Analysis

  • max time kernel
    34s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-08-2023 16:25

General

  • Target

    f7bb35dc4fbeba4d17e509393ad4131f_mafia_JC.exe

  • Size

    3.5MB

  • MD5

    f7bb35dc4fbeba4d17e509393ad4131f

  • SHA1

    58326a6027755fc8246ee244fce6598092ffc042

  • SHA256

    d13a693358ab8c6dbb22976e22d6ec9052842276d0d737a7e3a8e9030d309089

  • SHA512

    b5d3d4a4b08f6a368bf9d9464a8233f65bb98853d7613e454c594c15bb29f6171416acd58c4924a1ed81770bfd864b5daae5b3cd870e8f7ad0cd81c4871a2101

  • SSDEEP

    49152:a9yiCJ5rFwnANZGEXep+9TxFegOSDAmosh3ANkTTlQmlI8zrx+jWqZdLO:RJ5rFwnApezgOS9V3AMdld8jW0O

Score
8/10

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 6 IoCs
  • Enumerates connected drives 3 TTPs 12 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Program crash 48 IoCs
  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f7bb35dc4fbeba4d17e509393ad4131f_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\f7bb35dc4fbeba4d17e509393ad4131f_mafia_JC.exe"
    1⤵
      PID:3324
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2304
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 2304 -s 6208
        2⤵
        • Program crash
        PID:2488
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3528
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -pss -s 444 -p 2304 -ip 2304
      1⤵
        PID:2156
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2324
        • C:\Windows\system32\WerFault.exe
          C:\Windows\system32\WerFault.exe -u -p 2324 -s 7416
          2⤵
          • Program crash
          PID:4544
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:816
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:1100
        • C:\Windows\system32\WerFault.exe
          C:\Windows\system32\WerFault.exe -u -p 1100 -s 3976
          2⤵
          • Program crash
          PID:5048
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -pss -s 468 -p 1100 -ip 1100
        1⤵
          PID:4152
        • C:\Windows\system32\WerFault.exe
          C:\Windows\system32\WerFault.exe -pss -s 544 -p 2324 -ip 2324
          1⤵
            PID:4360
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
            • Modifies Installed Components in the registry
            • Enumerates connected drives
            • Modifies registry class
            • Suspicious use of SendNotifyMessage
            PID:4760
            • C:\Windows\system32\WerFault.exe
              C:\Windows\system32\WerFault.exe -u -p 4760 -s 4920
              2⤵
              • Program crash
              PID:380
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:2404
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
            • Modifies Internet Explorer settings
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:4548
            • C:\Windows\system32\WerFault.exe
              C:\Windows\system32\WerFault.exe -u -p 4548 -s 3608
              2⤵
              • Program crash
              PID:1928
          • C:\Windows\system32\WerFault.exe
            C:\Windows\system32\WerFault.exe -pss -s 552 -p 4548 -ip 4548
            1⤵
              PID:4912
            • C:\Windows\system32\WerFault.exe
              C:\Windows\system32\WerFault.exe -pss -s 448 -p 4760 -ip 4760
              1⤵
                PID:1732
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:4064
                  • C:\Windows\system32\WerFault.exe
                    C:\Windows\system32\WerFault.exe -u -p 4064 -s 7324
                    2⤵
                    • Program crash
                    PID:2768
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:4416
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                    • Modifies Internet Explorer settings
                    • Modifies registry class
                    • Suspicious use of SetWindowsHookEx
                    PID:4224
                    • C:\Windows\system32\WerFault.exe
                      C:\Windows\system32\WerFault.exe -u -p 4224 -s 3632
                      2⤵
                      • Program crash
                      PID:4292
                  • C:\Windows\system32\WerFault.exe
                    C:\Windows\system32\WerFault.exe -pss -s 540 -p 4224 -ip 4224
                    1⤵
                      PID:1092
                    • C:\Windows\system32\WerFault.exe
                      C:\Windows\system32\WerFault.exe -pss -s 408 -p 4064 -ip 4064
                      1⤵
                        PID:1152
                      • C:\Windows\explorer.exe
                        explorer.exe
                        1⤵
                        • Modifies Installed Components in the registry
                        • Enumerates connected drives
                        • Modifies registry class
                        PID:3932
                        • C:\Windows\system32\WerFault.exe
                          C:\Windows\system32\WerFault.exe -u -p 3932 -s 6028
                          2⤵
                          • Program crash
                          PID:2556
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:5016
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                          • Modifies Internet Explorer settings
                          • Modifies registry class
                          • Suspicious use of SetWindowsHookEx
                          PID:2272
                          • C:\Windows\system32\WerFault.exe
                            C:\Windows\system32\WerFault.exe -u -p 2272 -s 3576
                            2⤵
                            • Program crash
                            PID:1272
                        • C:\Windows\system32\WerFault.exe
                          C:\Windows\system32\WerFault.exe -pss -s 412 -p 2272 -ip 2272
                          1⤵
                            PID:4824
                          • C:\Windows\system32\WerFault.exe
                            C:\Windows\system32\WerFault.exe -pss -s 524 -p 3932 -ip 3932
                            1⤵
                              PID:4624
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                              • Modifies Installed Components in the registry
                              • Enumerates connected drives
                              • Modifies registry class
                              PID:2768
                              • C:\Windows\system32\WerFault.exe
                                C:\Windows\system32\WerFault.exe -u -p 2768 -s 6016
                                2⤵
                                • Modifies Installed Components in the registry
                                • Enumerates connected drives
                                • Program crash
                                • Modifies registry class
                                • Suspicious use of SendNotifyMessage
                                PID:4064
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:3896
                              • C:\Windows\system32\WerFault.exe
                                C:\Windows\system32\WerFault.exe -pss -s 532 -p 2768 -ip 2768
                                1⤵
                                  PID:1336
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:4516
                                    • C:\Windows\system32\WerFault.exe
                                      C:\Windows\system32\WerFault.exe -u -p 4516 -s 7416
                                      2⤵
                                      • Program crash
                                      PID:4256
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:1864
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:3196
                                        • C:\Windows\system32\WerFault.exe
                                          C:\Windows\system32\WerFault.exe -u -p 3196 -s 3560
                                          2⤵
                                          • Program crash
                                          PID:3060
                                      • C:\Windows\system32\WerFault.exe
                                        C:\Windows\system32\WerFault.exe -pss -s 548 -p 3196 -ip 3196
                                        1⤵
                                          PID:3984
                                        • C:\Windows\system32\WerFault.exe
                                          C:\Windows\system32\WerFault.exe -pss -s 412 -p 4516 -ip 4516
                                          1⤵
                                            PID:2116
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:2824
                                              • C:\Windows\system32\WerFault.exe
                                                C:\Windows\system32\WerFault.exe -u -p 2824 -s 5760
                                                2⤵
                                                • Program crash
                                                PID:3148
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:2956
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:1780
                                                  • C:\Windows\system32\WerFault.exe
                                                    C:\Windows\system32\WerFault.exe -u -p 1780 -s 3600
                                                    2⤵
                                                    • Program crash
                                                    PID:5116
                                                • C:\Windows\system32\WerFault.exe
                                                  C:\Windows\system32\WerFault.exe -pss -s 536 -p 1780 -ip 1780
                                                  1⤵
                                                    PID:3776
                                                  • C:\Windows\system32\WerFault.exe
                                                    C:\Windows\system32\WerFault.exe -pss -s 532 -p 2824 -ip 2824
                                                    1⤵
                                                      PID:564
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:4400
                                                        • C:\Windows\system32\WerFault.exe
                                                          C:\Windows\system32\WerFault.exe -u -p 4400 -s 5920
                                                          2⤵
                                                          • Program crash
                                                          PID:2168
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:4740
                                                        • C:\Windows\system32\WerFault.exe
                                                          C:\Windows\system32\WerFault.exe -pss -s 404 -p 4400 -ip 4400
                                                          1⤵
                                                            PID:4128
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:3984
                                                              • C:\Windows\system32\WerFault.exe
                                                                C:\Windows\system32\WerFault.exe -u -p 3984 -s 7392
                                                                2⤵
                                                                • Program crash
                                                                PID:4884
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:1264
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:4416
                                                                • C:\Windows\system32\WerFault.exe
                                                                  C:\Windows\system32\WerFault.exe -u -p 4416 -s 3520
                                                                  2⤵
                                                                  • Program crash
                                                                  PID:4792
                                                              • C:\Windows\system32\WerFault.exe
                                                                C:\Windows\system32\WerFault.exe -pss -s 384 -p 4416 -ip 4416
                                                                1⤵
                                                                  PID:4768
                                                                • C:\Windows\system32\WerFault.exe
                                                                  C:\Windows\system32\WerFault.exe -pss -s 412 -p 3984 -ip 3984
                                                                  1⤵
                                                                    PID:4732
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:3356
                                                                      • C:\Windows\system32\WerFault.exe
                                                                        C:\Windows\system32\WerFault.exe -u -p 3356 -s 6060
                                                                        2⤵
                                                                        • Program crash
