Analysis Overview
SHA256
eebf205aee00f0e41d9880358b55bb605964c6ca6265e24c6d5e8beaf260e818
Threat Level: Known bad
The file 040aa26e340fc21f5592418762f93c78_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
MetaSploit
Loads dropped DLL
Executes dropped EXE
UPX packed file
Suspicious use of SetThreadContext
Drops file in System32 directory
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-22 22:03
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-22 22:03
Reported
2024-06-22 22:06
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
MetaSploit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File created | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File created | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File created | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File created | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File created | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\globalpatch.exe | C:\Users\Admin\AppData\Local\Temp\040aa26e340fc21f5592418762f93c78_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File created | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File created | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File created | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File created | C:\Windows\SysWOW64\globalpatch.exe | C:\Users\Admin\AppData\Local\Temp\040aa26e340fc21f5592418762f93c78_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File created | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
Suspicious use of SetThreadContext
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\040aa26e340fc21f5592418762f93c78_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\040aa26e340fc21f5592418762f93c78_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\040aa26e340fc21f5592418762f93c78_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\040aa26e340fc21f5592418762f93c78_JaffaCakes118.exe"
C:\Windows\SysWOW64\globalpatch.exe
C:\Windows\system32\globalpatch.exe 976 "C:\Users\Admin\AppData\Local\Temp\040aa26e340fc21f5592418762f93c78_JaffaCakes118.exe"
C:\Windows\SysWOW64\globalpatch.exe
976 "C:\Users\Admin\AppData\Local\Temp\040aa26e340fc21f5592418762f93c78_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4372,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=1428 /prefetch:8
C:\Windows\SysWOW64\globalpatch.exe
C:\Windows\system32\globalpatch.exe 1124 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
1124 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
C:\Windows\system32\globalpatch.exe 1092 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
1092 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
C:\Windows\system32\globalpatch.exe 1092 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
1092 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
C:\Windows\system32\globalpatch.exe 1092 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
1092 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
C:\Windows\system32\globalpatch.exe 1092 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
1092 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
C:\Windows\system32\globalpatch.exe 1092 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
1092 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
C:\Windows\system32\globalpatch.exe 1092 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
1092 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
C:\Windows\system32\globalpatch.exe 1092 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
1092 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
C:\Windows\system32\globalpatch.exe 1084 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
1084 "C:\Windows\SysWOW64\globalpatch.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
Files
memory/1376-0-0x0000000000400000-0x000000000044B000-memory.dmp
memory/4688-1-0x0000000000400000-0x0000000000481000-memory.dmp
memory/4688-3-0x0000000000400000-0x0000000000481000-memory.dmp
memory/4688-4-0x0000000000400000-0x0000000000481000-memory.dmp
memory/1376-2-0x0000000000400000-0x000000000044B000-memory.dmp
memory/4688-5-0x0000000000400000-0x0000000000481000-memory.dmp
C:\Windows\SysWOW64\globalpatch.exe
| MD5 | 040aa26e340fc21f5592418762f93c78 |
| SHA1 | 96589badd0c65357b28c135a11593307160d15be |
| SHA256 | eebf205aee00f0e41d9880358b55bb605964c6ca6265e24c6d5e8beaf260e818 |
| SHA512 | 849d5b6a98a560786bd1112b5523692b5bef697261c80dd202a3cb498ce81d4d3082f6cac851550bfc3d8483cc21e97ace376524d4b2a50f1e2a8234051834c7 |
memory/536-12-0x0000000000400000-0x000000000044B000-memory.dmp
memory/4688-13-0x0000000000400000-0x0000000000481000-memory.dmp
memory/1576-21-0x0000000000400000-0x0000000000481000-memory.dmp
memory/1576-18-0x0000000000400000-0x0000000000481000-memory.dmp
memory/1576-17-0x0000000000400000-0x0000000000481000-memory.dmp
