Analysis Overview
SHA256
0c071497334f0ece1f7217f0572b13c78ae1a37f466993ddea8f48e99826606d
Threat Level: Shows suspicious behavior
The file GTAG GUI.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obfuscated with Agile.Net obfuscator
Executes dropped EXE
Loads dropped DLL
Program crash
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-04-06 23:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-04-06 23:14
Reported
2023-04-06 23:16
Platform
win7-20230220-en
Max time kernel
27s
Max time network
31s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\GTAG GUI.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1724 wrote to memory of 1584 | N/A | C:\Users\Admin\AppData\Local\Temp\GTAG GUI.exe | C:\Windows\SysWOW64\WerFault.exe |
| PID 1724 wrote to memory of 1584 | N/A | C:\Users\Admin\AppData\Local\Temp\GTAG GUI.exe | C:\Windows\SysWOW64\WerFault.exe |
| PID 1724 wrote to memory of 1584 | N/A | C:\Users\Admin\AppData\Local\Temp\GTAG GUI.exe | C:\Windows\SysWOW64\WerFault.exe |
| PID 1724 wrote to memory of 1584 | N/A | C:\Users\Admin\AppData\Local\Temp\GTAG GUI.exe | C:\Windows\SysWOW64\WerFault.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\GTAG GUI.exe
"C:\Users\Admin\AppData\Local\Temp\GTAG GUI.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 628
Network
Files
memory/1724-54-0x0000000000330000-0x0000000000346000-memory.dmp
memory/1724-55-0x0000000004BD0000-0x0000000004C10000-memory.dmp
memory/1724-56-0x0000000004BD0000-0x0000000004C10000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-04-06 23:14
Reported
2023-04-06 23:23
Platform
win10v2004-20230220-en
Max time kernel
570s
Max time network
554s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe | N/A |
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\GTAG GUI.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133253037142748887" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\GTAG GUI.exe
"C:\Users\Admin\AppData\Local\Temp\GTAG GUI.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4140 -ip 4140
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 1056
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2a6b9758,0x7ffa2a6b9768,0x7ffa2a6b9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1436 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3264 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4496 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5084 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3684 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5320 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3428 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3396 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5240 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5948 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3212 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Debug\" -ad -an -ai#7zMap26011:72:7zEvent15404
C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe
"C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe"
C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe
"C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5732 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:2
C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe
"C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe"
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\e7634f8e8caa4e52b55e1c106ae31751 /t 4904 /p 696
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\f03ea78eb79e41c0923dd02c41e3debd /t 4904 /p 696
C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe
"C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 13.89.179.9:443 | tcp | |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 95.101.143.155:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 76.38.195.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.255.255.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| NL | 172.217.168.206:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 206.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.13.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 142.251.36.46:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 46.36.251.142.in-addr.arpa | udp |
| US | 93.184.220.29:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| NL | 173.223.113.164:443 | tcp | |
