Analysis Overview
SHA256
5b4ffabdfe52aed83368f5a19dcb8975fbe98bcf7ec0764259d63a7a592b2c26
Threat Level: Shows suspicious behavior
The file e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Adds Run key to start application
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 23:09
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 23:09
Reported
2024-04-07 23:12
Platform
win7-20240221-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe" | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\WinRAR.v.3.2.and.key.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\Winamp 5.0 (en) Crack.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\VC\index.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\WinRAR.v.3.2.and.key.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\index.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\Kazaa Lite.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Filters\Harry Potter.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\Winamp 5.0 (en).com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\Winamp 5.0 (en) Crack.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\Kazaa Lite.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\index.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Kazaa Lite.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\WinRAR.v.3.2.and.key.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\Winamp 5.0 (en).ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\WinRAR.v.3.2.and.key.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\Winamp 5.0 (en).com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\WinRAR.v.3.2.and.key.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\Winamp 5.0 (en) Crack.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\Kazaa Lite.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\index.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\Harry Potter.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\index.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\WinRAR.v.3.2.and.key.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\Kazaa Lite.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\Kazaa Lite.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\Kazaa Lite.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\Harry Potter.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\WinRAR.v.3.2.and.key.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\Winamp 5.0 (en).ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\WinRAR.v.3.2.and.key.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Winamp 5.0 (en).exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\index.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\Winamp 5.0 (en) Crack.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\Harry Potter.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\Kazaa Lite.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\index.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\Harry Potter.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\Winamp 5.0 (en).ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\Harry Potter.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\Winamp 5.0 (en) Crack.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\Winamp 5.0 (en).exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Winamp 5.0 (en).com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\index.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\WinRAR.v.3.2.and.key.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Winamp 5.0 (en) Crack.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\MSInfo\index.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\VSTO\index.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\index.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\WinRAR.v.3.2.and.key.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\Harry Potter.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\Kazaa Lite.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\Harry Potter.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\TextConv\Winamp 5.0 (en) Crack.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\Winamp 5.0 (en).ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\Winamp 5.0 (en).exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\Winamp 5.0 (en).exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\Winamp 5.0 (en).ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\ICQ 4 Lite.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\index.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\WinRAR.v.3.2.and.key.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Stationery\Harry Potter.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\Kazaa Lite.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\index.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\Winamp 5.0 (en) Crack.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\lsass.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Windows\lsass.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.120.13.52:1042 | tcp | |
| BR | 201.0.37.9:1042 | tcp | |
| US | 65.206.91.75:1042 | tcp | |
| US | 16.150.46.88:1042 | tcp | |
| N/A | 192.168.0.48:1042 | tcp | |
| US | 16.100.226.183:1042 | tcp | |
| US | 160.205.42.115:1042 | tcp | |
| US | 8.8.8.8:53 | resources.jar | udp |
| US | 8.8.8.8:53 | resources.jar | udp |
| US | 8.8.8.8:53 | mx.resources.jar | udp |
| US | 8.8.8.8:53 | mail.resources.jar | udp |
| US | 8.8.8.8:53 | smtp.resources.jar | udp |
| N/A | 10.108.29.87:1042 | tcp |
Files
memory/2492-0-0x0000000000800000-0x000000000080D000-memory.dmp
memory/2492-3-0x0000000000800000-0x000000000080D000-memory.dmp
memory/2492-5-0x0000000000800000-0x000000000080D000-memory.dmp
memory/2492-7-0x0000000000800000-0x000000000080D000-memory.dmp
memory/2492-9-0x0000000000800000-0x000000000080D000-memory.dmp
memory/2492-11-0x0000000000800000-0x000000000080D000-memory.dmp
memory/2492-13-0x0000000000800000-0x000000000080D000-memory.dmp
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\WinRAR.v.3.2.and.key.exe
| MD5 | e612c957bc8460ec680f9c9fff834a1d |
| SHA1 | d41f2271fd9504a5145c1bd0759100ad823e36ac |
| SHA256 | 5b4ffabdfe52aed83368f5a19dcb8975fbe98bcf7ec0764259d63a7a592b2c26 |
| SHA512 | 941e71590ccc12f9ef90a2100496aa94b61d48d48519e187d52fd1d4c3d94d15a899d95d9dba46ce7e6730d968242c0c190735693f8d665b56be42cbc9b0458d |
memory/2492-93-0x0000000000800000-0x000000000080D000-memory.dmp
memory/2492-116-0x0000000000800000-0x000000000080D000-memory.dmp
memory/2492-125-0x0000000000800000-0x000000000080D000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 23:09
Reported
2024-04-07 23:12
