Malware Analysis Report

2025-06-15 21:43

Sample ID 230406-27254she7v
Target GTAG GUI.exe
SHA256 0c071497334f0ece1f7217f0572b13c78ae1a37f466993ddea8f48e99826606d
Tags
agilenet
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

0c071497334f0ece1f7217f0572b13c78ae1a37f466993ddea8f48e99826606d

Threat Level: Shows suspicious behavior

The file GTAG GUI.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet

Obfuscated with Agile.Net obfuscator

Executes dropped EXE

Loads dropped DLL

Program crash

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-06 23:14

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-06 23:14

Reported

2023-04-06 23:16

Platform

win7-20230220-en

Max time kernel

27s

Max time network

31s

Command Line

"C:\Users\Admin\AppData\Local\Temp\GTAG GUI.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\GTAG GUI.exe

"C:\Users\Admin\AppData\Local\Temp\GTAG GUI.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 628

Network

N/A

Files

memory/1724-54-0x0000000000330000-0x0000000000346000-memory.dmp

memory/1724-55-0x0000000004BD0000-0x0000000004C10000-memory.dmp

memory/1724-56-0x0000000004BD0000-0x0000000004C10000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-06 23:14

Reported

2023-04-06 23:23

Platform

win10v2004-20230220-en

Max time kernel

570s

Max time network

554s

Command Line

"C:\Users\Admin\AppData\Local\Temp\GTAG GUI.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GTAG GUI.exe

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133253037142748887" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3664 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\GTAG GUI.exe

"C:\Users\Admin\AppData\Local\Temp\GTAG GUI.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4140 -ip 4140

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 1056

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2a6b9758,0x7ffa2a6b9768,0x7ffa2a6b9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1436 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3264 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4496 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5084 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3684 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5320 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3428 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3396 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5240 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5948 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3212 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Debug\" -ad -an -ai#7zMap26011:72:7zEvent15404

C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe

"C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe"

C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe

"C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5732 --field-trial-handle=1812,i,470117171889165179,8767648625997678690,131072 /prefetch:2

C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe

"C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe"

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\e7634f8e8caa4e52b55e1c106ae31751 /t 4904 /p 696

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\f03ea78eb79e41c0923dd02c41e3debd /t 4904 /p 696

C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe

"C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 13.89.179.9:443 tcp
US 8.8.8.8:53 assets.msn.com udp
GB 95.101.143.155:443 assets.msn.com tcp
US 8.8.8.8:53 76.38.195.152.in-addr.arpa udp
US 8.8.8.8:53 155.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
NL 172.217.168.206:443 apis.google.com tcp
US 8.8.8.8:53 206.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 64.13.109.52.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 93.184.220.29:80 tcp
US 209.197.3.8:80 tcp
US 209.197.3.8:80 tcp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 204.79.197.203:80 api.msn.com tcp
US 8.8.8.8:53 ufile.io udp
US 172.67.155.81:443 ufile.io tcp
US 172.67.155.81:443 ufile.io tcp
US 172.67.155.81:443 ufile.io udp
US 8.8.8.8:53 d3vw4uehoh23hx.cloudfront.net udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 client.crisp.chat udp