| NL | 173.223.113.131:80 | tcp | |
| US | 204.79.197.203:80 | api.msn.com | tcp |
| US | 8.8.8.8:53 | ufile.io | udp |
| US | 172.67.155.81:443 | ufile.io | tcp |
| US | 172.67.155.81:443 | ufile.io | tcp |
| US | 172.67.155.81:443 | ufile.io | udp |
| US | 8.8.8.8:53 | d3vw4uehoh23hx.cloudfront.net | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | client.crisp.chat | udp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| NL | 52.222.137.183:443 | d3vw4uehoh23hx.cloudfront.net | tcp |
| US | 8.8.8.8:53 | image.crisp.chat | udp |
| US | 8.8.8.8:53 | settings.crisp.chat | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 104.18.28.91:443 | settings.crisp.chat | tcp |
| US | 104.18.29.91:443 | settings.crisp.chat | tcp |
| NL | 142.250.102.156:443 | stats.g.doubleclick.net | tcp |
| US | 104.18.28.91:443 | settings.crisp.chat | tcp |
| NL | 142.250.179.193:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 81.155.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.38.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.56.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.137.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.28.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.29.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | alwhichhereal.com | udp |
| US | 8.8.8.8:53 | eautifulasawea.com | udp |
| US | 8.8.8.8:53 | pogothere.xyz | udp |
| IT | 18.66.196.43:443 | alwhichhereal.com | tcp |
| IT | 18.66.196.43:443 | alwhichhereal.com | tcp |
| US | 8.8.8.8:53 | moderningvigil.org | udp |
| US | 104.21.33.231:443 | eautifulasawea.com | tcp |
| IT | 18.66.196.43:443 | alwhichhereal.com | tcp |
| US | 104.21.33.231:443 | eautifulasawea.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 172.64.107.19:443 | pogothere.xyz | tcp |
| US | 172.64.107.19:443 | pogothere.xyz | tcp |
| NL | 52.222.139.110:443 | moderningvigil.org | tcp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.250.179.138:443 | content-autofill.googleapis.com | tcp |
| US | 104.21.33.231:443 | eautifulasawea.com | udp |
| NL | 142.250.102.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 17.211.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.33.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.196.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.107.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cloudflareinsights.com | udp |
| US | 104.18.28.91:443 | settings.crisp.chat | tcp |
| US | 104.18.28.91:443 | settings.crisp.chat | udp |
| US | 104.18.28.91:443 | settings.crisp.chat | udp |
| US | 8.8.8.8:53 | client.relay.crisp.chat | udp |
| US | 8.8.8.8:53 | qxdownload.com | udp |
| US | 188.114.97.0:443 | qxdownload.com | tcp |
| US | 188.114.97.0:80 | qxdownload.com | tcp |
| US | 8.8.8.8:53 | mendress.icu | udp |
| US | 104.21.56.110:443 | mendress.icu | tcp |
| US | 8.8.8.8:53 | 0.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | theorywomen.online | udp |
| US | 104.21.10.51:443 | theorywomen.online | tcp |
| US | 8.8.8.8:53 | yourjsdelivery.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.26.4.109:443 | yourjsdelivery.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.21.10.51:443 | theorywomen.online | udp |
| US | 8.8.8.8:53 | nostop.go2cloud.org | udp |
| IE | 52.210.174.128:443 | nostop.go2cloud.org | tcp |
| US | 8.8.8.8:53 | 110.56.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.10.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.4.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.169:80 | apps.identrust.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 128.174.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.25.221.88.in-addr.arpa | udp |
| NL | 142.250.179.138:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | cdn-eu-hz-3.ufile.io | udp |
| DE | 213.239.207.70:443 | cdn-eu-hz-3.ufile.io | tcp |
| DE | 213.239.207.70:443 | cdn-eu-hz-3.ufile.io | tcp |
| US | 8.8.8.8:53 | 70.207.239.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dbda6785-433f-4035-9d15-79e52e09572c.id.repl.co | udp |
| US | 34.149.204.188:443 | dbda6785-433f-4035-9d15-79e52e09572c.id.repl.co | tcp |
| US | 8.8.8.8:53 | 188.204.149.34.in-addr.arpa | udp |
| US | 34.149.204.188:443 | dbda6785-433f-4035-9d15-79e52e09572c.id.repl.co | tcp |