                                                                        PID:2156
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:1100
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:1868
                                                                          • C:\Windows\system32\WerFault.exe
                                                                            C:\Windows\system32\WerFault.exe -u -p 1868 -s 3600
                                                                            2⤵
                                                                            • Program crash
                                                                            PID:4960
                                                                        • C:\Windows\system32\WerFault.exe
                                                                          C:\Windows\system32\WerFault.exe -pss -s 572 -p 1868 -ip 1868
                                                                          1⤵
                                                                            PID:3192
                                                                          • C:\Windows\system32\WerFault.exe
                                                                            C:\Windows\system32\WerFault.exe -pss -s 524 -p 3356 -ip 3356
                                                                            1⤵
                                                                              PID:2044
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:3588
                                                                                • C:\Windows\system32\WerFault.exe
                                                                                  C:\Windows\system32\WerFault.exe -u -p 3588 -s 7464
                                                                                  2⤵
                                                                                  • Program crash
                                                                                  PID:1160
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:2236
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                    PID:3980
                                                                                    • C:\Windows\system32\WerFault.exe
                                                                                      C:\Windows\system32\WerFault.exe -u -p 3980 -s 3592
                                                                                      2⤵
                                                                                      • Program crash
                                                                                      PID:4336
                                                                                  • C:\Windows\system32\WerFault.exe
                                                                                    C:\Windows\system32\WerFault.exe -pss -s 448 -p 3980 -ip 3980
                                                                                    1⤵
                                                                                      PID:3044
                                                                                    • C:\Windows\system32\WerFault.exe
                                                                                      C:\Windows\system32\WerFault.exe -pss -s 536 -p 3588 -ip 3588
                                                                                      1⤵
                                                                                        PID:2740
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:872
                                                                                          • C:\Windows\system32\WerFault.exe
                                                                                            C:\Windows\system32\WerFault.exe -u -p 872 -s 1124
                                                                                            2⤵
                                                                                            • Program crash
                                                                                            PID:4824
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:4828
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:740
                                                                                              • C:\Windows\system32\WerFault.exe
                                                                                                C:\Windows\system32\WerFault.exe -u -p 740 -s 3548
                                                                                                2⤵
                                                                                                • Program crash
                                                                                                PID:4084
                                                                                            • C:\Windows\system32\WerFault.exe
                                                                                              C:\Windows\system32\WerFault.exe -pss -s 568 -p 740 -ip 740
                                                                                              1⤵
                                                                                              • Modifies registry class
                                                                                              • Suspicious use of SendNotifyMessage
                                                                                              PID:4760
                                                                                            • C:\Windows\system32\WerFault.exe
                                                                                              C:\Windows\system32\WerFault.exe -pss -s 588 -p 872 -ip 872
                                                                                              1⤵
                                                                                                PID:4916
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:3092
                                                                                                  • C:\Windows\system32\WerFault.exe
                                                                                                    C:\Windows\system32\WerFault.exe -u -p 3092 -s 7256
                                                                                                    2⤵
                                                                                                    • Program crash
                                                                                                    PID:1728
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:4732
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:3596
                                                                                                      • C:\Windows\system32\WerFault.exe
                                                                                                        C:\Windows\system32\WerFault.exe -u -p 3596 -s 3596
                                                                                                        2⤵
                                                                                                        • Program crash
                                                                                                        PID:4360
                                                                                                    • C:\Windows\system32\WerFault.exe
                                                                                                      C:\Windows\system32\WerFault.exe -pss -s 404 -p 3596 -ip 3596
                                                                                                      1⤵
                                                                                                        PID:3824
                                                                                                      • C:\Windows\system32\WerFault.exe
                                                                                                        C:\Windows\system32\WerFault.exe -pss -s 184 -p 3092 -ip 3092
                                                                                                        1⤵
                                                                                                          PID:3180
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:1816
                                                                                                            • C:\Windows\system32\WerFault.exe
                                                                                                              C:\Windows\system32\WerFault.exe -u -p 1816 -s 7380
                                                                                                              2⤵
                                                                                                              • Program crash
                                                                                                              PID:1328
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                            1⤵
                                                                                                              PID:3848
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                              1⤵
                                                                                                                PID:4316
                                                                                                              • C:\Windows\system32\WerFault.exe
                                                                                                                C:\Windows\system32\WerFault.exe -pss -s 544 -p 1816 -ip 1816
                                                                                                                1⤵
                                                                                                                  PID:4940
                                                                                                                • C:\Windows\explorer.exe
                                                                                                                  explorer.exe
                                                                                                                  1⤵
                                                                                                                    PID:3160
                                                                                                                    • C:\Windows\system32\WerFault.exe
                                                                                                                      C:\Windows\system32\WerFault.exe -u -p 3160 -s 6044
                                                                                                                      2⤵
                                                                                                                      • Program crash
                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                      PID:5016
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                    1⤵
                                                                                                                      PID:4116
                                                                                                                    • C:\Windows\system32\WerFault.exe
                                                                                                                      C:\Windows\system32\WerFault.exe -pss -s 552 -p 3160 -ip 3160
                                                                                                                      1⤵
                                                                                                                        PID:5116
                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                        explorer.exe
                                                                                                                        1⤵
                                                                                                                          PID:3896
                                                                                                                          • C:\Windows\system32\WerFault.exe
                                                                                                                            C:\Windows\system32\WerFault.exe -u -p 3896 -s 7408
                                                                                                                            2⤵
