Resubmissions

25-08-2024 14:11

240825-rhfkpsybnb 10

25-08-2024 14:06

240825-ret9pazcpr 10

Analysis

  • max time kernel
    569s
  • max time network
    569s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25-08-2024 14:11

General

  • Target

    SeroXen-main.zip

  • Size

    14.7MB

  • MD5

    0a682639d15acff9fa26d868b718a70e

  • SHA1

    a87722f3d2454383bb53d63845290d065551104a

  • SHA256

    424691c17ca850f4b9d390a795b5c416f3df3c37f223c90fcc8544344ae86b5d

  • SHA512

    479163fde3bc8fe972cda20f4b0d092c51cc511ee9b3f614f62c8a87cbc21e2d6dd71e0fe62d3932122e1706fe528bc52689ad81b5bbf270afa70164f55917d9

  • SSDEEP

    393216:ob5vzXcRjp+Chy8a8ZUvNKz5QMBYkdDBV4Xfdaup6E94D:ob1rm4Chy8avvwvBJBveQup6E9e

Malware Config

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

  • Quasar payload 2 IoCs
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Loads dropped DLL 1 IoCs
  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • Themida packer 5 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 13 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\SeroXen-main.zip
    1⤵
      PID:1476
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Drops file in Windows directory
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4732
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffbd6f6cc40,0x7ffbd6f6cc4c,0x7ffbd6f6cc58
        2⤵
          PID:3364
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1800 /prefetch:2
          2⤵
            PID:4836
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2076,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2088 /prefetch:3
            2⤵
              PID:2336
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2196 /prefetch:8
              2⤵
                PID:4848
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3232 /prefetch:1
                2⤵
                  PID:328
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3284 /prefetch:1
                  2⤵
                    PID:2220
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4408,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3552 /prefetch:1
                    2⤵
                      PID:1200
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4736,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4764 /prefetch:8
                      2⤵
                        PID:4584
                      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
                        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
                        2⤵
                        • Drops file in Windows directory
                        PID:3100
                        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
                          "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff723ce4698,0x7ff723ce46a4,0x7ff723ce46b0
                          3⤵
                          • Drops file in Windows directory
                          PID:752
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4804,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4668 /prefetch:8
                        2⤵
                          PID:1528
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4952,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4792 /prefetch:1
                          2⤵
                            PID:4984
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3376,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3228 /prefetch:1
                            2⤵
                              PID:4024
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5000,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3456 /prefetch:1
                              2⤵
                                PID:976
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4788,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4700 /prefetch:1
                                2⤵
                                  PID:1856
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3368,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3292 /prefetch:8
                                  2⤵
                                    PID:4772
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3760,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4996 /prefetch:8
                                    2⤵
                                    • NTFS ADS
                                    PID:3048
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3548,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4916 /prefetch:8
                                    2⤵
                                    • Drops file in System32 directory
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:2452
                                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                  1⤵
                                    PID:3996
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                    1⤵
                                      PID:4648
                                    • C:\Windows\System32\rundll32.exe
                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                      1⤵
                                        PID:1512
                                      • C:\Windows\System32\rundll32.exe
                                        C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
                                        1⤵
                                          PID:1448
                                        • C:\Users\Admin\Desktop\SeroXen-main\SeroXen.exe
                                          "C:\Users\Admin\Desktop\SeroXen-main\SeroXen.exe"
                                          1⤵
                                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                          • Checks BIOS information in registry
                                          • Loads dropped DLL
                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                          PID:3448
                                          • C:\Windows\System32\cmd.exe
                                            "C:\Windows\System32\cmd.exe" /C ping 127.0.0.1 -n 4 > nul & taskill /F /IM "SeroXen.exe" & taskill /F /IM "SeroXen HWID Reset.exe" & taskill /F /IM "SeroXen Toolkit.exe" & rmdir /s /q %userprofile%\AppData\Local\SeroXen & rmdir /s /q %userprofile%\AppData\Local\SeroXen & del /f %userprofile%\Desktop\SeroXen.lnk & taskkill /F /IM "SeroXen.exe" & taskkill /F /IM "SeroXen HWID Reset.exe" & taskkill /F /IM "SeroXen Toolkit.exe" & rmdir /s /q "C:\Users\Admin\Desktop\SeroXen-main" & rmdir /s /q "C:\Users\Admin\Desktop\SeroXen-main" & exit
                                            2⤵
                                            • System Network Configuration Discovery: Internet Connection Discovery
                                            PID:3020
                                            • C:\Windows\system32\PING.EXE
                                              ping 127.0.0.1 -n 4
                                              3⤵
                                              • System Network Configuration Discovery: Internet Connection Discovery
                                              • Runs ping.exe
                                              PID:560
                                            • C:\Windows\system32\taskkill.exe
                                              taskkill /F /IM "SeroXen.exe"
                                              3⤵
                                              • Kills process with taskkill
                                              PID:1708
                                            • C:\Windows\system32\taskkill.exe
                                              taskkill /F /IM "SeroXen HWID Reset.exe"
                                              3⤵
                                              • Kills process with taskkill
                                              PID:4644
                                            • C:\Windows\system32\taskkill.exe
                                              taskkill /F /IM "SeroXen Toolkit.exe"
                                              3⤵
                                              • Kills process with taskkill
                                              PID:2224
                                        • C:\Users\Admin\Desktop\SeroXen-main\bin\Quasar.exe
                                          "C:\Users\Admin\Desktop\SeroXen-main\bin\Quasar.exe"
                                          1⤵
                                          • Suspicious use of FindShellTrayWindow
                                          • Suspicious use of SendNotifyMessage
                                          PID:5112