| US | 34.149.204.188:443 | dbda6785-433f-4035-9d15-79e52e09572c.id.repl.co | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | tcp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.214.58.216.in-addr.arpa | udp |
| US | 34.149.204.188:443 | dbda6785-433f-4035-9d15-79e52e09572c.id.repl.co | tcp |
| US | 8.8.8.8:53 | 137.71.105.51.in-addr.arpa | udp |
| US | 34.149.204.188:443 | dbda6785-433f-4035-9d15-79e52e09572c.id.repl.co | tcp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| NL | 142.251.36.35:443 | beacons.gvt2.com | tcp |
| NL | 142.251.36.35:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 35.36.251.142.in-addr.arpa | udp |
| US | 34.149.204.188:443 | dbda6785-433f-4035-9d15-79e52e09572c.id.repl.co | tcp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | udp |
Files
memory/4140-133-0x00000000000B0000-0x00000000000C6000-memory.dmp
memory/4140-134-0x0000000004E60000-0x0000000005404000-memory.dmp
memory/4140-135-0x0000000004950000-0x00000000049E2000-memory.dmp
memory/4140-136-0x0000000004BB0000-0x0000000004BC0000-memory.dmp
memory/4140-137-0x0000000004AF0000-0x0000000004AFA000-memory.dmp
\??\pipe\crashpad_3664_SOHDNXKRKRSVOPCC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 011baff9de6339da905bed5effaa8f1e |
| SHA1 | 75cfaea0d3a1adf9d731c6413a7883b080652c0f |
| SHA256 | 62aad21593e0f1d57ce9f65789d517a149f95ac5060d8e795e935f30c7c6b8bb |
| SHA512 | e8e4cb90cd9c398e100727ebff14b21995c38d30c0c1a3b742a4b1d0ec9c77343feddddcfe9d667ee5816fd72278bcff9d31b782ba47251ea60978f967d2c8b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ef86f54deb37aa3007ab0f039cde2a1b |
| SHA1 | 037b84d93377475a46de49f5d2a93ee9d11bfa5d |
| SHA256 | f6c696abb7540429746738de10522cc02e564ec9132a1d28ad5caf8be0009af8 |
| SHA512 | b671296f69802d707870c53e4b53bd965d25207d299133b2ef7a7dceeb3bc1d2e481420e40ae3b280271990c62f9f7a65f9f5e224405565828beb0a0eed751d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 4e59938adac30fcf134446deec0b3edb |
| SHA1 | 95d485cf201007aeba29b3e327d8a6c595ef1478 |
| SHA256 | 10ca2db7ecf53cc501adff7cda908b65e3dcb0ca7bca3d533da03636ecf1dd89 |
| SHA512 | 45299006e674b07cb05dc226fb932ffd4be005e80cd08a3137d12e7e7bea79cd73a3607768edf1855402bc061f654dc555e75f3ba1bcc780ce84f6891fefeb57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | be3ee3d9dff2cfe797c41bccc3431cf9 |
| SHA1 | 237fee7f68b47354af9e80ea7cc5fa3d1ba18fc2 |
| SHA256 | 0d93b2856fec28adfd8889c356195358f22ecf9cf7befea26c9aca7413646ac5 |
| SHA512 | 280c3bc5a8ebb7bb1efe00e71f97c87b8be5dcc679af3ba8a2326730608d287e47ad98133420c6ae751da93ea71566b49750a5f3139e1a95abc92944d2bee81d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 93a128557d8e1e4ba1d5bb6ff391ef0f |
| SHA1 | 7da46da94bac45dedf7bce06dcd8c794ad8df210 |
| SHA256 | 258dcdeb22e8d4e053306454dfbc933b0c11b78be6c0d6b7603d54388ff98bce |
| SHA512 | 9dbc394b363e973be33634ea2e2dd04f11df38683438cc051628c711d56a74f2bba65403db4888bd17cfd8613e2636b7c4c5ac5044be7c94c46fe1101748dfaf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cb5d22b0e6981044ce6b2a768434e131 |
| SHA1 | d6ea95376f5157c016a6e5f49443f599be2793cd |
| SHA256 | ccf16a023a0729b14cdf5011049e0aa5db1dc77b555291c22ef061770080f213 |
| SHA512 | 9866f65c0406b4be47535a167430e74c0255bfb72018294dafb51cbde8e81a70a58c065c71f3447f8d6a9747d659080cba6efcf6321f9bbdb8e054f11e7effd1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7140dae94935fa9b75413c9c545be6b3 |
| SHA1 | 370afd4d33d89297bf6c1cf26189420a0a844acc |
| SHA256 | 2ed189dd19b3fe258cd1dc450375f9e4073ebaa7937c154deabbfe905674ff9d |
| SHA512 | 8eb4738dfe3e1b19e247106cf1bea6b5102243501827cf7b23a20154f5181de8fa0230708995490f317f0c3c98632febfb45563b947c6d9fa375740800787dc3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | b81d6636c3ad72c63e532e5180eaf7f9 |
| SHA1 | ddcd059999fff6218e98af62dbe3fa9c885a0de8 |
| SHA256 | 2fb4351c49b47b7cdaa9516237a8b1e690e4448339d09d70a84c658729e461ef |
| SHA512 | 4f0b87bbf60061a8efca4906554f958b7c28cf582452e01a8316d8c5ea8c98beda6c3230afff207f0b92d316c4c2e0ca1b4631e7d7364344b4a76394115af06b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1c98d343babcf9d859e6555b6c00d896 |
| SHA1 | ab10b2d4134ca95af8a6e2afd1de5ba1c7ee4eca |
| SHA256 | 8518045629f1c769f6049f098cb69c2d34ac03cfbb02f21c702672823afa18f3 |
