Admin\AppData\Local\Temp\_MEI47082\libwebp-7.dll

MD5 4276d3cb447a08644a2c1d3b7afb9fdf
SHA1 d63f34d0b4e8eb660a92a3843b695eda16294b80
SHA256 cc3831ce9ff18f5ebfde8b20d1ee237e2336e4d9ca6405392ac5ec9c8c948174
SHA512 d3a539176243e31a15877b0a6c40c295036ccac5c3ac13cd7b74a340c4183a661a630bbe6b5b0c0ff54b4b27fc72bc154883c7ba5167cb4baeb4b0a528f514bc

C:\Users\Admin\AppData\Local\Temp\_MEI47082\libtiff-5.dll

MD5 f374796886d56c6c552f3a92a81c3338
SHA1 d61f0297386e9925a6ac0c6469ba40b86d3c98cd
SHA256 e2c5b370bcade6a167dba5dc9bb33107d4ed2612e7e8af8d1035be72f35f90d7
SHA512 b59cd888b41c67bf139c2c78d7968a33c84e9127752b9fa276b7b3b461a01cd71dc72936e51a334ddad7fa8e67dd4c250a3495ce544aa156efacb77e7f1dce9f

C:\Users\Admin\AppData\Local\Temp\_MEI47082\libssl-3.dll

MD5 b457df62ae082d2893574ec96b67ab3d
SHA1 6ca688f3b9a76cfebc010fa5f39f20a3487fbe63
SHA256 716ccd55d1edbade9b968f60c6d9007ab7ab59193d08ae62d0187bf593495f94
SHA512 758966e9463462d046fbc476459e52f35b1940b7f008f63417d86efe16b328cee531d8d97ee82afaa99424252caadb8bb7688449323e834b97f204303965b794

C:\Users\Admin\AppData\Local\Temp\_MEI47082\libpng16-16.dll

MD5 8f3bf615136b7241204419fb24c8d5ad
SHA1 d107f0b405c566974c37be20e1abbd365ccbb750
SHA256 a9c4d2443d6de90091eff8a5adfd7a3c207b0c7aefb913b855320866e93f8039
SHA512 a2ced7974c086291e69dce39f841335c771088aecbbc52b049d7af51c81342bd1e8bd0d8c78e62529e2041d15d8f5317e5a41727e299c2d827027bcbb0382aa1

C:\Users\Admin\AppData\Local\Temp\_MEI47082\libopusfile-0.dll

MD5 a729c1b14d695b00ae79472d3fe45339
SHA1 20cd334187fc7297138f014303e5c82b5f918c80
SHA256 57bb8b7dec2bd35ff1031f12c4ba3aa3cb2e8de2445e21ea29ffa3ad13e7be3a
SHA512 1da8060b1767bdf811b005e4a476c18f1c2f93186334aa40ca59937cec7aed37267c45a3b5aaeb8fa13d9b0639959d128d957e6d08fcb9787926df850e42fc22

C:\Users\Admin\AppData\Local\Temp\_MEI47082\libopus-0.dll

MD5 3c2e93c3d2b292a0f489449209f8e099
SHA1 751f18a79c6da4e7162439cef4d481189d17a242
SHA256 b6b32593c0bcecea7b31a900086870bbab039f25b29067170ac461cf2479dea5
SHA512 a0ec68d2a1c650720b4e3e437a5841e8d04d165fc920ce26a41cc20d6ddf4c761b05bbf3426e241c2ee13a9fbe146fc889aa45df70397600b2d962bdaa1bedbb

C:\Users\Admin\AppData\Local\Temp\_MEI47082\libogg-0.dll

MD5 6ffebd7d283079e9029c7f29d8ca7fba
SHA1 b470b09c8aa2f3e42bcff8392d95b6259cb87555
SHA256 0d9a915ea29ed4da271f86dbcfa90b52064a26b5136af590b2bb430d5dd6a67e
SHA512 2b9a9b5f298eefccf0a08af52d7c2c803db19ab9f3cedad2bb19df50466527c05e31f956b6018c9a337565448249465eba8952e9e8397b728b7f76e4f0561c68

C:\Users\Admin\AppData\Local\Temp\_MEI47082\libmodplug-1.dll

MD5 072093b2671589d4ce465de2b92ebee4
SHA1 821d9827286271859640984df28e01b4a37341fb
SHA256 04d07b4dcae8d3998156d563df20881ba790c32389aca23ade91de9cf9f4a3d4
SHA512 522d5faa8d17017f1891374a23d6e653cd62b51818734bf1f7343248d09e1e314ae49821595818fe69af62c9e51debca4ae384e421ad8fa658aced95f977379e