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                          Filesize

                                          64KB

                                          MD5

                                          b5ad5caaaee00cb8cf445427975ae66c

                                          SHA1

                                          dcde6527290a326e048f9c3a85280d3fa71e1e22

                                          SHA256

                                          b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

                                          SHA512

                                          92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

                                        • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                          Filesize

                                          4B

                                          MD5

                                          f49655f856acb8884cc0ace29216f511

                                          SHA1

                                          cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                          SHA256

                                          7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                          SHA512

                                          599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                        • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                          Filesize

                                          1008B

                                          MD5

                                          d222b77a61527f2c177b0869e7babc24

                                          SHA1

                                          3f23acb984307a4aeba41ebbb70439c97ad1f268

                                          SHA256

                                          80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

                                          SHA512

                                          d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                          Filesize

                                          649B

                                          MD5

                                          da2bafe48e3dee2e67e0555b4a7820c0

                                          SHA1

                                          11fc827b069acf1b718d90bc7caf372ef4dbedc1

                                          SHA256

                                          e05029d5e0d7453fa405dd06aa0b1c633474d21212d000356f09621ba06b86f8

                                          SHA512

                                          89810e95440da8245cadd949043285700b537ec4bd7e90e2d263b70f45fd30bd168b7bde163a251b780653b96fcbca5dd8ebb8b12ce09a452633c3277a1417a3

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

                                          Filesize

                                          212KB

                                          MD5

                                          2257803a7e34c3abd90ec6d41fd76a5a

                                          SHA1

                                          f7a32e6635d8513f74bd225f55d867ea56ae4803

                                          SHA256

                                          af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

                                          SHA512

                                          e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                          Filesize

                                          216B

                                          MD5

                                          d0df626bd3205750700654627dd48e76

                                          SHA1

                                          d9e348f3e827951b40f6aec18d13523e59bf3b0a

                                          SHA256

                                          c4614aa715f2b5ce0ca30649a556bf20e06cc16cc318d7568ac98739c656c0dd

                                          SHA512

                                          f553efc200eb8ab6df3eda90b64015ffe987215723b795892d50a04d77d14b7b2a1893acd9ab07b5eee4ac07c63c191cd9945cf53a72c13e357598f85fe85c40

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                          Filesize

                                          3KB

                                          MD5

                                          2997e586db0004170e0600968e3ecf8f

                                          SHA1

                                          4cb0e02de746111f74b4dba4cd6521e0bd804d1a

                                          SHA256

                                          efa33a2199203594e3c0f7bf3e78f5cc9d2c2f2830f69a06bc1c07123ccf2a54

                                          SHA512

                                          b89f03daf66e30ebed259b24b8ebdced81963692cf8d06a90eac7d15ed86d8a0eb59afa4ffdfa493a60e66e23af996951b0ae638d042398d76c7f56366791abd

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                          Filesize