US 104.16.56.101:443 static.cloudflareinsights.com tcp
US 104.16.56.101:443 static.cloudflareinsights.com tcp
NL 52.222.137.183:443 d3vw4uehoh23hx.cloudfront.net tcp
US 8.8.8.8:53 image.crisp.chat udp
US 8.8.8.8:53 settings.crisp.chat udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 104.18.28.91:443 settings.crisp.chat tcp
US 104.18.29.91:443 settings.crisp.chat tcp
NL 142.250.102.156:443 stats.g.doubleclick.net tcp
US 104.18.28.91:443 settings.crisp.chat tcp
NL 142.250.179.193:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 81.155.67.172.in-addr.arpa udp
US 8.8.8.8:53 178.38.239.216.in-addr.arpa udp
US 8.8.8.8:53 101.56.16.104.in-addr.arpa udp
US 8.8.8.8:53 183.137.222.52.in-addr.arpa udp
US 8.8.8.8:53 91.28.18.104.in-addr.arpa udp
US 8.8.8.8:53 102.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 156.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 91.29.18.104.in-addr.arpa udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 193.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 alwhichhereal.com udp
US 8.8.8.8:53 eautifulasawea.com udp
US 8.8.8.8:53 pogothere.xyz udp
IT 18.66.196.43:443 alwhichhereal.com tcp
IT 18.66.196.43:443 alwhichhereal.com tcp
US 8.8.8.8:53 moderningvigil.org udp
US 104.21.33.231:443 eautifulasawea.com tcp
IT 18.66.196.43:443 alwhichhereal.com tcp
US 104.21.33.231:443 eautifulasawea.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 172.64.107.19:443 pogothere.xyz tcp
US 172.64.107.19:443 pogothere.xyz tcp
NL 52.222.139.110:443 moderningvigil.org tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.138:443 content-autofill.googleapis.com tcp
US 104.21.33.231:443 eautifulasawea.com udp
NL 142.250.102.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 17.211.227.13.in-addr.arpa udp
US 8.8.8.8:53 231.33.21.104.in-addr.arpa udp
US 8.8.8.8:53 43.196.66.18.in-addr.arpa udp
US 8.8.8.8:53 19.107.64.172.in-addr.arpa udp
US 8.8.8.8:53 110.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 cloudflareinsights.com udp
US 104.18.28.91:443 settings.crisp.chat tcp
US 104.18.28.91:443 settings.crisp.chat udp
US 104.18.28.91:443 settings.crisp.chat udp
US 8.8.8.8:53 client.relay.crisp.chat udp
US 8.8.8.8:53 qxdownload.com udp
US 188.114.97.0:443 qxdownload.com tcp
US 188.114.97.0:80 qxdownload.com tcp
US 8.8.8.8:53 mendress.icu udp
US 104.21.56.110:443 mendress.icu tcp
US 8.8.8.8:53 0.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 theorywomen.online udp
US 104.21.10.51:443 theorywomen.online tcp
US 8.8.8.8:53 yourjsdelivery.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.26.4.109:443 yourjsdelivery.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.21.10.51:443 theorywomen.online udp
US 8.8.8.8:53 nostop.go2cloud.org udp
IE 52.210.174.128:443 nostop.go2cloud.org tcp
US 8.8.8.8:53 110.56.21.104.in-addr.arpa udp
US 8.8.8.8:53 51.10.21.104.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 109.4.26.104.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 128.174.210.52.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
NL 142.250.179.138:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 cdn-eu-hz-3.ufile.io udp
DE 213.239.207.70:443 cdn-eu-hz-3.ufile.io tcp
DE 213.239.207.70:443 cdn-eu-hz-3.ufile.io tcp
US 8.8.8.8:53 70.207.239.213.in-addr.arpa udp
US 8.8.8.8:53 dbda6785-433f-4035-9d15-79e52e09572c.id.repl.co udp
US 34.149.204.188:443 dbda6785-433f-4035-9d15-79e52e09572c.id.repl.co tcp
US 8.8.8.8:53 188.204.149.34.in-addr.arpa udp
US 34.149.204.188:443 dbda6785-433f-4035-9d15-79e52e09572c.id.repl.co tcp
US 34.149.204.188:443 dbda6785-433f-4035-9d15-79e52e09572c.id.repl.co tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.214.58.216.in-addr.arpa udp
US 34.149.204.188:443 dbda6785-433f-4035-9d15-79e52e09572c.id.repl.co tcp
US 8.8.8.8:53 137.71.105.51.in-addr.arpa udp
US 34.149.204.188:443 dbda6785-433f-4035-9d15-79e52e09572c.id.repl.co tcp
NL 216.58.214.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
NL 142.251.36.35:443 beacons.gvt2.com tcp
NL 142.251.36.35:443 beacons.gvt2.com udp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 34.149.204.188:443 dbda6785-433f-4035-9d15-79e52e09572c.id.repl.co tcp
NL 216.58.214.3:443 beacons.gcp.gvt2.com udp