| SHA512 | d54e0d1851cf1886c6a1c41b154bd3a3af222071e74402c536c34776825e41bf31feb88ccd4d2f5ff13e099513dacc9c0b3fa02279edbd266ac96595ef1e5409 |
C:\Users\Admin\Downloads\Debug.zip.crdownload
| MD5 | e07a7dc013d8a8070eb070bfbf6935be |
| SHA1 | 9af9c4a1d9f76ece9a0c87a036c7a89df43ea383 |
| SHA256 | c8803057d2b9421f2b4d797b626180a16bfe73661f7545317ebada95a37e0ea3 |
| SHA512 | bda17097a39ef5c63228237380783c8c665dc8f2721b34cd7cbb20a71335d5268f1abd960ac26f8c891aa003c7ab0507e2c721d919a2ea5b8ec92007d7a4039e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 94eab578d3e0d2a95a9a53e4a3a36cb5 |
| SHA1 | 434af836808fbecef4e3ae6b7821b9d55de96ce8 |
| SHA256 | fd8d3422fcb6a3e20c7edf9fddda17d7b89e7556ac8c29951786f17a2e2736b8 |
| SHA512 | a87d72027d2e3ab788a4eb89f6b183ab33016f415454e3b3a0159cdbe85d3e7a8db7adef0c3c7ed5e85f5dea55216eb695d3ce6379aba8e307f90f7b7d82bf8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e924eea77fe172190e732345c938400e |
| SHA1 | ebffb1977048c93883348b7bf6abd960e480ca54 |
| SHA256 | 787226932a5be8feff7fbd03ea551d8ff12ecc30579a969278c08c516154ea31 |
| SHA512 | 989fa6240e5d8093169aaa07d511774ff849c4eb18f5613da767446a65bcf619cbf69b209ae56465b2eb091e0e151016fc1c4024ce9e6042fd77c2dcbce0b188 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6b4cf92a75e39fb96381cc658812f1eb |
| SHA1 | 7ff0e71a5229c5b2b50bc2a3428e4cdc5b4935ad |
| SHA256 | 24e806930dd4c25390b5f4beac99f88c1147428fdcbff191cfa1b0687767102b |
| SHA512 | c88ff6786427a84529d2c4b139084c806a35ac004b21c5fae482400b726257a02c4f751cea18c5c936c2c38da0b44d0b44b3311c7fb2cfb9057248ed5035351f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 9ab868d84978f6775281bc738f7ec2c3 |
| SHA1 | ad7cf24b821db9bedae4c8ad6e3dd268531a7130 |
| SHA256 | 3314c039f98a56a14a62afb62e0859306faa7fd27d2fa14f034af4af3f01ead0 |
| SHA512 | db58322cf554d4ee8aba91c56e07ba682e847ee9adba86c3797fd43caf69f8ec8ff30015d0d96bda509cc8f6eec73021b68900d59d9cd51693a0ae7ccbaf788a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58589b.TMP
| MD5 | d19c69c449fd3d29aba65c1ca6a4bbe0 |
| SHA1 | 4ca04fe1265cff3617d107a20f1288b1420b744e |
| SHA256 | 99e473107b8bd95d46a4b4d031f1ca96a913b654afae064d5ae30edc3d6331db |
| SHA512 | 0abc346f6600314c1cf79a38f4afaa51e5a3b0d69b32c1d94c1e502979aa0b69b8b57d13a7e91b82661f755f41a10f02dad0c59ca1b257136537208574f6a2e6 |
C:\Users\Admin\Downloads\Debug.zip
| MD5 | e07a7dc013d8a8070eb070bfbf6935be |
| SHA1 | 9af9c4a1d9f76ece9a0c87a036c7a89df43ea383 |
| SHA256 | c8803057d2b9421f2b4d797b626180a16bfe73661f7545317ebada95a37e0ea3 |
| SHA512 | bda17097a39ef5c63228237380783c8c665dc8f2721b34cd7cbb20a71335d5268f1abd960ac26f8c891aa003c7ab0507e2c721d919a2ea5b8ec92007d7a4039e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6e41f01975fb00df4cca3c1bda874684 |
| SHA1 | 37ce3819526aa32826b236999eb4915b7e8f1ebe |
| SHA256 | af28ba6d430d058abb5579550c3cd02d2297b3da56502699831e06d2e530cc48 |
| SHA512 | 9c2b7980aa8d273cb5afe52deb98afe343f7d60e387fcb5cdc717b94bf854e67648d2ce4e7945aad32fdf26f3ffb8ea66819fde631352cf5842cbb2fb78f5816 |
C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe
| MD5 | 45e704327dc60ee44308d852f2559d2a |
| SHA1 | 9514b3ad4e4ac2ffaaf1a53bd365e183b12d42ed |
| SHA256 | 0c071497334f0ece1f7217f0572b13c78ae1a37f466993ddea8f48e99826606d |
| SHA512 | 71a74ec690e32543a1cfb002d5fc12802b38afe241b3e5a17ffe2b8943387fc0bb6f4a8b6a0714c475963faf91a8511d912f8c7622c7f03664c095d6428da5d5 |
C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe
| MD5 | 45e704327dc60ee44308d852f2559d2a |
| SHA1 | 9514b3ad4e4ac2ffaaf1a53bd365e183b12d42ed |
| SHA256 | 0c071497334f0ece1f7217f0572b13c78ae1a37f466993ddea8f48e99826606d |
| SHA512 | 71a74ec690e32543a1cfb002d5fc12802b38afe241b3e5a17ffe2b8943387fc0bb6f4a8b6a0714c475963faf91a8511d912f8c7622c7f03664c095d6428da5d5 |
C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe.config
| MD5 | 9dbad5517b46f41dbb0d8780b20ab87e |
| SHA1 | ef6aef0b1ea5d01b6e088a8bf2f429773c04ba5e |
| SHA256 | 47e5a0f101af4151d7f13d2d6bfa9b847d5b5e4a98d1f4674b7c015772746cdf |
| SHA512 | 43825f5c26c54e1fc5bffcce30caad1449a28c0c9a9432e9ce17d255f8bf6057c1a1002d9471e5b654ab1de08fb6eabf96302cdb3e0fb4b63ba0ff186e903be8 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuTextbox.dll
| MD5 | 7571e9840eb07d2e31a88f650fc63350 |
| SHA1 | 590898ae191816dc1249bbcabd839b493b1870b7 |
