ramnit | f2db305bb87e418623361ca81fc600864d14e270f3b23a4a0248b9ada86c1543

Analysis

max time kernel
144s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 20:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53b233c6c23409aa87d7982565849165.dll
Size

166KB
MD5

53b233c6c23409aa87d7982565849165
SHA1

f3b0d0f6869a017892d7838d60fa9738d648d0e5
SHA256

f2db305bb87e418623361ca81fc600864d14e270f3b23a4a0248b9ada86c1543
SHA512

2f2fa21b020fcc3b9f76b2874c74b0a37cf4c7da96dab5111bc3fa481bd767bcd503a476998fc1d0daf5cb5b2b315124c71486ef33325279670eafd55fdb1ef0
SSDEEP

3072:pTU56gVxj27NevROEuPvisOpkTv7L2GQ6uE:G4wRj+qYvW4uE

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "userinit.exe,c:\\program files (x86)\\microsoft\\watermark.exe"	svchost.exe

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit

Executes dropped EXE 2 IoCs

pid	Process
2800	regsvr32mgr.exe
2836	WaterMark.exe

Loads dropped DLL 4 IoCs

pid	Process
2388	regsvr32.exe
2388	regsvr32.exe
2800	regsvr32mgr.exe
2800	regsvr32mgr.exe

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2836-32-0x0000000000400000-0x0000000000435000-memory.dmp	upx
behavioral1/memory/2836-43-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2800-20-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2800-17-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2800-16-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2800-15-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2800-14-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2800-13-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2800-12-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2836-439-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2836-442-0x0000000000400000-0x0000000000421000-memory.dmp	upx