Files

memory/4140-133-0x00000000000B0000-0x00000000000C6000-memory.dmp

memory/4140-134-0x0000000004E60000-0x0000000005404000-memory.dmp

memory/4140-135-0x0000000004950000-0x00000000049E2000-memory.dmp

memory/4140-136-0x0000000004BB0000-0x0000000004BC0000-memory.dmp

memory/4140-137-0x0000000004AF0000-0x0000000004AFA000-memory.dmp

\??\pipe\crashpad_3664_SOHDNXKRKRSVOPCC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 011baff9de6339da905bed5effaa8f1e
SHA1 75cfaea0d3a1adf9d731c6413a7883b080652c0f
SHA256 62aad21593e0f1d57ce9f65789d517a149f95ac5060d8e795e935f30c7c6b8bb
SHA512 e8e4cb90cd9c398e100727ebff14b21995c38d30c0c1a3b742a4b1d0ec9c77343feddddcfe9d667ee5816fd72278bcff9d31b782ba47251ea60978f967d2c8b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ef86f54deb37aa3007ab0f039cde2a1b
SHA1 037b84d93377475a46de49f5d2a93ee9d11bfa5d
SHA256 f6c696abb7540429746738de10522cc02e564ec9132a1d28ad5caf8be0009af8
SHA512 b671296f69802d707870c53e4b53bd965d25207d299133b2ef7a7dceeb3bc1d2e481420e40ae3b280271990c62f9f7a65f9f5e224405565828beb0a0eed751d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 4e59938adac30fcf134446deec0b3edb
SHA1 95d485cf201007aeba29b3e327d8a6c595ef1478
SHA256 10ca2db7ecf53cc501adff7cda908b65e3dcb0ca7bca3d533da03636ecf1dd89
SHA512 45299006e674b07cb05dc226fb932ffd4be005e80cd08a3137d12e7e7bea79cd73a3607768edf1855402bc061f654dc555e75f3ba1bcc780ce84f6891fefeb57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 be3ee3d9dff2cfe797c41bccc3431cf9
SHA1 237fee7f68b47354af9e80ea7cc5fa3d1ba18fc2
SHA256 0d93b2856fec28adfd8889c356195358f22ecf9cf7befea26c9aca7413646ac5
SHA512 280c3bc5a8ebb7bb1efe00e71f97c87b8be5dcc679af3ba8a2326730608d287e47ad98133420c6ae751da93ea71566b49750a5f3139e1a95abc92944d2bee81d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 93a128557d8e1e4ba1d5bb6ff391ef0f
SHA1 7da46da94bac45dedf7bce06dcd8c794ad8df210
SHA256 258dcdeb22e8d4e053306454dfbc933b0c11b78be6c0d6b7603d54388ff98bce
SHA512 9dbc394b363e973be33634ea2e2dd04f11df38683438cc051628c711d56a74f2bba65403db4888bd17cfd8613e2636b7c4c5ac5044be7c94c46fe1101748dfaf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cb5d22b0e6981044ce6b2a768434e131
SHA1 d6ea95376f5157c016a6e5f49443f599be2793cd
SHA256 ccf16a023a0729b14cdf5011049e0aa5db1dc77b555291c22ef061770080f213
SHA512 9866f65c0406b4be47535a167430e74c0255bfb72018294dafb51cbde8e81a70a58c065c71f3447f8d6a9747d659080cba6efcf6321f9bbdb8e054f11e7effd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7140dae94935fa9b75413c9c545be6b3
SHA1 370afd4d33d89297bf6c1cf26189420a0a844acc
SHA256 2ed189dd19b3fe258cd1dc450375f9e4073ebaa7937c154deabbfe905674ff9d
SHA512 8eb4738dfe3e1b19e247106cf1bea6b5102243501827cf7b23a20154f5181de8fa0230708995490f317f0c3c98632febfb45563b947c6d9fa375740800787dc3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 b81d6636c3ad72c63e532e5180eaf7f9
SHA1 ddcd059999fff6218e98af62dbe3fa9c885a0de8
SHA256 2fb4351c49b47b7cdaa9516237a8b1e690e4448339d09d70a84c658729e461ef
SHA512 4f0b87bbf60061a8efca4906554f958b7c28cf582452e01a8316d8c5ea8c98beda6c3230afff207f0b92d316c4c2e0ca1b4631e7d7364344b4a76394115af06b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1c98d343babcf9d859e6555b6c00d896
SHA1 ab10b2d4134ca95af8a6e2afd1de5ba1c7ee4eca
SHA256 8518045629f1c769f6049f098cb69c2d34ac03cfbb02f21c702672823afa18f3
SHA512 d54e0d1851cf1886c6a1c41b154bd3a3af222071e74402c536c34776825e41bf31feb88ccd4d2f5ff13e099513dacc9c0b3fa02279edbd266ac96595ef1e5409

C:\Users\Admin\Downloads\Debug.zip.crdownload

MD5 e07a7dc013d8a8070eb070bfbf6935be
SHA1 9af9c4a1d9f76ece9a0c87a036c7a89df43ea383
SHA256 c8803057d2b9421f2b4d797b626180a16bfe73661f7545317ebada95a37e0ea3
SHA512 bda17097a39ef5c63228237380783c8c665dc8f2721b34cd7cbb20a71335d5268f1abd960ac26f8c891aa003c7ab0507e2c721d919a2ea5b8ec92007d7a4039e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 94eab578d3e0d2a95a9a53e4a3a36cb5
SHA1 434af836808fbecef4e3ae6b7821b9d55de96ce8
SHA256 fd8d3422fcb6a3e20c7edf9fddda17d7b89e7556ac8c29951786f17a2e2736b8
SHA512 a87d72027d2e3ab788a4eb89f6b183ab33016f415454e3b3a0159cdbe85d3e7a8db7adef0c3c7ed5e85f5dea55216eb695d3ce6379aba8e307f90f7b7d82bf8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e924eea77fe172190e732345c938400e
SHA1 ebffb1977048c93883348b7bf6abd960e480ca54
SHA256 787226932a5be8feff7fbd03ea551d8ff12ecc30579a969278c08c516154ea31
SHA512 989fa6240e5d8093169aaa07d511774ff849c4eb18f5613da767446a65bcf619cbf69b209ae56465b2eb091e0e151016fc1c4024ce9e6042fd77c2dcbce0b188

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6b4cf92a75e39fb96381cc658812f1eb
SHA1 7ff0e71a5229c5b2b50bc2a3428e4cdc5b4935ad
SHA256 24e806930dd4c25390b5f4beac99f88c1147428fdcbff191cfa1b0687767102b
SHA512 c88ff6786427a84529d2c4b139084c806a35ac004b21c5fae482400b726257a02c4f751cea18c5c936c2c38da0b44d0b44b3311c7fb2cfb9057248ed5035351f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 9ab868d84978f6775281bc738f7ec2c3
SHA1 ad7cf24b821db9bedae4c8ad6e3dd268531a7130
SHA256 3314c039f98a56a14a62afb62e0859306faa7fd27d2fa14f034af4af3f01ead0
SHA512 db58322cf554d4ee8aba91c56e07ba682e847ee9adba86c3797fd43caf69f8ec8ff30015d0d96bda509cc8f6eec73021b68900d59d9cd51693a0ae7ccbaf788a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58589b.TMP

MD5 d19c69c449fd3d29aba65c1ca6a4bbe0
SHA1 4ca04fe1265cff3617d107a20f1288b1420b744e
SHA256 99e473107b8bd95d46a4b4d031f1ca96a913b654afae064d5ae30edc3d6331db
SHA512 0abc346f6600314c1cf79a38f4afaa51e5a3b0d69b32c1d94c1e502979aa0b69b8b57d13a7e91b82661f755f41a10f02dad0c59ca1b257136537208574f6a2e6