memory/536-20-0x0000000000400000-0x000000000044B000-memory.dmp
memory/1576-22-0x0000000000400000-0x0000000000481000-memory.dmp
memory/3500-29-0x0000000000400000-0x0000000000481000-memory.dmp
memory/1736-31-0x0000000000400000-0x000000000044B000-memory.dmp
memory/3500-32-0x0000000000400000-0x0000000000481000-memory.dmp
memory/3500-28-0x0000000000400000-0x0000000000481000-memory.dmp
memory/3500-33-0x0000000000400000-0x0000000000481000-memory.dmp
memory/3280-41-0x0000000000400000-0x000000000044B000-memory.dmp
memory/4824-40-0x0000000000400000-0x0000000000481000-memory.dmp
memory/4824-42-0x0000000000400000-0x0000000000481000-memory.dmp
memory/4524-44-0x0000000000400000-0x000000000044B000-memory.dmp
memory/4524-51-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2012-49-0x0000000000400000-0x0000000000481000-memory.dmp
memory/2012-52-0x0000000000400000-0x0000000000481000-memory.dmp
memory/4900-54-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2292-59-0x0000000000400000-0x0000000000481000-memory.dmp
memory/4900-61-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2292-62-0x0000000000400000-0x0000000000481000-memory.dmp
memory/1004-64-0x0000000000400000-0x000000000044B000-memory.dmp
memory/1004-71-0x0000000000400000-0x000000000044B000-memory.dmp
memory/4812-70-0x0000000000400000-0x0000000000481000-memory.dmp
memory/4812-72-0x0000000000400000-0x0000000000481000-memory.dmp
memory/1256-78-0x0000000000400000-0x0000000000481000-memory.dmp
memory/2916-80-0x0000000000400000-0x000000000044B000-memory.dmp
memory/1256-81-0x0000000000400000-0x0000000000481000-memory.dmp
memory/4604-89-0x0000000000400000-0x000000000044B000-memory.dmp
memory/4528-88-0x0000000000400000-0x0000000000481000-memory.dmp
memory/4528-90-0x0000000000400000-0x0000000000481000-memory.dmp
memory/3776-92-0x0000000000400000-0x000000000044B000-memory.dmp
memory/4444-99-0x0000000000400000-0x0000000000481000-memory.dmp
memory/3776-98-0x0000000000400000-0x000000000044B000-memory.dmp
memory/4444-100-0x0000000000400000-0x0000000000481000-memory.dmp
memory/3684-108-0x0000000000400000-0x000000000044B000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-22 22:03
Reported
2024-06-22 22:06
Platform
win7-20240611-en
Max time kernel
139s
Max time network
125s
Command Line
Signatures
MetaSploit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\globalpatch.exe | N/A |
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File created | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File created | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File created | C:\Windows\SysWOW64\globalpatch.exe | C:\Users\Admin\AppData\Local\Temp\040aa26e340fc21f5592418762f93c78_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File created | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\globalpatch.exe | C:\Users\Admin\AppData\Local\Temp\040aa26e340fc21f5592418762f93c78_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File created | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File created | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
| File created | C:\Windows\SysWOW64\globalpatch.exe | C:\Windows\SysWOW64\globalpatch.exe | N/A |
Suspicious use of SetThreadContext
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\040aa26e340fc21f5592418762f93c78_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\040aa26e340fc21f5592418762f93c78_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\040aa26e340fc21f5592418762f93c78_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\040aa26e340fc21f5592418762f93c78_JaffaCakes118.exe"
C:\Windows\SysWOW64\globalpatch.exe
C:\Windows\system32\globalpatch.exe 476 "C:\Users\Admin\AppData\Local\Temp\040aa26e340fc21f5592418762f93c78_JaffaCakes118.exe"
C:\Windows\SysWOW64\globalpatch.exe
476 "C:\Users\Admin\AppData\Local\Temp\040aa26e340fc21f5592418762f93c78_JaffaCakes118.exe"
C:\Windows\SysWOW64\globalpatch.exe
C:\Windows\system32\globalpatch.exe 580 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
580 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
C:\Windows\system32\globalpatch.exe 580 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
580 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
C:\Windows\system32\globalpatch.exe 580 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
580 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
C:\Windows\system32\globalpatch.exe 580 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
580 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
C:\Windows\system32\globalpatch.exe 580 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
580 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
C:\Windows\system32\globalpatch.exe 580 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
580 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