| SHA256 | 8d7c6fe2b9b5793c7ab885885bace64f1ee8deaeba4d431a8b697266b63ba19a |
| SHA512 | c0a9ccdc9401cbcb68126837666839209957c8009e9271f6f1f9e195b67e67a7b3b1b86cb977244081bbec85f1d3f06182ce36e72b9425d9849e95ee0b036b36 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuTextBox.dll
| MD5 | 7571e9840eb07d2e31a88f650fc63350 |
| SHA1 | 590898ae191816dc1249bbcabd839b493b1870b7 |
| SHA256 | 8d7c6fe2b9b5793c7ab885885bace64f1ee8deaeba4d431a8b697266b63ba19a |
| SHA512 | c0a9ccdc9401cbcb68126837666839209957c8009e9271f6f1f9e195b67e67a7b3b1b86cb977244081bbec85f1d3f06182ce36e72b9425d9849e95ee0b036b36 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuTextbox.dll
| MD5 | 7571e9840eb07d2e31a88f650fc63350 |
| SHA1 | 590898ae191816dc1249bbcabd839b493b1870b7 |
| SHA256 | 8d7c6fe2b9b5793c7ab885885bace64f1ee8deaeba4d431a8b697266b63ba19a |
| SHA512 | c0a9ccdc9401cbcb68126837666839209957c8009e9271f6f1f9e195b67e67a7b3b1b86cb977244081bbec85f1d3f06182ce36e72b9425d9849e95ee0b036b36 |
memory/696-387-0x0000000005600000-0x0000000005620000-memory.dmp
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuButton.dll
| MD5 | 3e60d71b66fb974045fb8dae1baef617 |
| SHA1 | 7078e2779f8c8d0a594c985ff7ca2e65cabaed6b |
| SHA256 | ca17918d71b6375a30990979e8f025aaef2764e06a908210be0b665dfbf7f8d0 |
| SHA512 | fc991a823c39ec6fffdea6193dc3f687af907e36768dc09a733d95d3bb575e8d7ead2b434e94be35fff7bb625a71f3de499c186897f15fa489ebd9d8b65f0327 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuButton.dll
| MD5 | 3e60d71b66fb974045fb8dae1baef617 |
| SHA1 | 7078e2779f8c8d0a594c985ff7ca2e65cabaed6b |
| SHA256 | ca17918d71b6375a30990979e8f025aaef2764e06a908210be0b665dfbf7f8d0 |
| SHA512 | fc991a823c39ec6fffdea6193dc3f687af907e36768dc09a733d95d3bb575e8d7ead2b434e94be35fff7bb625a71f3de499c186897f15fa489ebd9d8b65f0327 |
memory/696-392-0x00000000058E0000-0x0000000005900000-memory.dmp
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuButton.dll
| MD5 | 3e60d71b66fb974045fb8dae1baef617 |
| SHA1 | 7078e2779f8c8d0a594c985ff7ca2e65cabaed6b |
| SHA256 | ca17918d71b6375a30990979e8f025aaef2764e06a908210be0b665dfbf7f8d0 |
| SHA512 | fc991a823c39ec6fffdea6193dc3f687af907e36768dc09a733d95d3bb575e8d7ead2b434e94be35fff7bb625a71f3de499c186897f15fa489ebd9d8b65f0327 |
memory/696-396-0x0000000006080000-0x00000000060EE000-memory.dmp
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuLabel.dll
| MD5 | e65106de1d954a8ba99dba7fdc3757ab |
| SHA1 | 459c0bab697f3ac7b444464d3dffaf87adf0b9a8 |
| SHA256 | 2c8f73e8f50125bb05f3951bd84de284e99f723102de08aa612e2abd77d170ab |
| SHA512 | f8b643b4a5af93c9d8fdf8011e44592fcddf7b1a09335426222ebe5299cffb30015b8c5aff7c33b4897b33005a6c4d6b6123cc5add4a7c21d81acd53e8069e93 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuLabel.dll
| MD5 | e65106de1d954a8ba99dba7fdc3757ab |
| SHA1 | 459c0bab697f3ac7b444464d3dffaf87adf0b9a8 |
| SHA256 | 2c8f73e8f50125bb05f3951bd84de284e99f723102de08aa612e2abd77d170ab |
| SHA512 | f8b643b4a5af93c9d8fdf8011e44592fcddf7b1a09335426222ebe5299cffb30015b8c5aff7c33b4897b33005a6c4d6b6123cc5add4a7c21d81acd53e8069e93 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuLabel.dll
| MD5 | e65106de1d954a8ba99dba7fdc3757ab |
| SHA1 | 459c0bab697f3ac7b444464d3dffaf87adf0b9a8 |
| SHA256 | 2c8f73e8f50125bb05f3951bd84de284e99f723102de08aa612e2abd77d170ab |
| SHA512 | f8b643b4a5af93c9d8fdf8011e44592fcddf7b1a09335426222ebe5299cffb30015b8c5aff7c33b4897b33005a6c4d6b6123cc5add4a7c21d81acd53e8069e93 |
memory/696-391-0x0000000005420000-0x0000000005430000-memory.dmp
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.1.5.3.dll
| MD5 | b4280d2898d92ab5c3911f0305d7672f |
| SHA1 | 0ef4d6fa24811cea3cb36fccbc45d71e1effb17d |
| SHA256 | e2248459dcc95183d0f0c5f3abd3b0a2b93cd26cf8e130a1f43c8b32c58f4c8f |
| SHA512 | 2c719c32144ce2968123dc8e3a6f61f70460e463ba9b3681dc86e124af1343d08e574f7313339ecef4b88f95d2fd9ad56462f0f9e5f9f51ba5de6ba19559af2e |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.1.5.3.dll
| MD5 | b4280d2898d92ab5c3911f0305d7672f |
| SHA1 | 0ef4d6fa24811cea3cb36fccbc45d71e1effb17d |
| SHA256 | e2248459dcc95183d0f0c5f3abd3b0a2b93cd26cf8e130a1f43c8b32c58f4c8f |
| SHA512 | 2c719c32144ce2968123dc8e3a6f61f70460e463ba9b3681dc86e124af1343d08e574f7313339ecef4b88f95d2fd9ad56462f0f9e5f9f51ba5de6ba19559af2e |