C:\Users\Admin\Downloads\Debug.zip

MD5 e07a7dc013d8a8070eb070bfbf6935be
SHA1 9af9c4a1d9f76ece9a0c87a036c7a89df43ea383
SHA256 c8803057d2b9421f2b4d797b626180a16bfe73661f7545317ebada95a37e0ea3
SHA512 bda17097a39ef5c63228237380783c8c665dc8f2721b34cd7cbb20a71335d5268f1abd960ac26f8c891aa003c7ab0507e2c721d919a2ea5b8ec92007d7a4039e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6e41f01975fb00df4cca3c1bda874684
SHA1 37ce3819526aa32826b236999eb4915b7e8f1ebe
SHA256 af28ba6d430d058abb5579550c3cd02d2297b3da56502699831e06d2e530cc48
SHA512 9c2b7980aa8d273cb5afe52deb98afe343f7d60e387fcb5cdc717b94bf854e67648d2ce4e7945aad32fdf26f3ffb8ea66819fde631352cf5842cbb2fb78f5816

C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe

MD5 45e704327dc60ee44308d852f2559d2a
SHA1 9514b3ad4e4ac2ffaaf1a53bd365e183b12d42ed
SHA256 0c071497334f0ece1f7217f0572b13c78ae1a37f466993ddea8f48e99826606d
SHA512 71a74ec690e32543a1cfb002d5fc12802b38afe241b3e5a17ffe2b8943387fc0bb6f4a8b6a0714c475963faf91a8511d912f8c7622c7f03664c095d6428da5d5

C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe

MD5 45e704327dc60ee44308d852f2559d2a
SHA1 9514b3ad4e4ac2ffaaf1a53bd365e183b12d42ed
SHA256 0c071497334f0ece1f7217f0572b13c78ae1a37f466993ddea8f48e99826606d
SHA512 71a74ec690e32543a1cfb002d5fc12802b38afe241b3e5a17ffe2b8943387fc0bb6f4a8b6a0714c475963faf91a8511d912f8c7622c7f03664c095d6428da5d5

C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe.config

MD5 9dbad5517b46f41dbb0d8780b20ab87e
SHA1 ef6aef0b1ea5d01b6e088a8bf2f429773c04ba5e
SHA256 47e5a0f101af4151d7f13d2d6bfa9b847d5b5e4a98d1f4674b7c015772746cdf
SHA512 43825f5c26c54e1fc5bffcce30caad1449a28c0c9a9432e9ce17d255f8bf6057c1a1002d9471e5b654ab1de08fb6eabf96302cdb3e0fb4b63ba0ff186e903be8

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuTextbox.dll

MD5 7571e9840eb07d2e31a88f650fc63350
SHA1 590898ae191816dc1249bbcabd839b493b1870b7
SHA256 8d7c6fe2b9b5793c7ab885885bace64f1ee8deaeba4d431a8b697266b63ba19a
SHA512 c0a9ccdc9401cbcb68126837666839209957c8009e9271f6f1f9e195b67e67a7b3b1b86cb977244081bbec85f1d3f06182ce36e72b9425d9849e95ee0b036b36

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuTextBox.dll

MD5 7571e9840eb07d2e31a88f650fc63350
SHA1 590898ae191816dc1249bbcabd839b493b1870b7
SHA256 8d7c6fe2b9b5793c7ab885885bace64f1ee8deaeba4d431a8b697266b63ba19a
SHA512 c0a9ccdc9401cbcb68126837666839209957c8009e9271f6f1f9e195b67e67a7b3b1b86cb977244081bbec85f1d3f06182ce36e72b9425d9849e95ee0b036b36

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuTextbox.dll

MD5 7571e9840eb07d2e31a88f650fc63350
SHA1 590898ae191816dc1249bbcabd839b493b1870b7
SHA256 8d7c6fe2b9b5793c7ab885885bace64f1ee8deaeba4d431a8b697266b63ba19a
SHA512 c0a9ccdc9401cbcb68126837666839209957c8009e9271f6f1f9e195b67e67a7b3b1b86cb977244081bbec85f1d3f06182ce36e72b9425d9849e95ee0b036b36

memory/696-387-0x0000000005600000-0x0000000005620000-memory.dmp

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuButton.dll

MD5 3e60d71b66fb974045fb8dae1baef617
SHA1 7078e2779f8c8d0a594c985ff7ca2e65cabaed6b
SHA256 ca17918d71b6375a30990979e8f025aaef2764e06a908210be0b665dfbf7f8d0
SHA512 fc991a823c39ec6fffdea6193dc3f687af907e36768dc09a733d95d3bb575e8d7ead2b434e94be35fff7bb625a71f3de499c186897f15fa489ebd9d8b65f0327