                                                                                                                            • Program crash
                                                                                                                            PID:4516
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                          1⤵
                                                                                                                            PID:3852
                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                            1⤵
                                                                                                                              PID:1360
                                                                                                                              • C:\Windows\system32\WerFault.exe
                                                                                                                                C:\Windows\system32\WerFault.exe -u -p 1360 -s 3608
                                                                                                                                2⤵
                                                                                                                                • Program crash
                                                                                                                                PID:552
                                                                                                                            • C:\Windows\system32\WerFault.exe
                                                                                                                              C:\Windows\system32\WerFault.exe -pss -s 408 -p 1360 -ip 1360
                                                                                                                              1⤵
                                                                                                                                PID:3360
                                                                                                                              • C:\Windows\system32\WerFault.exe
                                                                                                                                C:\Windows\system32\WerFault.exe -pss -s 184 -p 3896 -ip 3896
                                                                                                                                1⤵
                                                                                                                                  PID:2728
                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                  explorer.exe
                                                                                                                                  1⤵
                                                                                                                                    PID:2196
                                                                                                                                    • C:\Windows\system32\WerFault.exe
                                                                                                                                      C:\Windows\system32\WerFault.exe -u -p 2196 -s 5948
                                                                                                                                      2⤵
                                                                                                                                      • Program crash
                                                                                                                                      PID:2072
                                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                    1⤵
                                                                                                                                      PID:3004
                                                                                                                                    • C:\Windows\system32\WerFault.exe
                                                                                                                                      C:\Windows\system32\WerFault.exe -pss -s 404 -p 2196 -ip 2196
                                                                                                                                      1⤵
                                                                                                                                        PID:652
                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                        explorer.exe
                                                                                                                                        1⤵
                                                                                                                                          PID:3108
                                                                                                                                          • C:\Windows\system32\WerFault.exe
                                                                                                                                            C:\Windows\system32\WerFault.exe -u -p 3108 -s 5900
                                                                                                                                            2⤵
                                                                                                                                            • Program crash
                                                                                                                                            PID:1792
                                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                          1⤵
                                                                                                                                            PID:4028
                                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                            1⤵
                                                                                                                                              PID:3580
                                                                                                                                              • C:\Windows\system32\WerFault.exe
                                                                                                                                                C:\Windows\system32\WerFault.exe -u -p 3580 -s 3532
                                                                                                                                                2⤵
                                                                                                                                                • Program crash
                                                                                                                                                PID:3192
                                                                                                                                            • C:\Windows\system32\WerFault.exe
                                                                                                                                              C:\Windows\system32\WerFault.exe -pss -s 572 -p 3580 -ip 3580
                                                                                                                                              1⤵
                                                                                                                                                PID:924
                                                                                                                                              • C:\Windows\system32\WerFault.exe
                                                                                                                                                C:\Windows\system32\WerFault.exe -pss -s 412 -p 3108 -ip 3108
                                                                                                                                                1⤵
                                                                                                                                                  PID:3576
                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                  explorer.exe
                                                                                                                                                  1⤵
                                                                                                                                                    PID:1436
                                                                                                                                                    • C:\Windows\system32\WerFault.exe
                                                                                                                                                      C:\Windows\system32\WerFault.exe -u -p 1436 -s 6100
                                                                                                                                                      2⤵
                                                                                                                                                      • Program crash
                                                                                                                                                      PID:2304
                                                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                    1⤵
                                                                                                                                                      PID:4760
                                                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                                      1⤵
                                                                                                                                                        PID:3736
                                                                                                                                                        • C:\Windows\system32\WerFault.exe
                                                                                                                                                          C:\Windows\system32\WerFault.exe -u -p 3736 -s 3616
                                                                                                                                                          2⤵
                                                                                                                                                          • Program crash
                                                                                                                                                          PID:4548
                                                                                                                                                      • C:\Windows\system32\WerFault.exe
                                                                                                                                                        C:\Windows\system32\WerFault.exe -pss -s 520 -p 3736 -ip 3736
                                                                                                                                                        1⤵
                                                                                                                                                          PID:3560
                                                                                                                                                        • C:\Windows\system32\WerFault.exe
                                                                                                                                                          C:\Windows\system32\WerFault.exe -pss -s 580 -p 1436 -ip 1436
                                                                                                                                                          1⤵
                                                                                                                                                            PID:3296
                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                            explorer.exe
                                                                                                                                                            1⤵
                                                                                                                                                              PID:1744