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\regsvr32mgr.exe	regsvr32.exe
File created	C:\Windows\SysWOW64\dmlconf.dat	svchost.exe
File opened for modification	C:\Windows\SysWOW64\dmlconf.dat	svchost.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm	svchost.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\keystore\libfile_keystore_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liboldmovie_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_setid_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm	svchost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm	svchost.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libball_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_output\libvmem_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\view.html	svchost.exe
File opened for modification	C:\Program Files\Internet Explorer\F12.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm	svchost.exe
File opened for modification	C:\Program Files\Java\jre7\bin\awt.dll	svchost.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL	svchost.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll	svchost.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll	svchost.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_10_p010_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libdxva2_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dts_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Internet Explorer\pdm.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html	svchost.exe
File opened for modification	C:\Program Files\Java\jre7\bin\glass.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll	svchost.exe
File opened for modification	C:\Program Files\Internet Explorer\IEShims.dll	svchost.exe
File opened for modification	C:\Program Files\Mozilla Firefox\ipcclientcerts.dll	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Windows.Presentation.resources.dll	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\d3d11\libdirect3d11_filters_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\RSSFeeds.html	svchost.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\settings.html	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libvcd_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liberase_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d9_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradient_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\flyout.html	svchost.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\picturePuzzle.html	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\WaterMark.exe	regsvr32mgr.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClientsideProviders.resources.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libshm_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mp4_plugin.dll	svchost.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
2836	WaterMark.exe
2836	WaterMark.exe
2836	WaterMark.exe
2836	WaterMark.exe
2836	WaterMark.exe
2836	WaterMark.exe
2836	WaterMark.exe
2836	WaterMark.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe
1940	svchost.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2836	WaterMark.exe
Token: SeDebugPrivilege	1940	svchost.exe
Token: SeDebugPrivilege	2836	WaterMark.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2800	regsvr32mgr.exe
2836	WaterMark.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2388	1708	regsvr32.exe	17
PID 1708 wrote to memory of 2388	1708	regsvr32.exe	17
PID 1708 wrote to memory of 2388	1708	regsvr32.exe	17
PID 1708 wrote to memory of 2388	1708	regsvr32.exe	17
PID 1708 wrote to memory of 2388	1708	regsvr32.exe	17
PID 1708 wrote to memory of 2388	1708	regsvr32.exe	17
PID 1708 wrote to memory of 2388	1708	regsvr32.exe	17
PID 2388 wrote to memory of 2800	2388	regsvr32.exe	16
PID 2388 wrote to memory of 2800	2388	regsvr32.exe	16
PID 2388 wrote to memory of 2800	2388	regsvr32.exe	16
PID 2388 wrote to memory of 2800	2388	regsvr32.exe	16
PID 2800 wrote to memory of 2836	2800	regsvr32mgr.exe	15
PID 2800 wrote to memory of 2836	2800	regsvr32mgr.exe	15
PID 2800 wrote to memory of 2836	2800	regsvr32mgr.exe	15
PID 2800 wrote to memory of 2836	2800	regsvr32mgr.exe	15
PID 2836 wrote to memory of 2768	2836	WaterMark.exe	14
PID 2836 wrote to memory of 2768	2836	WaterMark.exe	14
PID 2836 wrote to memory of 2768	2836	WaterMark.exe	14
PID 2836 wrote to memory of 2768	2836	WaterMark.exe	14
PID 2836 wrote to memory of 2768	2836	WaterMark.exe	14
PID 2836 wrote to memory of 2768	2836	WaterMark.exe	14
PID 2836 wrote to memory of 2768	2836	WaterMark.exe	14
PID 2836 wrote to memory of 2768	2836	WaterMark.exe	14
PID 2836 wrote to memory of 2768	2836	WaterMark.exe	14
PID 2836 wrote to memory of 2768	2836	WaterMark.exe	14
PID 2836 wrote to memory of 1940	2836	WaterMark.exe	32
PID 2836 wrote to memory of 1940	2836	WaterMark.exe	32
PID 2836 wrote to memory of 1940	2836	WaterMark.exe	32
PID 2836 wrote to memory of 1940	2836	WaterMark.exe	32
PID 2836 wrote to memory of 1940	2836	WaterMark.exe	32
PID 2836 wrote to memory of 1940	2836	WaterMark.exe	32
PID 2836 wrote to memory of 1940	2836	WaterMark.exe	32
PID 2836 wrote to memory of 1940	2836	WaterMark.exe	32
PID 2836 wrote to memory of 1940	2836	WaterMark.exe	32
PID 2836 wrote to memory of 1940	2836	WaterMark.exe	32
PID 1940 wrote to memory of 260	1940	svchost.exe	7
PID 1940 wrote to memory of 260	1940	svchost.exe	7
PID 1940 wrote to memory of 260	1940	svchost.exe	7
PID 1940 wrote to memory of 260	1940	svchost.exe	7
PID 1940 wrote to memory of 260	1940	svchost.exe	7
PID 1940 wrote to memory of 340	1940	svchost.exe	6
PID 1940 wrote to memory of 340	1940	svchost.exe	6
PID 1940 wrote to memory of 340	1940	svchost.exe	6
PID 1940 wrote to memory of 340	1940	svchost.exe	6
PID 1940 wrote to memory of 340	1940	svchost.exe	6
PID 1940 wrote to memory of 388	1940	svchost.exe	5
PID 1940 wrote to memory of 388	1940	svchost.exe	5
PID 1940 wrote to memory of 388	1940	svchost.exe	5
PID 1940 wrote to memory of 388	1940	svchost.exe	5
PID 1940 wrote to memory of 388	1940	svchost.exe	5
PID 1940 wrote to memory of 400	1940	svchost.exe	4
PID 1940 wrote to memory of 400	1940	svchost.exe	4
PID 1940 wrote to memory of 400	1940	svchost.exe	4
PID 1940 wrote to memory of 400	1940	svchost.exe	4
PID 1940 wrote to memory of 400	1940	svchost.exe	4
PID 1940 wrote to memory of 436	1940	svchost.exe	3
PID 1940 wrote to memory of 436	1940	svchost.exe	3
PID 1940 wrote to memory of 436	1940	svchost.exe	3
PID 1940 wrote to memory of 436	1940	svchost.exe	3
PID 1940 wrote to memory of 436	1940	svchost.exe	3
PID 1940 wrote to memory of 484	1940	svchost.exe	2
PID 1940 wrote to memory of 484	1940	svchost.exe	2
PID 1940 wrote to memory of 484	1940	svchost.exe	2
PID 1940 wrote to memory of 484	1940	svchost.exe	2

C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
1⤵
PID:492

C:\Windows\system32\services.exe
C:\Windows\system32\services.exe
1⤵
PID:484
- C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
  2⤵
  PID:752
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k netsvcs
  2⤵
  PID:856
- - C:\Windows\system32\wbem\WMIADAP.EXE
    wmiadap.exe /F /T /R
    3⤵
    PID:2204
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k NetworkService
  2⤵
  PID:112
- C:\Windows\system32\taskhost.exe
  "taskhost.exe"
  2⤵
  PID:1112
- C:\Windows\system32\sppsvc.exe
  C:\Windows\system32\sppsvc.exe
  2⤵
  PID:1352
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
  2⤵
  PID:2400
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
  2⤵
  PID:1068
- C:\Windows\System32\spoolsv.exe
  C:\Windows\System32\spoolsv.exe
  2⤵
  PID:356
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k LocalService
  2⤵
  PID:964
- C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
  2⤵
  PID:816
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k RPCSS
  2⤵
  PID:680
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k DcomLaunch
  2⤵
  PID:600
- - C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe -Embedding
    3⤵
    PID:352

