ramnit | cb5ddafe26c70a36393e4ab00856139339372b3e39d0040404b2029872e1bbb5

Analysis

max time kernel
150s
max time network
143s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 06:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

caabfa7e68320180684ae01e8876b16a.exe
Size

166KB
MD5

caabfa7e68320180684ae01e8876b16a
SHA1

0e76f3e0bb9e810bb182d5f290d409eeb85f193e
SHA256

cb5ddafe26c70a36393e4ab00856139339372b3e39d0040404b2029872e1bbb5
SHA512

cd8dd63b13ad9de79f4e1dd81806eaeef47c3faca0e6148f4fe4a41f5e501d94d504bc7a1b52fd1c458dc3f84ea3db2bd4c12a3bca27469251849e6618f9313a
SSDEEP

3072:SdKFOoL16AKjtBhepmb/uDkSygOW7ApA5Br:eKF/LAvjde6/uQSwQAO5Br

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "userinit.exe,c:\\program files (x86)\\microsoft\\watermark.exe"	svchost.exe

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit

Executes dropped EXE 2 IoCs

pid	Process
2220	caabfa7e68320180684ae01e8876b16amgr.exe
548	WaterMark.exe

Loads dropped DLL 4 IoCs

pid	Process
1304	caabfa7e68320180684ae01e8876b16a.exe
1304	caabfa7e68320180684ae01e8876b16a.exe
2220	caabfa7e68320180684ae01e8876b16amgr.exe
2220	caabfa7e68320180684ae01e8876b16amgr.exe

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2220-11-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2220-14-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2220-12-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2220-15-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2220-19-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2220-16-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/548-32-0x0000000000400000-0x0000000000435000-memory.dmp	upx
behavioral1/memory/2220-29-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/548-41-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/548-276-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/548-419-0x0000000000400000-0x0000000000421000-memory.dmp	upx

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\dmlconf.dat	svchost.exe
File opened for modification	C:\Windows\SysWOW64\dmlconf.dat	svchost.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE	svchost.exe
File opened for modification	C:\Program Files\Common Files\System\wab32res.dll	svchost.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll	svchost.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpsychedelic_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_output\libyuv_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Windows Mail\MSOERES.dll	svchost.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\picturePuzzle.html	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\extensibility.dll	svchost.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\OARPMANR.DLL	svchost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll	svchost.exe
File opened for modification	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll	svchost.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\librtpvideo_plugin.dll	svchost.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\CsiSoap.dll	svchost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jre7\bin\policytool.exe	svchost.exe
File opened for modification	C:\Program Files\Internet Explorer\networkinspection.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msadomd.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jre7\bin\decora-sse.dll	svchost.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\1033\MAPISHELLR.DLL	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Windows Media Player\wmpenc.exe	svchost.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\calendar.html	svchost.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jre7\bin\dcpr.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\RSSFeeds.html	svchost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll	svchost.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\mshwLatin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_hevc_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html	svchost.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jp2iexp.dll	svchost.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d9_plugin.dll	svchost.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\CoolType.dll	svchost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll	svchost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll	svchost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jre7\bin\server\jvm.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jre7\bin\zip.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libedummy_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Windows Journal\JNWDRV.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll	svchost.exe