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuButton.dll

MD5 3e60d71b66fb974045fb8dae1baef617
SHA1 7078e2779f8c8d0a594c985ff7ca2e65cabaed6b
SHA256 ca17918d71b6375a30990979e8f025aaef2764e06a908210be0b665dfbf7f8d0
SHA512 fc991a823c39ec6fffdea6193dc3f687af907e36768dc09a733d95d3bb575e8d7ead2b434e94be35fff7bb625a71f3de499c186897f15fa489ebd9d8b65f0327

memory/696-392-0x00000000058E0000-0x0000000005900000-memory.dmp

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuButton.dll

MD5 3e60d71b66fb974045fb8dae1baef617
SHA1 7078e2779f8c8d0a594c985ff7ca2e65cabaed6b
SHA256 ca17918d71b6375a30990979e8f025aaef2764e06a908210be0b665dfbf7f8d0
SHA512 fc991a823c39ec6fffdea6193dc3f687af907e36768dc09a733d95d3bb575e8d7ead2b434e94be35fff7bb625a71f3de499c186897f15fa489ebd9d8b65f0327

memory/696-396-0x0000000006080000-0x00000000060EE000-memory.dmp

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuLabel.dll

MD5 e65106de1d954a8ba99dba7fdc3757ab
SHA1 459c0bab697f3ac7b444464d3dffaf87adf0b9a8
SHA256 2c8f73e8f50125bb05f3951bd84de284e99f723102de08aa612e2abd77d170ab
SHA512 f8b643b4a5af93c9d8fdf8011e44592fcddf7b1a09335426222ebe5299cffb30015b8c5aff7c33b4897b33005a6c4d6b6123cc5add4a7c21d81acd53e8069e93

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuLabel.dll

MD5 e65106de1d954a8ba99dba7fdc3757ab
SHA1 459c0bab697f3ac7b444464d3dffaf87adf0b9a8
SHA256 2c8f73e8f50125bb05f3951bd84de284e99f723102de08aa612e2abd77d170ab
SHA512 f8b643b4a5af93c9d8fdf8011e44592fcddf7b1a09335426222ebe5299cffb30015b8c5aff7c33b4897b33005a6c4d6b6123cc5add4a7c21d81acd53e8069e93

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuLabel.dll

MD5 e65106de1d954a8ba99dba7fdc3757ab
SHA1 459c0bab697f3ac7b444464d3dffaf87adf0b9a8
SHA256 2c8f73e8f50125bb05f3951bd84de284e99f723102de08aa612e2abd77d170ab
SHA512 f8b643b4a5af93c9d8fdf8011e44592fcddf7b1a09335426222ebe5299cffb30015b8c5aff7c33b4897b33005a6c4d6b6123cc5add4a7c21d81acd53e8069e93

memory/696-391-0x0000000005420000-0x0000000005430000-memory.dmp

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.1.5.3.dll

MD5 b4280d2898d92ab5c3911f0305d7672f
SHA1 0ef4d6fa24811cea3cb36fccbc45d71e1effb17d
SHA256 e2248459dcc95183d0f0c5f3abd3b0a2b93cd26cf8e130a1f43c8b32c58f4c8f
SHA512 2c719c32144ce2968123dc8e3a6f61f70460e463ba9b3681dc86e124af1343d08e574f7313339ecef4b88f95d2fd9ad56462f0f9e5f9f51ba5de6ba19559af2e

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.1.5.3.dll

MD5 b4280d2898d92ab5c3911f0305d7672f
SHA1 0ef4d6fa24811cea3cb36fccbc45d71e1effb17d
SHA256 e2248459dcc95183d0f0c5f3abd3b0a2b93cd26cf8e130a1f43c8b32c58f4c8f
SHA512 2c719c32144ce2968123dc8e3a6f61f70460e463ba9b3681dc86e124af1343d08e574f7313339ecef4b88f95d2fd9ad56462f0f9e5f9f51ba5de6ba19559af2e

memory/696-400-0x0000000006010000-0x000000000606A000-memory.dmp

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.1.5.3.dll

MD5 b4280d2898d92ab5c3911f0305d7672f
SHA1 0ef4d6fa24811cea3cb36fccbc45d71e1effb17d
SHA256 e2248459dcc95183d0f0c5f3abd3b0a2b93cd26cf8e130a1f43c8b32c58f4c8f
SHA512 2c719c32144ce2968123dc8e3a6f61f70460e463ba9b3681dc86e124af1343d08e574f7313339ecef4b88f95d2fd9ad56462f0f9e5f9f51ba5de6ba19559af2e

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.Licensing.dll

MD5 1a45c5f35d5a5b3bf94f01caae45a641
SHA1 678428c593a7b168803766264e4fe44fab253700
SHA256 3410caef0cb538e883b3e4a2ef8bc26c1aeb7d07206021cf31f3382d5cdecba1
SHA512 3f8b7179cc68fdcb33b474b0c9295ffa13454d4eafd4a769332be21fac4fcbf30e69f1b76bc2fa0a818d972c90001fa4bf9272ef7e333205cdfa5008e035a579

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.Licensing.dll

MD5 1a45c5f35d5a5b3bf94f01caae45a641
SHA1 678428c593a7b168803766264e4fe44fab253700
SHA256 3410caef0cb538e883b3e4a2ef8bc26c1aeb7d07206021cf31f3382d5cdecba1
SHA512 3f8b7179cc68fdcb33b474b0c9295ffa13454d4eafd4a769332be21fac4fcbf30e69f1b76bc2fa0a818d972c90001fa4bf9272ef7e333205cdfa5008e035a579