                                          3KB

                                          MD5

                                          a4936d67d4d2fa6a7057a68e8900ec41

                                          SHA1

                                          b960afc91b701711ffef2b74885f625737f597df

                                          SHA256

                                          4320450d171161e772329c3f525ef5ef63cb694ded434a8b6d24e5cc178b3406

                                          SHA512

                                          9b47f0bdfb680d17aba75fbfe86e0e97294bc7fe082cbdf873bd4c2b3eaa8199a67db27193fb7f2d70aecb8f2cdb266e6cf999da69eb2db5b0583ef0b8de6fe3

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                          Filesize

                                          3KB

                                          MD5

                                          1f971908459c9d561317f2fee239aa3d

                                          SHA1

                                          f5fc6ef2eedbe0351963d6a49d01c80a5a320797

                                          SHA256

                                          30dd3cb962e59f3ebf10f55694db5cb61543723aac5d59d850051412cd515db9

                                          SHA512

                                          78779e375f933e563357acbaf6120e6a60d3c4c9fca785bc9f84e693c25eb3eebfe0e2926638e4a6d06ea270933e9b9787ecc95da0fee4ebd4a8e98465da40dc

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                          Filesize

                                          4KB

                                          MD5

                                          345539188ab01f322a5db6e6ff9b6cfd

                                          SHA1

                                          31e40c8168c057768f8a6e1f15f569b7f1c45008

                                          SHA256

                                          eea58de46de4131fc9429d81c046d146008522eb243855dc9be08678f1643d17

                                          SHA512

                                          0c19ee9b9a9439cf490429a533944ddaff87bc8a28ccf0553e6aca173edd64d87cc82e8072495dc7a0830a758b95b523d3b39fe6c8baa160a2ceffebc0d416da

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                          Filesize

                                          3KB

                                          MD5

                                          92489791880feee49ba3b0c441e7635d

                                          SHA1

                                          98eb40508be3c880e30ca01ff6913b09349d888e

                                          SHA256

                                          f7ffe6cb665dc0c6e7ff7f47c530a557a5aa0d5c5a87b57c8820930b75e4c6be

                                          SHA512

                                          b5fbca9470efbdfeea2f7f467d42b499cc330914ca8489a67ae05fbff003803857fcbe3bc3a0a01bf8ce1844647f7252aa2e530427c17e212d354e03b7ace7b1

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                          Filesize

                                          4KB

                                          MD5

                                          b15433435f8dd781ecc4150c0ab995be

                                          SHA1

                                          4f12540d40664f6f61b4f82bade619e1a0b4d7f7

                                          SHA256

                                          8bca777cba1bf9110476470159f98a882ea1f6ac1df6c5f24da552532f9b24b2

                                          SHA512

                                          db0be2768bbe013360f41b9c21b61a9973c6894708c9a82c16fdf58623061972e179e4d6c9605e5134304b60408011575421df0eabcfae43011e400c790f2edd

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                          Filesize

                                          2B

                                          MD5

                                          d751713988987e9331980363e24189ce

                                          SHA1

                                          97d170e1550eee4afc0af065b78cda302a97674c

                                          SHA256

                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                          SHA512

                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          1KB

                                          MD5

                                          624a17ac92cf1ee3b023003d171d9d9a

                                          SHA1

                                          c77a7846a1a476d4c770734996cd6ecf4c8bf6c5

                                          SHA256

                                          0158ae988cb1b5f492b1e1c84421de37b454bcd273d57661e26e13829e78dada

                                          SHA512

                                          af254324a00f2db2c4d196a303fae935b18b65ea9bb958888443787038f840086b7b1a4200ce347f68439d288dc90a7213d247556677073b51d23e058bacab77

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          1KB

                                          MD5

                                          21a33e945cef1dcd25073de2e7ce5cad

                                          SHA1

                                          4408ffb59d8b3d356ba8c82aeb6b2b6f0bd1603b

                                          SHA256

                                          e348925e8cf2b6d8261e1d716ef785230705a1257dcb539c7e7c66a53a2589bc

                                          SHA512

                                          6cb42deb4b64f2a20a883ac082fe77cb444ec47a9f51741ccdd5209f57e736be7fbc401f0b45f4df1b9f3a509485e5c710ddb3e075761dbf58553cd6dc85aa17

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          1KB

                                          MD5

                                          cd4e9ceaafed1f0630d440345a60527a

                                          SHA1

                                          f3a57bbb7a36cfe6c75c44d6574b72abe122708a

                                          SHA256

                                          0a6dc00ad794ff9175c2a7ec9d8352b064b9f6d356d623e8dcdde7d2eac8de66

                                          SHA512

                                          4821f97b3722b9be902022b2c06469e08e7fe5728ff55807c55d96e305c6d036c6c59ce1c107533d93e2a237ba8cfc567f9bdc65e1f491451bb58a6622d8eac0