memory/696-400-0x0000000006010000-0x000000000606A000-memory.dmp
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.1.5.3.dll
| MD5 | b4280d2898d92ab5c3911f0305d7672f |
| SHA1 | 0ef4d6fa24811cea3cb36fccbc45d71e1effb17d |
| SHA256 | e2248459dcc95183d0f0c5f3abd3b0a2b93cd26cf8e130a1f43c8b32c58f4c8f |
| SHA512 | 2c719c32144ce2968123dc8e3a6f61f70460e463ba9b3681dc86e124af1343d08e574f7313339ecef4b88f95d2fd9ad56462f0f9e5f9f51ba5de6ba19559af2e |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.Licensing.dll
| MD5 | 1a45c5f35d5a5b3bf94f01caae45a641 |
| SHA1 | 678428c593a7b168803766264e4fe44fab253700 |
| SHA256 | 3410caef0cb538e883b3e4a2ef8bc26c1aeb7d07206021cf31f3382d5cdecba1 |
| SHA512 | 3f8b7179cc68fdcb33b474b0c9295ffa13454d4eafd4a769332be21fac4fcbf30e69f1b76bc2fa0a818d972c90001fa4bf9272ef7e333205cdfa5008e035a579 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.Licensing.dll
| MD5 | 1a45c5f35d5a5b3bf94f01caae45a641 |
| SHA1 | 678428c593a7b168803766264e4fe44fab253700 |
| SHA256 | 3410caef0cb538e883b3e4a2ef8bc26c1aeb7d07206021cf31f3382d5cdecba1 |
| SHA512 | 3f8b7179cc68fdcb33b474b0c9295ffa13454d4eafd4a769332be21fac4fcbf30e69f1b76bc2fa0a818d972c90001fa4bf9272ef7e333205cdfa5008e035a579 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.Licensing.dll
| MD5 | 1a45c5f35d5a5b3bf94f01caae45a641 |
| SHA1 | 678428c593a7b168803766264e4fe44fab253700 |
| SHA256 | 3410caef0cb538e883b3e4a2ef8bc26c1aeb7d07206021cf31f3382d5cdecba1 |
| SHA512 | 3f8b7179cc68fdcb33b474b0c9295ffa13454d4eafd4a769332be21fac4fcbf30e69f1b76bc2fa0a818d972c90001fa4bf9272ef7e333205cdfa5008e035a579 |
memory/696-404-0x0000000006290000-0x00000000063D2000-memory.dmp
memory/696-405-0x0000000005420000-0x0000000005430000-memory.dmp
C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe
| MD5 | 45e704327dc60ee44308d852f2559d2a |
| SHA1 | 9514b3ad4e4ac2ffaaf1a53bd365e183b12d42ed |
| SHA256 | 0c071497334f0ece1f7217f0572b13c78ae1a37f466993ddea8f48e99826606d |
| SHA512 | 71a74ec690e32543a1cfb002d5fc12802b38afe241b3e5a17ffe2b8943387fc0bb6f4a8b6a0714c475963faf91a8511d912f8c7622c7f03664c095d6428da5d5 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuTextbox.dll
| MD5 | 7571e9840eb07d2e31a88f650fc63350 |
| SHA1 | 590898ae191816dc1249bbcabd839b493b1870b7 |
| SHA256 | 8d7c6fe2b9b5793c7ab885885bace64f1ee8deaeba4d431a8b697266b63ba19a |
| SHA512 | c0a9ccdc9401cbcb68126837666839209957c8009e9271f6f1f9e195b67e67a7b3b1b86cb977244081bbec85f1d3f06182ce36e72b9425d9849e95ee0b036b36 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuTextbox.dll
| MD5 | 7571e9840eb07d2e31a88f650fc63350 |
| SHA1 | 590898ae191816dc1249bbcabd839b493b1870b7 |
| SHA256 | 8d7c6fe2b9b5793c7ab885885bace64f1ee8deaeba4d431a8b697266b63ba19a |
| SHA512 | c0a9ccdc9401cbcb68126837666839209957c8009e9271f6f1f9e195b67e67a7b3b1b86cb977244081bbec85f1d3f06182ce36e72b9425d9849e95ee0b036b36 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuButton.dll
| MD5 | 3e60d71b66fb974045fb8dae1baef617 |
| SHA1 | 7078e2779f8c8d0a594c985ff7ca2e65cabaed6b |
| SHA256 | ca17918d71b6375a30990979e8f025aaef2764e06a908210be0b665dfbf7f8d0 |
| SHA512 | fc991a823c39ec6fffdea6193dc3f687af907e36768dc09a733d95d3bb575e8d7ead2b434e94be35fff7bb625a71f3de499c186897f15fa489ebd9d8b65f0327 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuButton.dll
| MD5 | 3e60d71b66fb974045fb8dae1baef617 |
| SHA1 | 7078e2779f8c8d0a594c985ff7ca2e65cabaed6b |
| SHA256 | ca17918d71b6375a30990979e8f025aaef2764e06a908210be0b665dfbf7f8d0 |
| SHA512 | fc991a823c39ec6fffdea6193dc3f687af907e36768dc09a733d95d3bb575e8d7ead2b434e94be35fff7bb625a71f3de499c186897f15fa489ebd9d8b65f0327 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuLabel.dll
| MD5 | e65106de1d954a8ba99dba7fdc3757ab |
| SHA1 | 459c0bab697f3ac7b444464d3dffaf87adf0b9a8 |
| SHA256 | 2c8f73e8f50125bb05f3951bd84de284e99f723102de08aa612e2abd77d170ab |
| SHA512 | f8b643b4a5af93c9d8fdf8011e44592fcddf7b1a09335426222ebe5299cffb30015b8c5aff7c33b4897b33005a6c4d6b6123cc5add4a7c21d81acd53e8069e93 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuLabel.dll
| MD5 | e65106de1d954a8ba99dba7fdc3757ab |
| SHA1 | 459c0bab697f3ac7b444464d3dffaf87adf0b9a8 |
| SHA256 | 2c8f73e8f50125bb05f3951bd84de284e99f723102de08aa612e2abd77d170ab |