C:\Users\Admin\AppData\Local\Temp\_MEI47082\libjpeg-9.dll

MD5 6e67e46f957f50215b7e68c9091db53f
SHA1 e969fa4858351c95c337352dd0578fe5a83403f0
SHA256 24b25fe9ebe303496973c4d11144b053a5f5a03eabf53f9d8eab0c15fdbfbffe
SHA512 86af5560269ef21490f5343ea3e0522f35e271d42e64f61a2f05471302856de79d34bf00658e1667d7145af48667627fa3897bca2fc479928ab9a62ecba81396

C:\Users\Admin\AppData\Local\Temp\_MEI47082\libcrypto-3.dll

MD5 bc85029244d404c160559311fdbd1c31
SHA1 d766327377615f4805095265af4e1fb6c3ac5fa1
SHA256 bd11a1aed1a556c64c6b0543d2ebc24b82edae20149187298e751cb6b5278948
SHA512 6fdc7d96460e00695c925d8858665799e65e76950de9a143a7c1ee5b2d35356dde4c8fbca6df98d69290d5f1433727bedafeb2624057443c40b43a015efcebb0

C:\Users\Admin\AppData\Local\Temp\_MEI47082\freetype.dll

MD5 522257e451efcc3bfe980f56d3fed113
SHA1 f5e12321517f523842943ea7f3ba74d449dba1f4
SHA256 8c74376e7932eebcd084191b40774056b32525ba48e375d942754cdc4fc03c60
SHA512 d590cd813281278be4aec86af3713216dd306399b4910221a2447a3200accbca1b5f8d9495bf21f69ff8e09e5465a71c715a85ce0d87cdc26cbf27b0fae2cc4c

C:\Users\Admin\AppData\Local\Temp\_MEI47082\_lzma.pyd

MD5 358f73495777544b0581d2809cf9f90c
SHA1 ce3f8cb39638699d7e9e27b453d9eaf4e97cad36
SHA256 cbbd749034c3eeb289ba855d336607cdd61e2de81eaa8cd062ee9f517ea7ba1d
SHA512 fe757eda555ead5505547402b063725aebdd37ca66c6e9e5e9cecce6e25727c809d0ee87f5f1dfe0fe1e6027ee11cbbb88d70b9e848d2392ac8fbefb729a8d1c

memory/1708-1926-0x00007FFF99090000-0x00007FFF990A9000-memory.dmp

memory/1708-1928-0x00007FFFA21C0000-0x00007FFFA21CD000-memory.dmp

memory/1708-1927-0x00007FFFA2230000-0x00007FFFA223D000-memory.dmp

memory/1708-1929-0x00007FFFA1A20000-0x00007FFFA1A2F000-memory.dmp

memory/1708-1933-0x00007FFF7E960000-0x00007FFF7EE93000-memory.dmp

memory/1708-1932-0x00007FFFA06F0000-0x00007FFFA0717000-memory.dmp

memory/1708-1931-0x00007FFF98AD0000-0x00007FFF98AE6000-memory.dmp

memory/1708-1930-0x00007FFF7EEA0000-0x00007FFF7F509000-memory.dmp

memory/1708-1934-0x00007FFF93930000-0x00007FFF93963000-memory.dmp

memory/1708-1935-0x00007FFFA2470000-0x00007FFFA247F000-memory.dmp

memory/1708-1936-0x00007FFF7E890000-0x00007FFF7E95E000-memory.dmp

memory/1708-1937-0x00007FFF7E850000-0x00007FFF7E887000-memory.dmp

memory/1708-1938-0x00007FFF7E3D0000-0x00007FFF7E841000-memory.dmp

memory/1708-1939-0x00007FFF7BBA0000-0x00007FFF7CF66000-memory.dmp

memory/1708-1940-0x00007FFF81030000-0x00007FFF81052000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 49b70e55d0702fcc63d74bdeadcb0094
SHA1 48bd55e7248272f174f658457010fb5a192a735f
SHA256 eae5b2279e4ff25def5d1eeeca068095aeb267012bd7cd781801cafa6533db0c
SHA512 2267bcc7f3c3c0c30b67faa584dcabc323ceee492041cbf490ac7b38c49f40d4b36cd02a2eb70a1ff2e9f42a324544ac67b7adf1400df709c0ad74dddda6fb06