Suspicious behavior: EnumeratesProcesses 37 IoCs

pid	Process
548	WaterMark.exe
548	WaterMark.exe
548	WaterMark.exe
548	WaterMark.exe
548	WaterMark.exe
548	WaterMark.exe
548	WaterMark.exe
548	WaterMark.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe
2676	svchost.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	548	WaterMark.exe
Token: SeDebugPrivilege	2676	svchost.exe
Token: SeDebugPrivilege	548	WaterMark.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2220	caabfa7e68320180684ae01e8876b16amgr.exe
548	WaterMark.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 2220	1304	caabfa7e68320180684ae01e8876b16a.exe	28
PID 1304 wrote to memory of 2220	1304	caabfa7e68320180684ae01e8876b16a.exe	28
PID 1304 wrote to memory of 2220	1304	caabfa7e68320180684ae01e8876b16a.exe	28
PID 1304 wrote to memory of 2220	1304	caabfa7e68320180684ae01e8876b16a.exe	28
PID 2220 wrote to memory of 548	2220	caabfa7e68320180684ae01e8876b16amgr.exe	29
PID 2220 wrote to memory of 548	2220	caabfa7e68320180684ae01e8876b16amgr.exe	29
PID 2220 wrote to memory of 548	2220	caabfa7e68320180684ae01e8876b16amgr.exe	29
PID 2220 wrote to memory of 548	2220	caabfa7e68320180684ae01e8876b16amgr.exe	29
PID 548 wrote to memory of 2664	548	WaterMark.exe	30
PID 548 wrote to memory of 2664	548	WaterMark.exe	30
PID 548 wrote to memory of 2664	548	WaterMark.exe	30
PID 548 wrote to memory of 2664	548	WaterMark.exe	30
PID 548 wrote to memory of 2664	548	WaterMark.exe	30
PID 548 wrote to memory of 2664	548	WaterMark.exe	30
PID 548 wrote to memory of 2664	548	WaterMark.exe	30
PID 548 wrote to memory of 2664	548	WaterMark.exe	30
PID 548 wrote to memory of 2664	548	WaterMark.exe	30
PID 548 wrote to memory of 2664	548	WaterMark.exe	30
PID 548 wrote to memory of 2676	548	WaterMark.exe	31
PID 548 wrote to memory of 2676	548	WaterMark.exe	31
PID 548 wrote to memory of 2676	548	WaterMark.exe	31
PID 548 wrote to memory of 2676	548	WaterMark.exe	31
PID 548 wrote to memory of 2676	548	WaterMark.exe	31
PID 548 wrote to memory of 2676	548	WaterMark.exe	31
PID 548 wrote to memory of 2676	548	WaterMark.exe	31
PID 548 wrote to memory of 2676	548	WaterMark.exe	31
PID 548 wrote to memory of 2676	548	WaterMark.exe	31
PID 548 wrote to memory of 2676	548	WaterMark.exe	31
PID 2676 wrote to memory of 260	2676	svchost.exe	1
PID 2676 wrote to memory of 260	2676	svchost.exe	1
PID 2676 wrote to memory of 260	2676	svchost.exe	1
PID 2676 wrote to memory of 260	2676	svchost.exe	1
PID 2676 wrote to memory of 260	2676	svchost.exe	1
PID 2676 wrote to memory of 336	2676	svchost.exe	2
PID 2676 wrote to memory of 336	2676	svchost.exe	2
PID 2676 wrote to memory of 336	2676	svchost.exe	2
PID 2676 wrote to memory of 336	2676	svchost.exe	2
PID 2676 wrote to memory of 336	2676	svchost.exe	2
PID 2676 wrote to memory of 388	2676	svchost.exe	3
PID 2676 wrote to memory of 388	2676	svchost.exe	3
PID 2676 wrote to memory of 388	2676	svchost.exe	3
PID 2676 wrote to memory of 388	2676	svchost.exe	3
PID 2676 wrote to memory of 388	2676	svchost.exe	3
PID 2676 wrote to memory of 400	2676	svchost.exe	4
PID 2676 wrote to memory of 400	2676	svchost.exe	4
PID 2676 wrote to memory of 400	2676	svchost.exe	4
PID 2676 wrote to memory of 400	2676	svchost.exe	4
PID 2676 wrote to memory of 400	2676	svchost.exe	4
PID 2676 wrote to memory of 436	2676	svchost.exe	5
PID 2676 wrote to memory of 436	2676	svchost.exe	5
PID 2676 wrote to memory of 436	2676	svchost.exe	5
PID 2676 wrote to memory of 436	2676	svchost.exe	5
PID 2676 wrote to memory of 436	2676	svchost.exe	5
PID 2676 wrote to memory of 480	2676	svchost.exe	6
PID 2676 wrote to memory of 480	2676	svchost.exe	6
PID 2676 wrote to memory of 480	2676	svchost.exe	6
PID 2676 wrote to memory of 480	2676	svchost.exe	6
PID 2676 wrote to memory of 480	2676	svchost.exe	6
PID 2676 wrote to memory of 496	2676	svchost.exe	7
PID 2676 wrote to memory of 496	2676	svchost.exe	7
PID 2676 wrote to memory of 496	2676	svchost.exe	7
PID 2676 wrote to memory of 496	2676	svchost.exe	7
PID 2676 wrote to memory of 496	2676	svchost.exe	7
PID 2676 wrote to memory of 504	2676	svchost.exe	8