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.Licensing.dll

MD5 1a45c5f35d5a5b3bf94f01caae45a641
SHA1 678428c593a7b168803766264e4fe44fab253700
SHA256 3410caef0cb538e883b3e4a2ef8bc26c1aeb7d07206021cf31f3382d5cdecba1
SHA512 3f8b7179cc68fdcb33b474b0c9295ffa13454d4eafd4a769332be21fac4fcbf30e69f1b76bc2fa0a818d972c90001fa4bf9272ef7e333205cdfa5008e035a579

memory/696-404-0x0000000006290000-0x00000000063D2000-memory.dmp

memory/696-405-0x0000000005420000-0x0000000005430000-memory.dmp

C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe

MD5 45e704327dc60ee44308d852f2559d2a
SHA1 9514b3ad4e4ac2ffaaf1a53bd365e183b12d42ed
SHA256 0c071497334f0ece1f7217f0572b13c78ae1a37f466993ddea8f48e99826606d
SHA512 71a74ec690e32543a1cfb002d5fc12802b38afe241b3e5a17ffe2b8943387fc0bb6f4a8b6a0714c475963faf91a8511d912f8c7622c7f03664c095d6428da5d5

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuTextbox.dll

MD5 7571e9840eb07d2e31a88f650fc63350
SHA1 590898ae191816dc1249bbcabd839b493b1870b7
SHA256 8d7c6fe2b9b5793c7ab885885bace64f1ee8deaeba4d431a8b697266b63ba19a
SHA512 c0a9ccdc9401cbcb68126837666839209957c8009e9271f6f1f9e195b67e67a7b3b1b86cb977244081bbec85f1d3f06182ce36e72b9425d9849e95ee0b036b36

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuTextbox.dll

MD5 7571e9840eb07d2e31a88f650fc63350
SHA1 590898ae191816dc1249bbcabd839b493b1870b7
SHA256 8d7c6fe2b9b5793c7ab885885bace64f1ee8deaeba4d431a8b697266b63ba19a
SHA512 c0a9ccdc9401cbcb68126837666839209957c8009e9271f6f1f9e195b67e67a7b3b1b86cb977244081bbec85f1d3f06182ce36e72b9425d9849e95ee0b036b36

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuButton.dll

MD5 3e60d71b66fb974045fb8dae1baef617
SHA1 7078e2779f8c8d0a594c985ff7ca2e65cabaed6b
SHA256 ca17918d71b6375a30990979e8f025aaef2764e06a908210be0b665dfbf7f8d0
SHA512 fc991a823c39ec6fffdea6193dc3f687af907e36768dc09a733d95d3bb575e8d7ead2b434e94be35fff7bb625a71f3de499c186897f15fa489ebd9d8b65f0327

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuButton.dll

MD5 3e60d71b66fb974045fb8dae1baef617
SHA1 7078e2779f8c8d0a594c985ff7ca2e65cabaed6b
SHA256 ca17918d71b6375a30990979e8f025aaef2764e06a908210be0b665dfbf7f8d0
SHA512 fc991a823c39ec6fffdea6193dc3f687af907e36768dc09a733d95d3bb575e8d7ead2b434e94be35fff7bb625a71f3de499c186897f15fa489ebd9d8b65f0327

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuLabel.dll

MD5 e65106de1d954a8ba99dba7fdc3757ab
SHA1 459c0bab697f3ac7b444464d3dffaf87adf0b9a8
SHA256 2c8f73e8f50125bb05f3951bd84de284e99f723102de08aa612e2abd77d170ab
SHA512 f8b643b4a5af93c9d8fdf8011e44592fcddf7b1a09335426222ebe5299cffb30015b8c5aff7c33b4897b33005a6c4d6b6123cc5add4a7c21d81acd53e8069e93

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuLabel.dll

MD5 e65106de1d954a8ba99dba7fdc3757ab
SHA1 459c0bab697f3ac7b444464d3dffaf87adf0b9a8
SHA256 2c8f73e8f50125bb05f3951bd84de284e99f723102de08aa612e2abd77d170ab
SHA512 f8b643b4a5af93c9d8fdf8011e44592fcddf7b1a09335426222ebe5299cffb30015b8c5aff7c33b4897b33005a6c4d6b6123cc5add4a7c21d81acd53e8069e93

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.1.5.3.dll

MD5 b4280d2898d92ab5c3911f0305d7672f
SHA1 0ef4d6fa24811cea3cb36fccbc45d71e1effb17d
SHA256 e2248459dcc95183d0f0c5f3abd3b0a2b93cd26cf8e130a1f43c8b32c58f4c8f
SHA512 2c719c32144ce2968123dc8e3a6f61f70460e463ba9b3681dc86e124af1343d08e574f7313339ecef4b88f95d2fd9ad56462f0f9e5f9f51ba5de6ba19559af2e

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.1.5.3.dll

MD5 b4280d2898d92ab5c3911f0305d7672f
SHA1 0ef4d6fa24811cea3cb36fccbc45d71e1effb17d
SHA256 e2248459dcc95183d0f0c5f3abd3b0a2b93cd26cf8e130a1f43c8b32c58f4c8f
SHA512 2c719c32144ce2968123dc8e3a6f61f70460e463ba9b3681dc86e124af1343d08e574f7313339ecef4b88f95d2fd9ad56462f0f9e5f9f51ba5de6ba19559af2e