memory/1708-1951-0x00007FFFA21C0000-0x00007FFFA21CD000-memory.dmp

memory/1708-1961-0x00007FFFA1A20000-0x00007FFFA1A2F000-memory.dmp

memory/1708-1962-0x00007FFF98AD0000-0x00007FFF98AE6000-memory.dmp

memory/1708-1963-0x00007FFF7E960000-0x00007FFF7EE93000-memory.dmp

memory/1708-1973-0x00007FFF93930000-0x00007FFF93963000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1dde39287122d63aa0835e4c8407341c
SHA1 0087b6b05c04ee09872dd47fd84ac228ce5bc5af
SHA256 78e18a5eee40e491de5b9a019e9cc71f74eec8d73c4af35737467c45b12dcc53
SHA512 5156286984ba6cf548d4558e8f13ff4764f8e2bda7d3e3b6f4dbae5fa52cf15c59d99ad76672a95b5226ff55cb9dedb001602f678681f7955ee568d08758a03e

memory/1708-1979-0x00007FFF7E890000-0x00007FFF7E95E000-memory.dmp

memory/1708-1980-0x00007FFF7E850000-0x00007FFF7E887000-memory.dmp

memory/1708-1981-0x00007FFF7E3D0000-0x00007FFF7E841000-memory.dmp

memory/1708-1990-0x00007FFFA1A20000-0x00007FFFA1A2F000-memory.dmp

memory/1708-1989-0x00007FFFA21C0000-0x00007FFFA21CD000-memory.dmp

memory/1708-1983-0x00007FFFA06F0000-0x00007FFFA0717000-memory.dmp

memory/1708-1982-0x00007FFF7EEA0000-0x00007FFF7F509000-memory.dmp

memory/1708-1997-0x00007FFF7BBA0000-0x00007FFF7CF66000-memory.dmp

memory/1708-2006-0x00007FFF7DB90000-0x00007FFF7DBBC000-memory.dmp

memory/1708-2005-0x00007FFF7DBC0000-0x00007FFF7DBD1000-memory.dmp

memory/1708-2004-0x00007FFF7DBE0000-0x00007FFF7DC26000-memory.dmp

memory/1708-2003-0x00007FFF7DC30000-0x00007FFF7DC48000-memory.dmp

memory/1708-2002-0x00007FFF7DD50000-0x00007FFF7DD6C000-memory.dmp

memory/1708-2001-0x00007FFF7DD70000-0x00007FFF7DD82000-memory.dmp

memory/1708-2000-0x00007FFF80390000-0x00007FFF803A6000-memory.dmp

memory/1708-1999-0x00007FFF6D750000-0x00007FFF72027000-memory.dmp

memory/1708-2028-0x00007FFF7DC30000-0x00007FFF7DC48000-memory.dmp

memory/1708-2007-0x00007FFF7EEA0000-0x00007FFF7F509000-memory.dmp

memory/1708-2032-0x00007FFF7EEA0000-0x00007FFF7F509000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 39ed44caab035173998b7b6d69b792e5
SHA1 c3e164f33ceb9eaabfa4b1665f9dafa7e46904a6
SHA256 8cff6d7e68cc3518d3962353c3dd36eb652a7297e9725594cd807c8f37e495e1
SHA512 73859365482638e4e307aa7b0858a8f3f9773102abaa2cef8182757ff46eb7ed83d4a4093a8cd7e6367115d54df152fb9f3a97485b791f6ea10f9cb557839c6f

C:\Users\Admin\AppData\Local\Temp\_MEI34482\_tcl_data\encoding\euc-cn.enc

MD5 c5aa0d11439e0f7682dae39445f5dab4
SHA1 73a6d55b894e89a7d4cb1cd3ccff82665c303d5c
SHA256 1700af47dc012a48cec89cf1dfae6d1d0d2f40ed731eff6ca55296a055a11c00
SHA512 eee6058bd214c59bcc11e6de7265da2721c119cc9261cfd755a98e270ff74d2d73e3e711aa01a0e3414c46d82e291ef0df2ad6c65ca477c888426d5a1d2a3bc5

C:\Users\Admin\AppData\Local\Temp\_MEI34482\attrs-25.3.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1