                                                                                                                                                              • C:\Windows\system32\WerFault.exe
                                                                                                                                                                C:\Windows\system32\WerFault.exe -u -p 1744 -s 6016
                                                                                                                                                                2⤵
                                                                                                                                                                • Program crash
                                                                                                                                                                PID:1928
                                                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                              1⤵
                                                                                                                                                                PID:1132
                                                                                                                                                              • C:\Windows\system32\WerFault.exe
                                                                                                                                                                C:\Windows\system32\WerFault.exe -pss -s 384 -p 1744 -ip 1744
                                                                                                                                                                1⤵
                                                                                                                                                                  PID:3360
                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                  explorer.exe
                                                                                                                                                                  1⤵
                                                                                                                                                                    PID:4804
                                                                                                                                                                    • C:\Windows\system32\WerFault.exe
                                                                                                                                                                      C:\Windows\system32\WerFault.exe -u -p 4804 -s 5920
                                                                                                                                                                      2⤵
                                                                                                                                                                      • Program crash
                                                                                                                                                                      PID:884
                                                                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                    1⤵
                                                                                                                                                                      PID:4960
                                                                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                                                      1⤵
                                                                                                                                                                        PID:3916
                                                                                                                                                                        • C:\Windows\system32\WerFault.exe
                                                                                                                                                                          C:\Windows\system32\WerFault.exe -u -p 3916 -s 3580
                                                                                                                                                                          2⤵
                                                                                                                                                                          • Program crash
                                                                                                                                                                          PID:2784
                                                                                                                                                                      • C:\Windows\system32\WerFault.exe
                                                                                                                                                                        C:\Windows\system32\WerFault.exe -pss -s 572 -p 3916 -ip 3916
                                                                                                                                                                        1⤵
                                                                                                                                                                          PID:4628
                                                                                                                                                                        • C:\Windows\system32\WerFault.exe
                                                                                                                                                                          C:\Windows\system32\WerFault.exe -pss -s 572 -p 4804 -ip 4804
                                                                                                                                                                          1⤵
                                                                                                                                                                            PID:2284
                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                            explorer.exe
                                                                                                                                                                            1⤵
                                                                                                                                                                              PID:3628
                                                                                                                                                                              • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                C:\Windows\system32\WerFault.exe -u -p 3628 -s 6024
                                                                                                                                                                                2⤵
                                                                                                                                                                                • Program crash
                                                                                                                                                                                PID:3260
                                                                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                              1⤵
                                                                                                                                                                                PID:1624
                                                                                                                                                                              • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                C:\Windows\system32\WerFault.exe -pss -s 560 -p 3628 -ip 3628
                                                                                                                                                                                1⤵
                                                                                                                                                                                  PID:4876
                                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                                  explorer.exe
                                                                                                                                                                                  1⤵
                                                                                                                                                                                    PID:3028
                                                                                                                                                                                    • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                      C:\Windows\system32\WerFault.exe -u -p 3028 -s 7356
                                                                                                                                                                                      2⤵
                                                                                                                                                                                      • Program crash
                                                                                                                                                                                      PID:3636
                                                                                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                                    1⤵
                                                                                                                                                                                      PID:352
                                                                                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                                                                      1⤵
                                                                                                                                                                                        PID:1544
                                                                                                                                                                                        • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                          C:\Windows\system32\WerFault.exe -u -p 1544 -s 3588
                                                                                                                                                                                          2⤵
                                                                                                                                                                                          • Program crash
                                                                                                                                                                                          PID:4864
                                                                                                                                                                                      • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                        C:\Windows\system32\WerFault.exe -pss -s 544 -p 1544 -ip 1544
                                                                                                                                                                                        1⤵
                                                                                                                                                                                          PID:3728
                                                                                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                                                                          1⤵
                                                                                                                                                                                            PID:4032