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          356B

                                          MD5

                                          7e12ebff3ee45c7fb640de5b2a03e65e

                                          SHA1

                                          f41287ba7d7946d00b66d6896a2b13cdc0cc45ac

                                          SHA256

                                          4efec8671431f924e056d6c8218932ca2f1bd800ba638c636cb632e1cdada343

                                          SHA512

                                          631d267529f628457b73fd260685da76de32f239e6a2ca81bf730f7106137de76c8f919e92ec293276f87f6935e2057b1862da2ccc8e6f2b76d6e87aefdd35ac

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          10KB

                                          MD5

                                          e95597335baf150d66fb599b5a522b79

                                          SHA1

                                          8b6e51d45b8737ca27ccd5acf2c83e15b032dc22

                                          SHA256

                                          cf8671a0c771ce886bd7de18bfa78514caaa159e91b648abec3222ccd0eb1f52

                                          SHA512

                                          53923587557e249422648ff8554d3fc252795a1769cd50cf0623ce9adce40e40c7887ad69fd51fc14ab212460fdf9110b521f42f14ddbd825d8bd86fb6be4ea1

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          10KB

                                          MD5

                                          238c0bbe5216ebac4aa0e69fbd26c1ca

                                          SHA1

                                          fdcd0667e683b87419aedd6f0b8c213e04ca89cd

                                          SHA256

                                          24d12726aff36679f6012bef6e3f66fdd62d0fbb4b7bc3a41f2a6756e5526543

                                          SHA512

                                          282e09493c77a779e4f095c89646b92473d04d512b0ec0ea815220dd1136e83af6267c1e58e42dc1eef28353a4ac8ded5388f4ce8ef8f40acd28cdb3915e1c7d

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          10KB

                                          MD5

                                          5b2d3873e8f4f0b4c96bcdd560f05cfd

                                          SHA1

                                          db1ef32da51a9834f8b39370c564ac3ec1344878

                                          SHA256

                                          baf9965aafbc957ac226c5fdac3a2cdeddb1afe8c75e713ab4bafbd26c7965de

                                          SHA512

                                          c501fefa03fbcadf0b35e674dcfefeb55e7855b2376a3e8666215f8226893a458cc463191c5ac914876b80e421a5f95a1f10f5cfa00289b03ef94042d5fd64de

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          10KB

                                          MD5

                                          0a112f2cfcc69d977f7766c5beb8935b

                                          SHA1

                                          c304f0ce008de3fac148f5d89c391b065d718407

                                          SHA256

                                          d4081c1ef9a37b1e5c9ce5a41263f9a5de6f8162de9db0e8ae7a036a6662b0fd

                                          SHA512

                                          72613f45f60a0290b6fe9bc9360aedc328c28e76ab9d81d44f2b7ba12b4e06940c9524b329031ab554fa3bb53ff60f26282f54c51e9977886679dd19e3e48ecf

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          10KB

                                          MD5

                                          4bcc27aceb1181cec3fffab5420e77e2

                                          SHA1

                                          13c0e2e5c384ef97ed511ca1f1d3ffaeae2433b9

                                          SHA256

                                          26d49fad5521b80d4a0f58e905cc78627063cbd9acc43b2e15cd1114902d2a6b

                                          SHA512

                                          90f0549bfa7270506a4483f638cc1dde0cdc147a86107539a4820dc479da5e6eed73efda5e53eb56369977b889f3435efc1cd7126fe465d8cc09d4788322b000

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          10KB

                                          MD5

                                          7c7fad9dfc27643d4851d42f5490e31a

                                          SHA1

                                          0af0a86ac7d9e95ae53ccf584e0dd6674d86da5c

                                          SHA256

                                          1b7c41029ec7c5cf3fe453d043ae51d8fe60d03266096e71540984ec6021c9c7

                                          SHA512

                                          0bf6be2fa062a8a60f580178beef3f6c9e90619e2796ec92fe23376f099e9d4be1fa06df876920f8d4cfb41079ec4f72a271d5ce043c6c8688a90940ea0eb98b