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:436

C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
1⤵
PID:400

C:\Windows\system32\wininit.exe
wininit.exe
1⤵
PID:388
- C:\Windows\system32\lsm.exe
  C:\Windows\system32\lsm.exe
  2⤵
  PID:500

C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
1⤵
PID:340

C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe
1⤵
PID:260

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1212
- C:\Windows\system32\regsvr32.exe
  regsvr32 /s C:\Users\Admin\AppData\Local\Temp\53b233c6c23409aa87d7982565849165.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1708

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
1⤵
- Modifies WinLogon for persistence
- Drops file in System32 directory
- Drops file in Program Files directory
PID:2768

C:\Program Files (x86)\Microsoft\WaterMark.exe
"C:\Program Files (x86)\Microsoft\WaterMark.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1940

C:\Windows\SysWOW64\regsvr32mgr.exe
C:\Windows\SysWOW64\regsvr32mgr.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2800

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\53b233c6c23409aa87d7982565849165.dll
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2388

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:804

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
205KB

MD5
4d3e370d376484e440db15c572727547

SHA1
7eb5d510bbafea70a31622c5841f26ded309e1d9

SHA256
08dd2fd75747dacead8bdfaba1d7925b5fbd7341073853745ad8a8f09bbf23ef

SHA512
2dcbe88edca9dc87e822e871074893b68c0959aefa3757bf7ccb5077bdaa88a0bcd4eab32c56d41d7eb18d0809ac53640c87d1cea10a72b784ed219ea87a5873

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
202KB

MD5
3246f2edfe75ef48829ce761d12031c3

SHA1
ed0439e08d78456cd60703f66a3ad39216c60f05

SHA256
05130b5bce9176083d775f3ca742a78b43292a96e07c83aeb74d24cfe0395c1b

SHA512
0abaf000b564e0e3772c4bd002b5d02f7570fae453260dbeff8cdf2379c51cd9a8882c7c6221d17e5d34673170e0ba0fc3de32bb9db6c6bc7381f4e4af8d423d

Download Submit
memory/1940-88-0x0000000020010000-0x000000002001B000-memory.dmp

Filesize
44KB

Download
memory/1940-86-0x0000000020010000-0x000000002001B000-memory.dmp

Filesize
44KB

Download
memory/1940-87-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/1940-90-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1940-92-0x00000000778F0000-0x00000000778F1000-memory.dmp

Filesize
4KB

Download
memory/1940-93-0x0000000020010000-0x000000002001B000-memory.dmp

Filesize
44KB

Download
memory/1940-89-0x0000000020010000-0x000000002001B000-memory.dmp

Filesize
44KB

Download
memory/1940-72-0x0000000020010000-0x000000002001B000-memory.dmp

Filesize
44KB

Download
memory/1940-82-0x0000000020010000-0x000000002001B000-memory.dmp

Filesize
44KB

Download
memory/2388-10-0x00000000001A0000-0x00000000001D5000-memory.dmp

Filesize
212KB

Download
memory/2388-1-0x0000000074B30000-0x0000000074B5C000-memory.dmp

Filesize
176KB

Download
memory/2388-4-0x00000000001A0000-0x00000000001D5000-memory.dmp

Filesize
212KB

Download
memory/2768-53-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2768-63-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download
memory/2768-587-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2768-40-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2768-44-0x00000000000C0000-0x00000000000C1000-memory.dmp

Filesize
4KB

Download
memory/2768-58-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2768-64-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2768-67-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2768-66-0x00000000000C0000-0x00000000000C1000-memory.dmp

Filesize
4KB

Download
memory/2768-65-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2800-20-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2800-12-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2800-21-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2800-16-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2800-17-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2800-15-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2800-14-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2800-13-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2800-11-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2836-285-0x00000000778F0000-0x00000000778F1000-memory.dmp

Filesize
4KB

Download
memory/2836-283-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/2836-284-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/2836-45-0x00000000778EF000-0x00000000778F0000-memory.dmp

Filesize
4KB

Download
memory/2836-81-0x00000000778EF000-0x00000000778F0000-memory.dmp

Filesize
4KB

Download
memory/2836-70-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/2836-439-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2836-442-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2836-38-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/2836-32-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2836-43-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download