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.Licensing.dll

MD5 1a45c5f35d5a5b3bf94f01caae45a641
SHA1 678428c593a7b168803766264e4fe44fab253700
SHA256 3410caef0cb538e883b3e4a2ef8bc26c1aeb7d07206021cf31f3382d5cdecba1
SHA512 3f8b7179cc68fdcb33b474b0c9295ffa13454d4eafd4a769332be21fac4fcbf30e69f1b76bc2fa0a818d972c90001fa4bf9272ef7e333205cdfa5008e035a579

memory/696-417-0x0000000005420000-0x0000000005430000-memory.dmp

memory/1720-418-0x00000000056B0000-0x00000000056C0000-memory.dmp

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.Licensing.dll

MD5 1a45c5f35d5a5b3bf94f01caae45a641
SHA1 678428c593a7b168803766264e4fe44fab253700
SHA256 3410caef0cb538e883b3e4a2ef8bc26c1aeb7d07206021cf31f3382d5cdecba1
SHA512 3f8b7179cc68fdcb33b474b0c9295ffa13454d4eafd4a769332be21fac4fcbf30e69f1b76bc2fa0a818d972c90001fa4bf9272ef7e333205cdfa5008e035a579

memory/1720-419-0x00000000056B0000-0x00000000056C0000-memory.dmp

memory/696-420-0x0000000005420000-0x0000000005430000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\26e6df2b-6a38-4cdf-893c-f93ce114deff.tmp

MD5 76272bd21beaa823b9c1eb020a9f4446
SHA1 48b39fd385392c599b39bdb53a56abc0a13c97d8
SHA256 c089af0c3639bf6562432eb8c33fc831803350000f2f26b0588e49f288099bfc
SHA512 e53e9ef2c223dc2444a7a2925d8c9c9747e4ccd461d601cc0982a1d6a5c6c5ecf49d4c316c68447a6319379d8d9e5ef989a07f1b75cfef3643d61a46d1256778

memory/1720-430-0x00000000056B0000-0x00000000056C0000-memory.dmp

C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe

MD5 45e704327dc60ee44308d852f2559d2a
SHA1 9514b3ad4e4ac2ffaaf1a53bd365e183b12d42ed
SHA256 0c071497334f0ece1f7217f0572b13c78ae1a37f466993ddea8f48e99826606d
SHA512 71a74ec690e32543a1cfb002d5fc12802b38afe241b3e5a17ffe2b8943387fc0bb6f4a8b6a0714c475963faf91a8511d912f8c7622c7f03664c095d6428da5d5

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuTextbox.dll

MD5 7571e9840eb07d2e31a88f650fc63350
SHA1 590898ae191816dc1249bbcabd839b493b1870b7
SHA256 8d7c6fe2b9b5793c7ab885885bace64f1ee8deaeba4d431a8b697266b63ba19a
SHA512 c0a9ccdc9401cbcb68126837666839209957c8009e9271f6f1f9e195b67e67a7b3b1b86cb977244081bbec85f1d3f06182ce36e72b9425d9849e95ee0b036b36

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuTextbox.dll

MD5 7571e9840eb07d2e31a88f650fc63350
SHA1 590898ae191816dc1249bbcabd839b493b1870b7
SHA256 8d7c6fe2b9b5793c7ab885885bace64f1ee8deaeba4d431a8b697266b63ba19a
SHA512 c0a9ccdc9401cbcb68126837666839209957c8009e9271f6f1f9e195b67e67a7b3b1b86cb977244081bbec85f1d3f06182ce36e72b9425d9849e95ee0b036b36

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuButton.dll

MD5 3e60d71b66fb974045fb8dae1baef617
SHA1 7078e2779f8c8d0a594c985ff7ca2e65cabaed6b
SHA256 ca17918d71b6375a30990979e8f025aaef2764e06a908210be0b665dfbf7f8d0
SHA512 fc991a823c39ec6fffdea6193dc3f687af907e36768dc09a733d95d3bb575e8d7ead2b434e94be35fff7bb625a71f3de499c186897f15fa489ebd9d8b65f0327

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuButton.dll

MD5 3e60d71b66fb974045fb8dae1baef617
SHA1 7078e2779f8c8d0a594c985ff7ca2e65cabaed6b
SHA256 ca17918d71b6375a30990979e8f025aaef2764e06a908210be0b665dfbf7f8d0
SHA512 fc991a823c39ec6fffdea6193dc3f687af907e36768dc09a733d95d3bb575e8d7ead2b434e94be35fff7bb625a71f3de499c186897f15fa489ebd9d8b65f0327

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.1.5.3.dll

MD5 b4280d2898d92ab5c3911f0305d7672f
SHA1 0ef4d6fa24811cea3cb36fccbc45d71e1effb17d
SHA256 e2248459dcc95183d0f0c5f3abd3b0a2b93cd26cf8e130a1f43c8b32c58f4c8f
SHA512 2c719c32144ce2968123dc8e3a6f61f70460e463ba9b3681dc86e124af1343d08e574f7313339ecef4b88f95d2fd9ad56462f0f9e5f9f51ba5de6ba19559af2e

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.1.5.3.dll

MD5 b4280d2898d92ab5c3911f0305d7672f
SHA1 0ef4d6fa24811cea3cb36fccbc45d71e1effb17d
SHA256 e2248459dcc95183d0f0c5f3abd3b0a2b93cd26cf8e130a1f43c8b32c58f4c8f
SHA512 2c719c32144ce2968123dc8e3a6f61f70460e463ba9b3681dc86e124af1343d08e574f7313339ecef4b88f95d2fd9ad56462f0f9e5f9f51ba5de6ba19559af2e