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          10KB

                                          MD5

                                          92cdf8c9faf02dbfdce528dc678516c3

                                          SHA1

                                          a9a00267203b7e14b5c10abfba1bc93fe9d633dd

                                          SHA256

                                          51ed38d055e03fc1007acad61abd8be2e0eb5807166f2eacb00b1c11a2c9a119

                                          SHA512

                                          88051d403aab21abb33679315c3eec379ce6b1458c6c67744f5f096e4fb611e77f6a6e760d663c0e84e3e322b9dd3db2eadba567aa5a5be65da95c8649521373

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          52f0a60eee464bea084f7973a1e0a057

                                          SHA1

                                          dccf4905b701daf8adcb5c993805958efd0ea07c

                                          SHA256

                                          df926ff5ad449d3d74ea5d077a1ee3b6acfbd8181bac2bb71b5897f8d96b22e5

                                          SHA512

                                          6012f175c983f8ca27112d0805e48c38dd6fbd082b130e21ea3b86e195fc1fba1fb90493de43d8633d0f1079ebfff7b33b4866f88755c72c142471b050bcd47c

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          10KB

                                          MD5

                                          6541ad9c333ce3fdda23ae01caf33981

                                          SHA1

                                          fabc2675dd67ff181010614a7e76ba87de1b0096

                                          SHA256

                                          8b7c2ae32228d8f52416c91fd0ca49439dbe8f6e86388c495c052068af7f7c3e

                                          SHA512

                                          a5cb294a1e8f57570650941763febb852de874a71b9a16dc32a052e7856fef840438a19bcb69d14ed249ef58b85081e6ef9ba43b60deebde5dff1148ad75e33c

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          10KB

                                          MD5

                                          1e9a6d4dae5ea6d570a3afc6d29b5249

                                          SHA1

                                          52a58a4db15605792d5e129dde4f0482e1a47c18

                                          SHA256

                                          49f5fe1f6092a2caeff8c15a6218dfc6a4578a88615e3a500ad34123a62ed4ec

                                          SHA512

                                          53a421abbc844afea8cb820ee633fbd82aee92bc9ee22fcadc7dcd9854f11d2545b3da2cbc7f767c031a9ae2c0829f882519766a70960121a0bb386c6e687141

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          10KB

                                          MD5

                                          ae3e54b41789fee14780e7c2f1289ab3

                                          SHA1

                                          05b780b178d0f8edb806c91c4f4324586e6bb7f1

                                          SHA256

                                          6bed6b3ce0f6cef89366b8b02bfda76cf20fb77e4fad935e3096c9e5fdf48b63

                                          SHA512

                                          7398fc6ccd59e1bc9c3550df6f5102508a87e6cc57dc2c2f42b1d4e96a95393482b93436cb341ff0475268058caf15d78ec944e1c8ac635d18b0b3aabd3ceb51

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          10KB

                                          MD5

                                          86773f0febfb0245adab4a3a01124ff6

                                          SHA1

                                          28c1e335daf61b34edf4736fdaaaaa14dbf823c8

                                          SHA256

                                          f3bb09db58e08d5f8b99ba6658eae19cb5eacf54c2b2ee25a1ff55b0bca9b790

                                          SHA512

                                          f2217c21debf6ea959eeb937ecb631316f21a8937e57ae0bca5a6c2e1e79eb5443506744c9fa4de0adf942c424afb10574e5e7210b4a64253728c84be510a02c

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          10KB

                                          MD5

                                          a6d54ff59d3016dbd1aa1990034a2ae2

                                          SHA1

                                          650367b3844b96ca20efcf0da6334da9394edd9f

                                          SHA256

                                          dbd5e88f6305da0b287e727c1aa04d18d94f2ace25a3cd35760591cbf8648d88

                                          SHA512

                                          87b38f77f260ddad07130f455fdf523bb13827e2d61e67bd6a015870694c34f82f6c403e12ead3a383608560d273b8d04beef06eb56c4694892afa2555dcd8ca

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          10KB

                                          MD5

                                          6ad200e09a22f2a692cd232f7b239ea2

                                          SHA1

                                          6d544618f00f77e98cf70e90fce319109e0b1671

                                          SHA256

                                          09a260bb85e93e29f20689e01972328a933010117782bbdc071234b1f537daab

                                          SHA512

                                          14c712e0f8230722bd5c0e91756c85d80a1b96dfb426c386fd00cfbc9e7ee80b30e354bf032538947cf3cbe3a8ebdb256c3fc351711d590fe564418a543b14ff