| SHA512 | f8b643b4a5af93c9d8fdf8011e44592fcddf7b1a09335426222ebe5299cffb30015b8c5aff7c33b4897b33005a6c4d6b6123cc5add4a7c21d81acd53e8069e93 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.1.5.3.dll
| MD5 | b4280d2898d92ab5c3911f0305d7672f |
| SHA1 | 0ef4d6fa24811cea3cb36fccbc45d71e1effb17d |
| SHA256 | e2248459dcc95183d0f0c5f3abd3b0a2b93cd26cf8e130a1f43c8b32c58f4c8f |
| SHA512 | 2c719c32144ce2968123dc8e3a6f61f70460e463ba9b3681dc86e124af1343d08e574f7313339ecef4b88f95d2fd9ad56462f0f9e5f9f51ba5de6ba19559af2e |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.1.5.3.dll
| MD5 | b4280d2898d92ab5c3911f0305d7672f |
| SHA1 | 0ef4d6fa24811cea3cb36fccbc45d71e1effb17d |
| SHA256 | e2248459dcc95183d0f0c5f3abd3b0a2b93cd26cf8e130a1f43c8b32c58f4c8f |
| SHA512 | 2c719c32144ce2968123dc8e3a6f61f70460e463ba9b3681dc86e124af1343d08e574f7313339ecef4b88f95d2fd9ad56462f0f9e5f9f51ba5de6ba19559af2e |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.Licensing.dll
| MD5 | 1a45c5f35d5a5b3bf94f01caae45a641 |
| SHA1 | 678428c593a7b168803766264e4fe44fab253700 |
| SHA256 | 3410caef0cb538e883b3e4a2ef8bc26c1aeb7d07206021cf31f3382d5cdecba1 |
| SHA512 | 3f8b7179cc68fdcb33b474b0c9295ffa13454d4eafd4a769332be21fac4fcbf30e69f1b76bc2fa0a818d972c90001fa4bf9272ef7e333205cdfa5008e035a579 |
memory/696-417-0x0000000005420000-0x0000000005430000-memory.dmp
memory/1720-418-0x00000000056B0000-0x00000000056C0000-memory.dmp
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.Licensing.dll
| MD5 | 1a45c5f35d5a5b3bf94f01caae45a641 |
| SHA1 | 678428c593a7b168803766264e4fe44fab253700 |
| SHA256 | 3410caef0cb538e883b3e4a2ef8bc26c1aeb7d07206021cf31f3382d5cdecba1 |
| SHA512 | 3f8b7179cc68fdcb33b474b0c9295ffa13454d4eafd4a769332be21fac4fcbf30e69f1b76bc2fa0a818d972c90001fa4bf9272ef7e333205cdfa5008e035a579 |
memory/1720-419-0x00000000056B0000-0x00000000056C0000-memory.dmp
memory/696-420-0x0000000005420000-0x0000000005430000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\26e6df2b-6a38-4cdf-893c-f93ce114deff.tmp
| MD5 | 76272bd21beaa823b9c1eb020a9f4446 |
| SHA1 | 48b39fd385392c599b39bdb53a56abc0a13c97d8 |
| SHA256 | c089af0c3639bf6562432eb8c33fc831803350000f2f26b0588e49f288099bfc |
| SHA512 | e53e9ef2c223dc2444a7a2925d8c9c9747e4ccd461d601cc0982a1d6a5c6c5ecf49d4c316c68447a6319379d8d9e5ef989a07f1b75cfef3643d61a46d1256778 |
memory/1720-430-0x00000000056B0000-0x00000000056C0000-memory.dmp
C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe
| MD5 | 45e704327dc60ee44308d852f2559d2a |
| SHA1 | 9514b3ad4e4ac2ffaaf1a53bd365e183b12d42ed |
| SHA256 | 0c071497334f0ece1f7217f0572b13c78ae1a37f466993ddea8f48e99826606d |
| SHA512 | 71a74ec690e32543a1cfb002d5fc12802b38afe241b3e5a17ffe2b8943387fc0bb6f4a8b6a0714c475963faf91a8511d912f8c7622c7f03664c095d6428da5d5 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuTextbox.dll
| MD5 | 7571e9840eb07d2e31a88f650fc63350 |
| SHA1 | 590898ae191816dc1249bbcabd839b493b1870b7 |
| SHA256 | 8d7c6fe2b9b5793c7ab885885bace64f1ee8deaeba4d431a8b697266b63ba19a |
| SHA512 | c0a9ccdc9401cbcb68126837666839209957c8009e9271f6f1f9e195b67e67a7b3b1b86cb977244081bbec85f1d3f06182ce36e72b9425d9849e95ee0b036b36 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuTextbox.dll
| MD5 | 7571e9840eb07d2e31a88f650fc63350 |
| SHA1 | 590898ae191816dc1249bbcabd839b493b1870b7 |
| SHA256 | 8d7c6fe2b9b5793c7ab885885bace64f1ee8deaeba4d431a8b697266b63ba19a |
| SHA512 | c0a9ccdc9401cbcb68126837666839209957c8009e9271f6f1f9e195b67e67a7b3b1b86cb977244081bbec85f1d3f06182ce36e72b9425d9849e95ee0b036b36 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuButton.dll
| MD5 | 3e60d71b66fb974045fb8dae1baef617 |
| SHA1 | 7078e2779f8c8d0a594c985ff7ca2e65cabaed6b |
| SHA256 | ca17918d71b6375a30990979e8f025aaef2764e06a908210be0b665dfbf7f8d0 |
| SHA512 | fc991a823c39ec6fffdea6193dc3f687af907e36768dc09a733d95d3bb575e8d7ead2b434e94be35fff7bb625a71f3de499c186897f15fa489ebd9d8b65f0327 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuButton.dll
| MD5 | 3e60d71b66fb974045fb8dae1baef617 |
| SHA1 | 7078e2779f8c8d0a594c985ff7ca2e65cabaed6b |
| SHA256 | ca17918d71b6375a30990979e8f025aaef2764e06a908210be0b665dfbf7f8d0 |
| SHA512 | fc991a823c39ec6fffdea6193dc3f687af907e36768dc09a733d95d3bb575e8d7ead2b434e94be35fff7bb625a71f3de499c186897f15fa489ebd9d8b65f0327 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.1.5.3.dll
| MD5 | b4280d2898d92ab5c3911f0305d7672f |