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.Licensing.dll

MD5 1a45c5f35d5a5b3bf94f01caae45a641
SHA1 678428c593a7b168803766264e4fe44fab253700
SHA256 3410caef0cb538e883b3e4a2ef8bc26c1aeb7d07206021cf31f3382d5cdecba1
SHA512 3f8b7179cc68fdcb33b474b0c9295ffa13454d4eafd4a769332be21fac4fcbf30e69f1b76bc2fa0a818d972c90001fa4bf9272ef7e333205cdfa5008e035a579

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.Licensing.dll

MD5 1a45c5f35d5a5b3bf94f01caae45a641
SHA1 678428c593a7b168803766264e4fe44fab253700
SHA256 3410caef0cb538e883b3e4a2ef8bc26c1aeb7d07206021cf31f3382d5cdecba1
SHA512 3f8b7179cc68fdcb33b474b0c9295ffa13454d4eafd4a769332be21fac4fcbf30e69f1b76bc2fa0a818d972c90001fa4bf9272ef7e333205cdfa5008e035a579

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuLabel.dll

MD5 e65106de1d954a8ba99dba7fdc3757ab
SHA1 459c0bab697f3ac7b444464d3dffaf87adf0b9a8
SHA256 2c8f73e8f50125bb05f3951bd84de284e99f723102de08aa612e2abd77d170ab
SHA512 f8b643b4a5af93c9d8fdf8011e44592fcddf7b1a09335426222ebe5299cffb30015b8c5aff7c33b4897b33005a6c4d6b6123cc5add4a7c21d81acd53e8069e93

C:\Users\Admin\Downloads\Debug\Debug\Bunifu.UI.WinForms.BunifuLabel.dll

MD5 e65106de1d954a8ba99dba7fdc3757ab
SHA1 459c0bab697f3ac7b444464d3dffaf87adf0b9a8
SHA256 2c8f73e8f50125bb05f3951bd84de284e99f723102de08aa612e2abd77d170ab
SHA512 f8b643b4a5af93c9d8fdf8011e44592fcddf7b1a09335426222ebe5299cffb30015b8c5aff7c33b4897b33005a6c4d6b6123cc5add4a7c21d81acd53e8069e93

memory/3672-448-0x0000000005300000-0x0000000005310000-memory.dmp

memory/3672-449-0x0000000005300000-0x0000000005310000-memory.dmp

memory/3672-450-0x0000000005300000-0x0000000005310000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a5162946e73f616be73ab15366571e1e
SHA1 003b324a761d96b92439f3980d218df759063fc7
SHA256 66a168472c81d66be99c498ee4a1d4257fc06ecc0ccadb2c815256ff9e3b2e3b
SHA512 c62c36bd859cffa4384bf4c3a6fd46913d5e784c599041ecdd958542f54a7dcf42858a5c79abd908663ec64308d7780604b1d0cc77155ba9a83bb54b902e61d1

C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.pdb

MD5 d3b3ccdf0430d0ff5ff383eacabc2d26
SHA1 a9439366b7e8645f7f96410b0fb52a87a140501e
SHA256 4a266585a669a991e6aef339da4bb71ca3e312a027d9a235a5616ea49cbee6de
SHA512 c6f3657e993b060b46bc1ce9c1f80e7ca87695729e977e19244b508eb1b3e87b7a9dce8d63dce8255bbb5f4207809be288fbd3391e7ca07dd579f613cd30780c

memory/3672-461-0x0000000005300000-0x0000000005310000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\GTAG GUI.exe.log

MD5 8c2da65103d6b46d8cf610b118210cf0
SHA1 9db4638340bb74f2af3161cc2c9c0b8b32e6ab65
SHA256 0e48e2efd419951e0eb9a8d942493cfdf5540d1d19ff9dae6f145fb3ebcbeeac
SHA512 3cf5a125276e264cd8478f2b92d3848fb68b96d46eb4a39e650d09df02068c274881a1c314cdfbfdcb452672fb70dd8becf3ffe9562d39919d9c4d6b07fbb614

C:\Users\Admin\Downloads\Debug\Debug\GTAG GUI.exe

MD5 45e704327dc60ee44308d852f2559d2a
SHA1 9514b3ad4e4ac2ffaaf1a53bd365e183b12d42ed
SHA256 0c071497334f0ece1f7217f0572b13c78ae1a37f466993ddea8f48e99826606d
SHA512 71a74ec690e32543a1cfb002d5fc12802b38afe241b3e5a17ffe2b8943387fc0bb6f4a8b6a0714c475963faf91a8511d912f8c7622c7f03664c095d6428da5d5

memory/4220-465-0x0000000005AD0000-0x0000000005AE0000-memory.dmp

memory/4220-466-0x0000000005AD0000-0x0000000005AE0000-memory.dmp

memory/4220-467-0x0000000005AD0000-0x0000000005AE0000-memory.dmp

memory/4220-468-0x0000000005AD0000-0x0000000005AE0000-memory.dmp

memory/4220-478-0x0000000005AD0000-0x0000000005AE0000-memory.dmp

memory/4220-479-0x0000000005AD0000-0x0000000005AE0000-memory.dmp