                                                                                                                                                                                            • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                              C:\Windows\system32\WerFault.exe -u -p 4032 -s 3952
                                                                                                                                                                                              2⤵
                                                                                                                                                                                              • Program crash
                                                                                                                                                                                              PID:5004
                                                                                                                                                                                          • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                            C:\Windows\system32\WerFault.exe -pss -s 576 -p 3028 -ip 3028
                                                                                                                                                                                            1⤵
                                                                                                                                                                                              PID:3396
                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                              explorer.exe
                                                                                                                                                                                              1⤵
                                                                                                                                                                                                PID:3928
                                                                                                                                                                                                • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                                  C:\Windows\system32\WerFault.exe -u -p 3928 -s 6020
                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                  • Program crash
                                                                                                                                                                                                  PID:3044
                                                                                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                                                1⤵
                                                                                                                                                                                                  PID:3792
                                                                                                                                                                                                • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                                  C:\Windows\system32\WerFault.exe -pss -s 408 -p 3928 -ip 3928
                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                    PID:2572
                                                                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                                                                    explorer.exe
                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                      PID:4396
                                                                                                                                                                                                      • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                                        C:\Windows\system32\WerFault.exe -u -p 4396 -s 3640
                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                        • Program crash
                                                                                                                                                                                                        PID:456
                                                                                                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                        PID:4940
                                                                                                                                                                                                      • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                                        C:\Windows\system32\WerFault.exe -pss -s 448 -p 4032 -ip 4032
                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                          PID:4232
                                                                                                                                                                                                        • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                                          C:\Windows\system32\WerFault.exe -pss -s 440 -p 4396 -ip 4396
                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                            PID:1492
                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                            explorer.exe
                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                              PID:2572
                                                                                                                                                                                                              • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                                                C:\Windows\system32\WerFault.exe -u -p 2572 -s 6072
                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                • Program crash
                                                                                                                                                                                                                PID:2140
                                                                                                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                PID:744
                                                                                                                                                                                                              • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                                                C:\Windows\system32\WerFault.exe -pss -s 412 -p 2572 -ip 2572
                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                  PID:556
                                                                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                                                                  explorer.exe
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                    PID:1160
                                                                                                                                                                                                                    • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                                                      C:\Windows\system32\WerFault.exe -u -p 1160 -s 5792
                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                      • Program crash
                                                                                                                                                                                                                      PID:1156
                                                                                                                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                      PID:3768
                                                                                                                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                        PID:4756
                                                                                                                                                                                                                        • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                                                          C:\Windows\system32\WerFault.exe -u -p 4756 -s 3524
                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                          • Program crash
                                                                                                                                                                                                                          PID:1816
                                                                                                                                                                                                                      • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                                                        C:\Windows\system32\WerFault.exe -pss -s 412 -p 4756 -ip 4756
                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                          PID:4288
                                                                                                                                                                                                                        • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                                                          C:\Windows\system32\WerFault.exe -pss -s 448 -p 1160 -ip 1160
                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                            PID:4128
                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                            explorer.exe
                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                              PID:2484
                                                                                                                                                                                                                              • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                                                                C:\Windows\system32\WerFault.exe -u -p 2484 -s 5780
                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                • Program crash
                                                                                                                                                                                                                                PID:1816
                                                                                                                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                PID:1252
                                                                                                                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                  PID:3800
                                                                                                                                                                                                                                  • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                                                                    C:\Windows\system32\WerFault.exe -u -p 3800 -s 3544
                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                    • Program crash
                                                                                                                                                                                                                                    PID:3732
                                                                                                                                                                                                                                • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                                                                  C:\Windows\system32\WerFault.exe -pss -s 592 -p 3800 -ip 3800
                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                    PID:3228
                                                                                                                                                                                                                                  • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                                                                    C:\Windows\system32\WerFault.exe -pss -s 540 -p 2484 -ip 2484
                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                      PID:4636