C:\Windows\system32\globalpatch.exe 580 "C:\Windows\SysWOW64\globalpatch.exe"
C:\Windows\SysWOW64\globalpatch.exe
580 "C:\Windows\SysWOW64\globalpatch.exe"
Network
Files
memory/2152-0-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2152-1-0x00000000005C0000-0x000000000060B000-memory.dmp
memory/2376-5-0x0000000000400000-0x0000000000481000-memory.dmp
memory/2376-12-0x0000000000400000-0x0000000000481000-memory.dmp
memory/2152-16-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2376-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2376-8-0x0000000000400000-0x0000000000481000-memory.dmp
memory/2376-6-0x0000000000400000-0x0000000000481000-memory.dmp
memory/2376-2-0x0000000000400000-0x0000000000481000-memory.dmp
memory/2376-17-0x0000000000400000-0x0000000000481000-memory.dmp
memory/2376-14-0x0000000000400000-0x0000000000481000-memory.dmp
\Windows\SysWOW64\globalpatch.exe
| MD5 | 040aa26e340fc21f5592418762f93c78 |
| SHA1 | 96589badd0c65357b28c135a11593307160d15be |
| SHA256 | eebf205aee00f0e41d9880358b55bb605964c6ca6265e24c6d5e8beaf260e818 |
| SHA512 | 849d5b6a98a560786bd1112b5523692b5bef697261c80dd202a3cb498ce81d4d3082f6cac851550bfc3d8483cc21e97ace376524d4b2a50f1e2a8234051834c7 |
memory/2376-22-0x0000000002470000-0x00000000024BB000-memory.dmp
memory/2648-32-0x00000000002B0000-0x00000000002FB000-memory.dmp
memory/2648-29-0x00000000002B0000-0x00000000002FB000-memory.dmp
memory/2376-30-0x0000000000400000-0x0000000000481000-memory.dmp
memory/2648-35-0x0000000000390000-0x00000000003DB000-memory.dmp
memory/2648-60-0x0000000000400000-0x000000000044B000-memory.dmp
memory/1896-58-0x0000000000400000-0x0000000000481000-memory.dmp
memory/1896-57-0x0000000000230000-0x000000000027B000-memory.dmp
memory/1896-56-0x0000000000230000-0x000000000027B000-memory.dmp
memory/1896-55-0x0000000000230000-0x000000000027B000-memory.dmp
memory/1896-44-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/1896-54-0x0000000000400000-0x0000000000481000-memory.dmp
memory/1896-61-0x0000000000400000-0x0000000000481000-memory.dmp
memory/2296-68-0x00000000002C0000-0x000000000030B000-memory.dmp
memory/1896-67-0x0000000000230000-0x000000000027B000-memory.dmp
memory/1896-71-0x0000000000230000-0x000000000023D000-memory.dmp
memory/2296-87-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2296-73-0x0000000000330000-0x000000000037B000-memory.dmp
memory/680-93-0x0000000000400000-0x0000000000481000-memory.dmp
memory/1532-123-0x0000000000400000-0x000000000044B000-memory.dmp
memory/976-122-0x00000000001C0000-0x000000000020B000-memory.dmp
memory/976-121-0x00000000001C0000-0x000000000020B000-memory.dmp
memory/1532-102-0x0000000000350000-0x000000000039B000-memory.dmp
memory/976-126-0x0000000001F30000-0x0000000001F7B000-memory.dmp
memory/1736-132-0x0000000000230000-0x000000000027B000-memory.dmp
memory/976-131-0x00000000001C0000-0x000000000020B000-memory.dmp
memory/1736-136-0x0000000000320000-0x000000000036B000-memory.dmp
memory/1736-155-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2632-157-0x0000000000880000-0x00000000008CB000-memory.dmp
memory/2632-156-0x0000000000880000-0x00000000008CB000-memory.dmp
memory/2632-160-0x0000000001F80000-0x0000000001FCB000-memory.dmp
memory/704-165-0x00000000001C0000-0x000000000020B000-memory.dmp
memory/1976-186-0x0000000000230000-0x000000000027B000-memory.dmp
memory/1976-187-0x0000000000230000-0x000000000027B000-memory.dmp
memory/704-189-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2380-198-0x00000000002D0000-0x000000000031B000-memory.dmp
memory/2380-197-0x00000000002D0000-0x000000000031B000-memory.dmp
memory/2380-196-0x00000000002D0000-0x000000000031B000-memory.dmp
memory/2380-202-0x0000000000380000-0x00000000003CB000-memory.dmp
memory/1224-222-0x00000000002B0000-0x00000000002FB000-memory.dmp
memory/2380-216-0x0000000000400000-0x000000000044B000-memory.dmp
memory/3036-228-0x00000000001C0000-0x000000000020B000-memory.dmp
memory/3036-227-0x00000000001C0000-0x000000000020B000-memory.dmp
memory/3036-244-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2672-247-0x0000000000270000-0x00000000002BB000-memory.dmp
memory/2672-248-0x0000000000270000-0x00000000002BB000-memory.dmp
memory/3036-231-0x0000000000810000-0x000000000085B000-memory.dmp
memory/2836-250-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2672-251-0x0000000000270000-0x00000000002BB000-memory.dmp
memory/2672-252-0x0000000000270000-0x00000000002BB000-memory.dmp
memory/2836-254-0x0000000000230000-0x000000000027B000-memory.dmp
memory/2672-253-0x0000000000270000-0x00000000002BB000-memory.dmp
memory/2672-257-0x0000000000270000-0x000000000027C000-memory.dmp
memory/2836-270-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2664-275-0x0000000000230000-0x000000000027B000-memory.dmp
memory/2664-274-0x0000000000230000-0x000000000027B000-memory.dmp
memory/2664-273-0x0000000000230000-0x000000000027B000-memory.dmp