| SHA1 | 0ef4d6fa24811cea3cb36fccbc45d71e1effb17d |
| SHA256 | e2248459dcc95183d0f0c5f3abd3b0a2b93cd26cf8e130a1f43c8b32c58f4c8f |
| SHA512 | 2c719c32144ce2968123dc8e3a6f61f70460e463ba9b3681dc86e124af1343d08e574f7313339ecef4b88f95d2fd9ad56462f0f9e5f9f51ba5de6ba19559af2e |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.1.5.3.dll
| MD5 | b4280d2898d92ab5c3911f0305d7672f |
| SHA1 | 0ef4d6fa24811cea3cb36fccbc45d71e1effb17d |
| SHA256 | e2248459dcc95183d0f0c5f3abd3b0a2b93cd26cf8e130a1f43c8b32c58f4c8f |
| SHA512 | 2c719c32144ce2968123dc8e3a6f61f70460e463ba9b3681dc86e124af1343d08e574f7313339ecef4b88f95d2fd9ad56462f0f9e5f9f51ba5de6ba19559af2e |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.Licensing.dll
| MD5 | 1a45c5f35d5a5b3bf94f01caae45a641 |
| SHA1 | 678428c593a7b168803766264e4fe44fab253700 |
| SHA256 | 3410caef0cb538e883b3e4a2ef8bc26c1aeb7d07206021cf31f3382d5cdecba1 |
| SHA512 | 3f8b7179cc68fdcb33b474b0c9295ffa13454d4eafd4a769332be21fac4fcbf30e69f1b76bc2fa0a818d972c90001fa4bf9272ef7e333205cdfa5008e035a579 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.Licensing.dll
| MD5 | 1a45c5f35d5a5b3bf94f01caae45a641 |
| SHA1 | 678428c593a7b168803766264e4fe44fab253700 |
| SHA256 | 3410caef0cb538e883b3e4a2ef8bc26c1aeb7d07206021cf31f3382d5cdecba1 |
| SHA512 | 3f8b7179cc68fdcb33b474b0c9295ffa13454d4eafd4a769332be21fac4fcbf30e69f1b76bc2fa0a818d972c90001fa4bf9272ef7e333205cdfa5008e035a579 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuLabel.dll
| MD5 | e65106de1d954a8ba99dba7fdc3757ab |
| SHA1 | 459c0bab697f3ac7b444464d3dffaf87adf0b9a8 |
| SHA256 | 2c8f73e8f50125bb05f3951bd84de284e99f723102de08aa612e2abd77d170ab |
| SHA512 | f8b643b4a5af93c9d8fdf8011e44592fcddf7b1a09335426222ebe5299cffb30015b8c5aff7c33b4897b33005a6c4d6b6123cc5add4a7c21d81acd53e8069e93 |
C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuLabel.dll
| MD5 | e65106de1d954a8ba99dba7fdc3757ab |
| SHA1 | 459c0bab697f3ac7b444464d3dffaf87adf0b9a8 |
| SHA256 | 2c8f73e8f50125bb05f3951bd84de284e99f723102de08aa612e2abd77d170ab |
| SHA512 | f8b643b4a5af93c9d8fdf8011e44592fcddf7b1a09335426222ebe5299cffb30015b8c5aff7c33b4897b33005a6c4d6b6123cc5add4a7c21d81acd53e8069e93 |
memory/3672-448-0x0000000005300000-0x0000000005310000-memory.dmp
memory/3672-449-0x0000000005300000-0x0000000005310000-memory.dmp
memory/3672-450-0x0000000005300000-0x0000000005310000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a5162946e73f616be73ab15366571e1e |
| SHA1 | 003b324a761d96b92439f3980d218df759063fc7 |
| SHA256 | 66a168472c81d66be99c498ee4a1d4257fc06ecc0ccadb2c815256ff9e3b2e3b |
| SHA512 | c62c36bd859cffa4384bf4c3a6fd46913d5e784c599041ecdd958542f54a7dcf42858a5c79abd908663ec64308d7780604b1d0cc77155ba9a83bb54b902e61d1 |
C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.pdb
| MD5 | d3b3ccdf0430d0ff5ff383eacabc2d26 |
| SHA1 | a9439366b7e8645f7f96410b0fb52a87a140501e |
| SHA256 | 4a266585a669a991e6aef339da4bb71ca3e312a027d9a235a5616ea49cbee6de |
| SHA512 | c6f3657e993b060b46bc1ce9c1f80e7ca87695729e977e19244b508eb1b3e87b7a9dce8d63dce8255bbb5f4207809be288fbd3391e7ca07dd579f613cd30780c |
memory/3672-461-0x0000000005300000-0x0000000005310000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\GTAG GUI.exe.log
| MD5 | 8c2da65103d6b46d8cf610b118210cf0 |
| SHA1 | 9db4638340bb74f2af3161cc2c9c0b8b32e6ab65 |
| SHA256 | 0e48e2efd419951e0eb9a8d942493cfdf5540d1d19ff9dae6f145fb3ebcbeeac |
| SHA512 | 3cf5a125276e264cd8478f2b92d3848fb68b96d46eb4a39e650d09df02068c274881a1c314cdfbfdcb452672fb70dd8becf3ffe9562d39919d9c4d6b07fbb614 |
C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe
| MD5 | 45e704327dc60ee44308d852f2559d2a |
| SHA1 | 9514b3ad4e4ac2ffaaf1a53bd365e183b12d42ed |
| SHA256 | 0c071497334f0ece1f7217f0572b13c78ae1a37f466993ddea8f48e99826606d |
| SHA512 | 71a74ec690e32543a1cfb002d5fc12802b38afe241b3e5a17ffe2b8943387fc0bb6f4a8b6a0714c475963faf91a8511d912f8c7622c7f03664c095d6428da5d5 |
memory/4220-465-0x0000000005AD0000-0x0000000005AE0000-memory.dmp
memory/4220-466-0x0000000005AD0000-0x0000000005AE0000-memory.dmp
memory/4220-467-0x0000000005AD0000-0x0000000005AE0000-memory.dmp
memory/4220-468-0x0000000005AD0000-0x0000000005AE0000-memory.dmp
memory/4220-478-0x0000000005AD0000-0x0000000005AE0000-memory.dmp
memory/4220-479-0x0000000005AD0000-0x0000000005AE0000-memory.dmp