                                                                                                                                                                                                                                    Network

                                                                                                                                                                                                                                    • flag-us
                                                                                                                                                                                                                                      DNS
                                                                                                                                                                                                                                      158.240.127.40.in-addr.arpa
                                                                                                                                                                                                                                      Remote address:
                                                                                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                                                                                      Request
                                                                                                                                                                                                                                      158.240.127.40.in-addr.arpa
                                                                                                                                                                                                                                      IN PTR
                                                                                                                                                                                                                                      Response
                                                                                                                                                                                                                                    • flag-us
                                                                                                                                                                                                                                      DNS
                                                                                                                                                                                                                                      254.131.241.8.in-addr.arpa
                                                                                                                                                                                                                                      Remote address:
                                                                                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                                                                                      Request
                                                                                                                                                                                                                                      254.131.241.8.in-addr.arpa
                                                                                                                                                                                                                                      IN PTR
                                                                                                                                                                                                                                      Response
                                                                                                                                                                                                                                    • flag-us
                                                                                                                                                                                                                                      DNS
                                                                                                                                                                                                                                      14.160.190.20.in-addr.arpa
                                                                                                                                                                                                                                      Remote address:
                                                                                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                                                                                      Request
                                                                                                                                                                                                                                      14.160.190.20.in-addr.arpa
                                                                                                                                                                                                                                      IN PTR
                                                                                                                                                                                                                                      Response
                                                                                                                                                                                                                                    • flag-us
                                                                                                                                                                                                                                      DNS
                                                                                                                                                                                                                                      108.211.229.192.in-addr.arpa
                                                                                                                                                                                                                                      Remote address:
                                                                                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                                                                                      Request
                                                                                                                                                                                                                                      108.211.229.192.in-addr.arpa
                                                                                                                                                                                                                                      IN PTR
                                                                                                                                                                                                                                      Response
                                                                                                                                                                                                                                    • flag-us
                                                                                                                                                                                                                                      DNS
                                                                                                                                                                                                                                      208.194.73.20.in-addr.arpa
                                                                                                                                                                                                                                      Remote address:
                                                                                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                                                                                      Request
                                                                                                                                                                                                                                      208.194.73.20.in-addr.arpa
                                                                                                                                                                                                                                      IN PTR
                                                                                                                                                                                                                                      Response
                                                                                                                                                                                                                                    • flag-us
                                                                                                                                                                                                                                      DNS
                                                                                                                                                                                                                                      206.23.85.13.in-addr.arpa
                                                                                                                                                                                                                                      Remote address:
                                                                                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                                                                                      Request
                                                                                                                                                                                                                                      206.23.85.13.in-addr.arpa
                                                                                                                                                                                                                                      IN PTR
                                                                                                                                                                                                                                      Response
                                                                                                                                                                                                                                    • flag-us
                                                                                                                                                                                                                                      DNS
                                                                                                                                                                                                                                      8.3.197.209.in-addr.arpa
                                                                                                                                                                                                                                      Remote address:
                                                                                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                                                                                      Request
                                                                                                                                                                                                                                      8.3.197.209.in-addr.arpa
                                                                                                                                                                                                                                      IN PTR
                                                                                                                                                                                                                                      Response
                                                                                                                                                                                                                                      8.3.197.209.in-addr.arpa
                                                                                                                                                                                                                                      IN PTR
                                                                                                                                                                                                                                      vip0x008map2sslhwcdnnet
                                                                                                                                                                                                                                    • flag-us
                                                                                                                                                                                                                                      DNS
                                                                                                                                                                                                                                      73.254.224.20.in-addr.arpa
                                                                                                                                                                                                                                      Remote address:
                                                                                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                                                                                      Request
                                                                                                                                                                                                                                      73.254.224.20.in-addr.arpa
                                                                                                                                                                                                                                      IN PTR
                                                                                                                                                                                                                                      Response
                                                                                                                                                                                                                                    • flag-us
                                                                                                                                                                                                                                      DNS
                                                                                                                                                                                                                                      226.162.46.104.in-addr.arpa
                                                                                                                                                                                                                                      Remote address:
                                                                                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                                                                                      Request
                                                                                                                                                                                                                                      226.162.46.104.in-addr.arpa
                                                                                                                                                                                                                                      IN PTR
                                                                                                                                                                                                                                      Response
                                                                                                                                                                                                                                    • 10.127.0.222:7799
                                                                                                                                                                                                                                      f7bb35dc4fbeba4d17e509393ad4131f_mafia_JC.exe
                                                                                                                                                                                                                                    • 10.127.0.222:6217
                                                                                                                                                                                                                                      f7bb35dc4fbeba4d17e509393ad4131f_mafia_JC.exe
                                                                                                                                                                                                                                    • 10.127.0.222:25871
                                                                                                                                                                                                                                      f7bb35dc4fbeba4d17e509393ad4131f_mafia_JC.exe
                                                                                                                                                                                                                                    • 10.127.0.222:7799
                                                                                                                                                                                                                                      f7bb35dc4fbeba4d17e509393ad4131f_mafia_JC.exe
                                                                                                                                                                                                                                    • 10.127.0.222:6217
                                                                                                                                                                                                                                      f7bb35dc4fbeba4d17e509393ad4131f_mafia_JC.exe
                                                                                                                                                                                                                                    • 10.127.0.222:25871
                                                                                                                                                                                                                                      f7bb35dc4fbeba4d17e509393ad4131f_mafia_JC.exe
                                                                                                                                                                                                                                    • 10.127.0.222:7799
                                                                                                                                                                                                                                      f7bb35dc4fbeba4d17e509393ad4131f_mafia_JC.exe
                                                                                                                                                                                                                                    • 10.127.0.222:6217
                                                                                                                                                                                                                                      f7bb35dc4fbeba4d17e509393ad4131f_mafia_JC.exe
                                                                                                                                                                                                                                    • 10.127.0.222:25871
                                                                                                                                                                                                                                      f7bb35dc4fbeba4d17e509393ad4131f_mafia_JC.exe
                                                                                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                                                                                      158.240.127.40.in-addr.arpa
                                                                                                                                                                                                                                      dns
                                                                                                                                                                                                                                      73 B
                                                                                                                                                                                                                                      147 B
                                                                                                                                                                                                                                      1
                                                                                                                                                                                                                                      1

                                                                                                                                                                                                                                      DNS Request

                                                                                                                                                                                                                                      158.240.127.40.in-addr.arpa

                                                                                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                                                                                      254.131.241.8.in-addr.arpa
                                                                                                                                                                                                                                      dns
                                                                                                                                                                                                                                      72 B
                                                                                                                                                                                                                                      126 B
                                                                                                                                                                                                                                      1
                                                                                                                                                                                                                                      1

                                                                                                                                                                                                                                      DNS Request

                                                                                                                                                                                                                                      254.131.241.8.in-addr.arpa

                                                                                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                                                                                      14.160.190.20.in-addr.arpa
                                                                                                                                                                                                                                      dns
                                                                                                                                                                                                                                      72 B
                                                                                                                                                                                                                                      158 B
                                                                                                                                                                                                                                      1
                                                                                                                                                                                                                                      1