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          9201ace524a636172f212fd5c2d3b9d6

                                          SHA1

                                          367e79146574ed5b3390deffe97f7da9a58d04d4

                                          SHA256

                                          7a0ce9dd09b9510f5b35701d5f7060c3afe1b4ba66c93a16b752dad1b4a96634

                                          SHA512

                                          67142ae9b643ecc7c5e37a2d6ba64c1c571d512990998144ebcb93caa7e529812a25e485eb6dd30d3f7081885703e644e1c469a473764ef232542ad944ecddac

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          10KB

                                          MD5

                                          628a337e9a47e6b56d3b5933de0ff686

                                          SHA1

                                          a3c9c8fac8feaa967eb75c7b763bd9a80f21d1a3

                                          SHA256

                                          069a9af82c04a29ab814fec2b819e2e70fc312d28695010d965918cdf266b2a6

                                          SHA512

                                          ecae1d38725140f513ec1c89644f5f42a0b49d883dfac33acadac9bf3fafded78e0d6fafc7788bd42a3c31f546b666813e5d5d7b2f7f22bfd8e1f55c72995ade

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          10KB

                                          MD5

                                          de619e1770b8e1c9bddbf9d20b3e96fb

                                          SHA1

                                          4ff44a889e37efc1468046fccb32f28aa45b2990

                                          SHA256

                                          a33c745234718f3582ff01abaa56749aad7bd72a3df55aaf3cc59e43e8dceba1

                                          SHA512

                                          45b0b3e3d3de61c945e6377e18b731df2250c1556ab47ad224038fa0451d92329d42a41ebe99351109d82351e3e8f3d1371b79570cb03821bcb6b8b06a3629aa

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          10KB

                                          MD5

                                          a880268d2285c4c5ae8c9082e4ffe965

                                          SHA1

                                          2df0e4e69e77f47b8822afb120558fd354be640c

                                          SHA256

                                          14b0847a3aa7e3ed3cbe0fcb8039e2e5134074f9daad97f43145bbfe0fb3f383

                                          SHA512

                                          fe86f2b7811f03ea959b6eba12585b26aa4c712740ca71f4b8f21a3515c38b0d77bc92664faae7ff29940d470e8683462ec93e1447d4fb104c2cdde62f0849df

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          10KB

                                          MD5

                                          ef25c5544af8875abbdfc566448693de

                                          SHA1

                                          9960f8efe5344fa700a00ddd5d210c583539da4c

                                          SHA256

                                          fc0f72a700bc5c5f5d8344c8652ff41804da3b1cfb7f32566da5ee34d35dd2c0

                                          SHA512

                                          b7af5b4ea8649b181d6da9db19a4b3bed9847906a711bc19b6a1e39d6b6b2a2a627cd1c4bb3b38b8217c677cdabcd9512e52d37c654f763ca848c96256be5690

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                          Filesize

                                          15KB

                                          MD5

                                          c1113440650405c0f1b4d0266f51d8bf

                                          SHA1

                                          bdd172e0abb415fb6eccd628baec788da278abcf

                                          SHA256

                                          22264f1bdbac1b17ff5bca8ea9baeba1dabd7f301b422d372f2ab94c9527cb02

                                          SHA512

                                          63f0bcd6c17d57c4abc180aba4a9d596d4df83bac7f2d7f2aea0c72abc82fca89a2ddeaec2256aa27aae01d7b0e62a00fdcc3a59b78dfd64fcb9797d94177934

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c9d79289-e246-40a8-9213-a359a17296b5.tmp

                                          Filesize

                                          9KB

                                          MD5

                                          65fb69f1032212343f1413bc06fa8293

                                          SHA1

                                          3e60597681ce0d2ddf55f5e6d91279a1865a4447

                                          SHA256

                                          c5555439fc7bbaa8cd29745a977a520ef80223eb41711bc5d4c78c77bbcf5e3c

                                          SHA512

                                          60b9bf4c6a791abaa7a6d74896b5e5a7714f8cad03a51e8a333a812a4919744602ca792926da1ec17bcf2c0ed0fe7bff4e7b60c14e5864ae5e7e02fcf4f5eefe