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe" | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\Winamp 5.0 (en).com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\BIN\Winamp 5.0 (en).com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\OFFICE16\Winamp 5.0 (en) Crack.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\WinRAR.v.3.2.and.key.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\he-IL\ICQ 4 Lite.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\th-TH\WinRAR.v.3.2.and.key.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\1033\WinRAR.v.3.2.and.key.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\2478AE13-C82A-4D44-882B-D6DC71609612\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\Winamp 5.0 (en).com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Portal\1033\ICQ 4 Lite.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\ICQ 4 Lite.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\WinRAR.v.3.2.and.key.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\Winamp 5.0 (en).ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\Winamp 5.0 (en) Crack.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\FREN\index.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\index.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\hr-HR\Winamp 5.0 (en).com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\ICQ 4 Lite.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\Winamp 5.0 (en) Crack.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\ICQ 4 Lite.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\Harry Potter.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\index.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\Winamp 5.0 (en) Crack.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\index.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\VC\Winamp 5.0 (en) Crack.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\index.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\pt-BR\Winamp 5.0 (en).ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\2478AE13-C82A-4D44-882B-D6DC71609612\root\Kazaa Lite.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\Harry Potter.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\Winamp 5.0 (en).ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\Winamp 5.0 (en).exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Kazaa Lite.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\Harry Potter.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\ICQ 4 Lite.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\2478AE13-C82A-4D44-882B-D6DC71609612\root\vfs\Windows\assembly\GAC_MSIL\Winamp 5.0 (en).com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\Winamp 5.0 (en) Crack.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\Kazaa Lite.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\Winamp 5.0 (en).ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Kazaa Lite.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\en-us\Harry Potter.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\Winamp 5.0 (en) Crack.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Cultures\Winamp 5.0 (en).ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\WinRAR.v.3.2.and.key.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\de-DE\ICQ 4 Lite.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\ICQ 4 Lite.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\TextConv\en-US\Kazaa Lite.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\ICQ 4 Lite.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\2478AE13-C82A-4D44-882B-D6DC71609612\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\13.0.0.0__89845DCD8080CC91\Winamp 5.0 (en) Crack.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\it-IT\Harry Potter.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\Winamp 5.0 (en) Crack.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\TextConv\Winamp 5.0 (en).ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENES\Winamp 5.0 (en).exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\Kazaa Lite.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\Winamp 5.0 (en).ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\Kazaa Lite.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\WinRAR.v.3.2.and.key.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\Winamp 5.0 (en) Crack.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\VSTO\WinRAR.v.3.2.and.key.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\WinRAR.v.3.2.and.key.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\Winamp 5.0 (en).ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\Winamp 5.0 (en) Crack.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\fi-FI\index.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\WinRAR.v.3.2.and.key.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\ru-RU\Winamp 5.0 (en) Crack.com | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\WinRAR.v.3.2.and.key.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\lsass.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
| File created | C:\Windows\lsass.exe | C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e612c957bc8460ec680f9c9fff834a1d_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 15.255.159.226:1042 | tcp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 131.95.245.13:1042 | tcp | |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.118.77.104.in-addr.arpa | udp |
| US | 209.86.241.160:1042 | tcp | |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 167.194.128.212:1042 | tcp | |
| US | 8.8.8.8:53 | resources.jar | udp |
| US | 8.8.8.8:53 | resources.jar | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | nocorp.me | udp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| US | 52.101.42.15:25 | outlook-com.olc.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | in1-smtp.messagingengine.com | udp |
| US | 103.168.172.221:25 | in1-smtp.messagingengine.com | tcp |
| US | 15.244.195.44:1042 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.11.9:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 52.96.223.2:25 | outlook.com | tcp |
| US | 8.8.8.8:53 | in2-smtp.messagingengine.com | udp |
| US | 64.147.123.52:25 | in2-smtp.messagingengine.com | tcp |
| US | 8.8.8.8:53 | mozilla.org.xpi | udp |
| US | 8.8.8.8:53 | mozilla.org.xpi | udp |
| US | 8.8.8.8:53 | mozilla.org.xpi | udp |
| US | 8.8.8.8:53 | mozilla.org.xpi | udp |
| US | 8.8.8.8:53 | mozilla.org.xpi | udp |
| US | 8.8.8.8:53 | mozilla.org.xpi | udp |
| US | 8.8.8.8:53 | mx.mozilla.org.xpi | udp |
| US | 8.8.8.8:53 | mail.mozilla.org.xpi | udp |
| US | 8.8.8.8:53 | smtp.mozilla.org.xpi | udp |
| US | 156.153.255.242:1042 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 75.2.70.75:25 | alumni.caltech.edu | tcp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 8.8.8.8:53 | mx.outlook.com | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mail.outlook.com | udp |
| US | 8.8.8.8:53 | smtp.outlook.com | udp |
| US | 8.8.8.8:53 | nocorp.me | udp |
| GB | 52.97.211.162:25 | smtp.outlook.com | tcp |
| US | 8.8.8.8:53 | mx.nocorp.me | udp |
| US | 8.8.8.8:53 | mail.nocorp.me | udp |
| US | 8.8.8.8:53 | smtp.nocorp.me | udp |
| US | 138.209.14.46:1042 | tcp | |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 12.166.196.8:1042 | tcp | |
| US | 8.8.8.8:53 | smtp.gzip.org | udp |
Files
memory/1852-0-0x0000000000800000-0x000000000080D000-memory.dmp
memory/1852-3-0x0000000000800000-0x000000000080D000-memory.dmp
memory/1852-5-0x0000000000800000-0x000000000080D000-memory.dmp
memory/1852-7-0x0000000000800000-0x000000000080D000-memory.dmp
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\index.ShareReactor.com
| MD5 | e612c957bc8460ec680f9c9fff834a1d |
| SHA1 | d41f2271fd9504a5145c1bd0759100ad823e36ac |
| SHA256 | 5b4ffabdfe52aed83368f5a19dcb8975fbe98bcf7ec0764259d63a7a592b2c26 |
| SHA512 | 941e71590ccc12f9ef90a2100496aa94b61d48d48519e187d52fd1d4c3d94d15a899d95d9dba46ce7e6730d968242c0c190735693f8d665b56be42cbc9b0458d |
memory/1852-69-0x0000000000800000-0x000000000080D000-memory.dmp
memory/1852-118-0x0000000000800000-0x000000000080D000-memory.dmp
memory/1852-119-0x0000000000800000-0x000000000080D000-memory.dmp
memory/1852-194-0x0000000000800000-0x000000000080D000-memory.dmp
memory/1852-253-0x0000000000800000-0x000000000080D000-memory.dmp
memory/1852-272-0x0000000000800000-0x000000000080D000-memory.dmp
memory/1852-276-0x0000000000800000-0x000000000080D000-memory.dmp