                                                                                                                                                                                                                                      DNS Request

                                                                                                                                                                                                                                      14.160.190.20.in-addr.arpa

                                                                                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                                                                                      108.211.229.192.in-addr.arpa
                                                                                                                                                                                                                                      dns
                                                                                                                                                                                                                                      74 B
                                                                                                                                                                                                                                      145 B
                                                                                                                                                                                                                                      1
                                                                                                                                                                                                                                      1

                                                                                                                                                                                                                                      DNS Request

                                                                                                                                                                                                                                      108.211.229.192.in-addr.arpa

                                                                                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                                                                                      208.194.73.20.in-addr.arpa
                                                                                                                                                                                                                                      dns
                                                                                                                                                                                                                                      72 B
                                                                                                                                                                                                                                      158 B
                                                                                                                                                                                                                                      1
                                                                                                                                                                                                                                      1

                                                                                                                                                                                                                                      DNS Request

                                                                                                                                                                                                                                      208.194.73.20.in-addr.arpa

                                                                                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                                                                                      206.23.85.13.in-addr.arpa
                                                                                                                                                                                                                                      dns
                                                                                                                                                                                                                                      71 B
                                                                                                                                                                                                                                      145 B
                                                                                                                                                                                                                                      1
                                                                                                                                                                                                                                      1

                                                                                                                                                                                                                                      DNS Request

                                                                                                                                                                                                                                      206.23.85.13.in-addr.arpa

                                                                                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                                                                                      8.3.197.209.in-addr.arpa
                                                                                                                                                                                                                                      dns
                                                                                                                                                                                                                                      70 B
                                                                                                                                                                                                                                      111 B
                                                                                                                                                                                                                                      1
                                                                                                                                                                                                                                      1

                                                                                                                                                                                                                                      DNS Request

                                                                                                                                                                                                                                      8.3.197.209.in-addr.arpa

                                                                                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                                                                                      73.254.224.20.in-addr.arpa
                                                                                                                                                                                                                                      dns
                                                                                                                                                                                                                                      72 B
                                                                                                                                                                                                                                      158 B
                                                                                                                                                                                                                                      1
                                                                                                                                                                                                                                      1

                                                                                                                                                                                                                                      DNS Request

                                                                                                                                                                                                                                      73.254.224.20.in-addr.arpa

                                                                                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                                                                                      226.162.46.104.in-addr.arpa
                                                                                                                                                                                                                                      dns
                                                                                                                                                                                                                                      73 B
                                                                                                                                                                                                                                      147 B
                                                                                                                                                                                                                                      1
                                                                                                                                                                                                                                      1

                                                                                                                                                                                                                                      DNS Request

                                                                                                                                                                                                                                      226.162.46.104.in-addr.arpa

                                                                                                                                                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                    Replay Monitor

                                                                                                                                                                                                                                    Loading Replay Monitor...

                                                                                                                                                                                                                                    Downloads

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      a8aa1c60d38c789a67a56dbc3d648f65

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      7e599999f77cff90f3d310d98ba64617ff7bc94b

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      5439433c8562a4ccaa0f46bff247912e496dbcaee4a90e760320c321c067304b

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      9466d8644bb11ad63942ffd43ee1b72241379a48b82e083960f627f32cf40943d209c5744e2eec810147547f853b6d678d88fceffffb74340ea2a9e19568d2f3

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      404B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      19a893a517349ae49ae401275159935f

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      1d7609dd94d13c07afd21f5d0e0f37a5bc1daa0a

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      386c11a2912733f43f4d38184beecac7ce97e61b457ebdffcc2b6eea20ac4b59

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      31769d87f58b310e5d5c511e6c31dd0eb613978fb66ad3a7f841829c548bb2e1dd9e408dd2ab89bca28794812d98bab69f3343b654a521bcd2652e7bb45e5c0f

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\S331LB7M\microsoft.windows[1].xml

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      97B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      402e0c5b12db3a5ffb0bece9995d459b

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      6272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      5caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{0A6AC72E-ED8C-C16F-38B6-05831557CF24}

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      36KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      8aaad0f4eb7d3c65f81c6e6b496ba889

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      231237a501b9433c292991e4ec200b25c1589050

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\S331LB7M\microsoft.windows[1].xml

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      97B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      402e0c5b12db3a5ffb0bece9995d459b

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      6272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      5caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\S331LB7M\microsoft.windows[1].xml

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      97B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      402e0c5b12db3a5ffb0bece9995d459b

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      6272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      5caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\S331LB7M\microsoft.windows[1].xml

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      97B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      402e0c5b12db3a5ffb0bece9995d459b

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      6272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      5caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\S331LB7M\microsoft.windows[1].xml

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      97B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      402e0c5b12db3a5ffb0bece9995d459b

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      6272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      5caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\S331LB7M\microsoft.windows[1].xml

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      97B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      402e0c5b12db3a5ffb0bece9995d459b

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      6272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      5caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\S331LB7M\microsoft.windows[1].xml

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      97B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      402e0c5b12db3a5ffb0bece9995d459b

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      6272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      5caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\S331LB7M\microsoft.windows[1].xml

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      97B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      402e0c5b12db3a5ffb0bece9995d459b

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      6272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      5caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\S331LB7M\microsoft.windows[1].xml

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      97B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      402e0c5b12db3a5ffb0bece9995d459b

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      6272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      5caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\S331LB7M\microsoft.windows[1].xml

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      97B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      402e0c5b12db3a5ffb0bece9995d459b

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      6272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      5caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\S331LB7M\microsoft.windows[1].xml

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      97B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      402e0c5b12db3a5ffb0bece9995d459b

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      6272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      5caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\S331LB7M\microsoft.windows[1].xml