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          198KB

                                          MD5

                                          b5e016466ef85e94f67003fbbd044c07

                                          SHA1

                                          dd691f35dbf47d29cf629cab58e8567e279e4e2f

                                          SHA256

                                          52cd91dba00bc47c01c5829d59dee1aaf9893f08e86adf8dc0df89c70f519a40

                                          SHA512

                                          59ea6de19cd6805f8e484eb97423f08fd94a45f477a5326bc55bcda41ddc63edd70f655f631a61f53ae5bf8baa2087f8ffcf3310a33ad3d8b69183f9d31959a6

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          198KB

                                          MD5

                                          b45c8deceb0aaac419c23459177575ed

                                          SHA1

                                          79abde7bd3c4cb9a4fb4426bf8d557210b157031

                                          SHA256

                                          41044265ff1c2666f2b73c01d21a198167239e89c91a83cb0173ed59d3e3638e

                                          SHA512

                                          ff7dfae964dea1e8e1c2613494fc12e4ae4a0c5de187c9e6414597c542d9380001f4a90eaccfdcbe8a0f343a78921396c803802482cb3af9b5b946973d729eb4

                                        • C:\Users\Admin\AppData\Local\Temp\49979061-04bb-41a9-8625-de2d15652f02\AgileDotNetRT64.dll

                                          Filesize

                                          3.0MB

                                          MD5

                                          e3bd88b3c3e9b33dfa72c814f8826cff

                                          SHA1

                                          6d220c9eb7ee695f2b9dec261941bed59cac15e4

                                          SHA256

                                          28e9458a43e5d86a341590eaa83d0da18c29fce81f2383d84bda484e049a1796

                                          SHA512

                                          fcb7e384b5bda0f810c4b6190a991bd066eedfc8fc97af9837cda1ba480385c8bc09bd703c1029f9d8d8a3eea3dbc03af97b014b4713a4ceea6ad6ae85b3b6e9

                                        • C:\Users\Admin\Downloads\Quasar.v1.4.1.zip.crdownload

                                          Filesize

                                          3.3MB

                                          MD5

                                          13aa4bf4f5ed1ac503c69470b1ede5c1

                                          SHA1

                                          c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00

                                          SHA256

                                          4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

                                          SHA512

                                          767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

                                        • C:\Users\Admin\Downloads\Quasar.v1.4.1.zip:Zone.Identifier

                                          Filesize

                                          26B

                                          MD5

                                          fbccf14d504b7b2dbcb5a5bda75bd93b

                                          SHA1

                                          d59fc84cdd5217c6cf74785703655f78da6b582b

                                          SHA256

                                          eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                          SHA512

                                          aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                        • \??\pipe\crashpad_4732_TDJIMERXTYNYSGWX

                                          MD5

                                          d41d8cd98f00b204e9800998ecf8427e

                                          SHA1

                                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                                          SHA256

                                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                          SHA512

                                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                        • memory/3448-528-0x00007FFBBB1E0000-0x00007FFBBBA3F000-memory.dmp

                                          Filesize

                                          8.4MB

                                        • memory/3448-574-0x00007FFBBB1E0000-0x00007FFBBBA3F000-memory.dmp

                                          Filesize

                                          8.4MB

                                        • memory/3448-542-0x00007FFBBB1E0000-0x00007FFBBBA3F000-memory.dmp

                                          Filesize

                                          8.4MB

                                        • memory/3448-530-0x0000020165CB0000-0x0000020165CEC000-memory.dmp

                                          Filesize

                                          240KB

                                        • memory/3448-531-0x000002017E690000-0x000002017E6CE000-memory.dmp

                                          Filesize

                                          248KB

                                        • memory/3448-529-0x00007FFBBFFC0000-0x00007FFBC010F000-memory.dmp

                                          Filesize

                                          1.3MB

                                        • memory/3448-527-0x00007FFBBB1E0000-0x00007FFBBBA3F000-memory.dmp

                                          Filesize

                                          8.4MB

                                        • memory/3448-519-0x0000020163AB0000-0x0000020164032000-memory.dmp

                                          Filesize

                                          5.5MB

                                        • memory/5112-571-0x000001C95B290000-0x000001C95B552000-memory.dmp

                                          Filesize

                                          2.8MB

                                        • memory/5112-560-0x000001C9402E0000-0x000001C9402F6000-memory.dmp

                                          Filesize

                                          88KB

                                        • memory/5112-559-0x000001C93E580000-0x000001C93E6B8000-memory.dmp

                                          Filesize

                                          1.2MB