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      97B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      402e0c5b12db3a5ffb0bece9995d459b

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      6272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      5caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\S331LB7M\microsoft.windows[1].xml

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      97B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      402e0c5b12db3a5ffb0bece9995d459b

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      6272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      5caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\S331LB7M\microsoft.windows[1].xml

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      97B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      402e0c5b12db3a5ffb0bece9995d459b

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      6272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      5caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\S331LB7M\microsoft.windows[1].xml

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      97B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      402e0c5b12db3a5ffb0bece9995d459b

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      6272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      5caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\S331LB7M\microsoft.windows[1].xml

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      97B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      402e0c5b12db3a5ffb0bece9995d459b

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      6272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      5caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\S331LB7M\microsoft.windows[1].xml

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      97B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      402e0c5b12db3a5ffb0bece9995d459b

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      6272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      5caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2

                                                                                                                                                                                                                                    • memory/740-358-0x000001F34F960000-0x000001F34F980000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/740-362-0x000001F34FD30000-0x000001F34FD50000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/740-360-0x000001F34F920000-0x000001F34F940000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/872-350-0x00000000035F0000-0x00000000035F1000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                    • memory/1100-147-0x000001F078BA0000-0x000001F078BC0000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/1100-151-0x000001F078F70000-0x000001F078F90000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/1100-149-0x000001F078B60000-0x000001F078B80000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/1360-406-0x000001DEA7C80000-0x000001DEA7CA0000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/1360-410-0x000001DEA8050000-0x000001DEA8070000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/1360-408-0x000001DEA7C40000-0x000001DEA7C60000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/1436-445-0x0000000004180000-0x0000000004181000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                    • memory/1544-501-0x000001351AC00000-0x000001351AC20000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/1780-268-0x000002039B5B0000-0x000002039B5D0000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/1780-266-0x000002039AFA0000-0x000002039AFC0000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/1780-264-0x000002039AFE0000-0x000002039B000000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/1816-393-0x0000000003EA0000-0x0000000003EA1000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                    • memory/1868-314-0x0000023C627B0000-0x0000023C627D0000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/1868-312-0x0000023C627F0000-0x0000023C62810000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/1868-316-0x0000023C62BC0000-0x0000023C62BE0000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/2272-221-0x0000019EB7E20000-0x0000019EB7E40000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/2272-218-0x0000019EB7A20000-0x0000019EB7A40000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/2272-216-0x0000019EB7A60000-0x0000019EB7A80000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/2324-140-0x00000000028B0000-0x00000000028B1000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                    • memory/2824-256-0x0000000004400000-0x0000000004401000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                    • memory/3028-493-0x0000000004DD0000-0x0000000004DD1000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                    • memory/3092-373-0x0000000004670000-0x0000000004671000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                    • memory/3108-422-0x0000000004EB0000-0x0000000004EB1000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                    • memory/3196-244-0x000001D41DBF0000-0x000001D41DC10000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/3196-242-0x000001D41D5E0000-0x000001D41D600000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/3196-240-0x000001D41D820000-0x000001D41D840000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/3356-305-0x0000000002AA0000-0x0000000002AA1000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                    • memory/3580-432-0x0000026A2FD90000-0x0000026A2FDB0000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/3580-434-0x0000026A301A0000-0x0000026A301C0000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/3580-430-0x0000026A2FDD0000-0x0000026A2FDF0000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/3588-328-0x00000000012E0000-0x00000000012E1000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                    • memory/3596-383-0x0000024EC95A0000-0x0000024EC95C0000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/3596-384-0x0000024EC99B0000-0x0000024EC99D0000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/3596-381-0x0000024EC95E0000-0x0000024EC9600000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/3736-453-0x0000017B6C1F0000-0x0000017B6C210000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/3736-455-0x0000017B6C1B0000-0x0000017B6C1D0000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/3736-458-0x0000017B6C5C0000-0x0000017B6C5E0000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/3896-398-0x0000000003380000-0x0000000003381000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                    • memory/3916-481-0x0000022F9D090000-0x0000022F9D0B0000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/3916-479-0x0000022F9CC80000-0x0000022F9CCA0000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/3916-477-0x0000022F9CCC0000-0x0000022F9CCE0000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/3932-208-0x0000000004D10000-0x0000000004D11000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                    • memory/3980-335-0x000001EE16C90000-0x000001EE16CB0000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/3980-337-0x000001EE16C50000-0x000001EE16C70000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/3980-339-0x000001EE17060000-0x000001EE17080000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/3984-281-0x0000000002D70000-0x0000000002D71000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                    • memory/4064-186-0x0000000004340000-0x0000000004341000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                    • memory/4224-195-0x00000255405A0000-0x00000255405C0000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/4224-193-0x00000255405E0000-0x0000025540600000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/4224-197-0x00000255409B0000-0x00000255409D0000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/4316-395-0x0000021FF7940000-0x0000021FF7948000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      32KB

                                                                                                                                                                                                                                    • memory/4416-292-0x0000029E312F0000-0x0000029E31310000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/4416-289-0x0000029E31330000-0x0000029E31350000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/4416-294-0x0000029E31900000-0x0000029E31920000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/4516-232-0x0000000002A50000-0x0000000002A51000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                    • memory/4548-174-0x000002045E390000-0x000002045E3B0000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/4548-172-0x000002045DF80000-0x000002045DFA0000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/4548-170-0x000002045DFC0000-0x000002045DFE0000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                    • memory/4760-162-0x0000000003480000-0x0000000003481000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                    • memory/4804-470-0x00000000033C0000-0x00000000033C1000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                    We care about your privacy.

                                                                                                                                                                                                                                    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.