C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe
1⤵
PID:260

C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
1⤵
PID:336

C:\Windows\system32\wininit.exe
wininit.exe
1⤵
PID:388
- C:\Windows\system32\services.exe
  C:\Windows\system32\services.exe
  2⤵
  PID:480
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    3⤵
    PID:608
  - - C:\Windows\system32\DllHost.exe
      C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
      4⤵
      PID:1692
  - - C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\system32\wbem\wmiprvse.exe -Embedding
      4⤵
      PID:1816
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    3⤵
    PID:688
- - C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    3⤵
    PID:764
- - C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    3⤵
    PID:832
  - - C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      4⤵
      PID:1180
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    3⤵
    PID:872
  - - C:\Windows\system32\wbem\WMIADAP.EXE
      wmiadap.exe /F /T /R
      4⤵
      PID:2340
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalService
    3⤵
    PID:980
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    3⤵
    PID:272
- - C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\spoolsv.exe
    3⤵
    PID:1032
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    3⤵
    PID:1084
- - C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    3⤵
    PID:1112
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    3⤵
    PID:2052
- - C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\sppsvc.exe
    3⤵
    PID:2092
- C:\Windows\system32\lsass.exe
  C:\Windows\system32\lsass.exe
  2⤵
  PID:496
- C:\Windows\system32\lsm.exe
  C:\Windows\system32\lsm.exe
  2⤵
  PID:504

C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
1⤵
PID:400

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:436

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1208
- C:\Users\Admin\AppData\Local\Temp\caabfa7e68320180684ae01e8876b16a.exe
  "C:\Users\Admin\AppData\Local\Temp\caabfa7e68320180684ae01e8876b16a.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1304
- - C:\Users\Admin\AppData\Local\Temp\caabfa7e68320180684ae01e8876b16amgr.exe
    C:\Users\Admin\AppData\Local\Temp\caabfa7e68320180684ae01e8876b16amgr.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of UnmapMainImage
    - Suspicious use of WriteProcessMemory
    PID:2220
  - - C:\Program Files (x86)\Microsoft\WaterMark.exe
      "C:\Program Files (x86)\Microsoft\WaterMark.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of UnmapMainImage
      Suspicious use of WriteProcessMemory
      PID:548
    - - C:\Windows\SysWOW64\svchost.exe
        
        C:\Windows\system32\svchost.exe
        5⤵
        Modifies WinLogon for persistence
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:2664
    - - C:\Windows\SysWOW64\svchost.exe
        
        C:\Windows\system32\svchost.exe
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
206KB

MD5
8778f6da9b2b4de726f1c6043d8dd891

SHA1
0699591a4610aa76f5b1914d51a098e7d6eaf8c6

SHA256
c46289596653973f22e27a8fa069435b282a59a0d9087082f1a424a235707740

SHA512
83a2a4f9d82706797dca7118f4f49e71ccb7f6ce1db9be5fb3177910d77828e02c791e266c2c0eaf52827051e1e0db339234934f06c35569e5c8fe2a2c01bac9

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
202KB

MD5
4de86d81e9a51819c233c97b870e9064

SHA1
88861f85e74a5d6421e202604fa3e44a04a10997

SHA256
b2c3fde4fdfd62d76029e421c1b06e8cbdb3855b22c65a95166804573044b20c

SHA512
50bb7528ea1386c6598900f313f0bb40befcf8027d24399362d0dac929c179d3559c426baa7f744e7ea2e6cf45406fcef428f4e5f3f06e83c742b27ecafd7cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\caabfa7e68320180684ae01e8876b16amgr.exe

Filesize
96KB

MD5
8c51fd9d6daa7b6137634de19a49452c

SHA1
db2a11cca434bacad2bf42adeecae38e99cf64f8

SHA256
528d190fc376cff62a83391a5ba10ae4ef0c02bedabd0360274ddc2784e11da3

SHA512
b93dd6c86d0618798a11dbaa2ded7dac659f6516ca4a87da7297601c27f340fffa4126a852c257654d562529273d8a3f639ec020ab54b879c68226deae549837

Download Submit
memory/548-420-0x00000000779B0000-0x0000000077B30000-memory.dmp

Filesize
1.5MB

Download
memory/548-268-0x00000000779B0000-0x0000000077B30000-memory.dmp

Filesize
1.5MB

Download
memory/548-271-0x00000000779D0000-0x00000000779D1000-memory.dmp

Filesize
4KB

Download
memory/548-81-0x00000000779CF000-0x00000000779D0000-memory.dmp

Filesize
4KB

Download
memory/548-41-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/548-42-0x00000000779CF000-0x00000000779D0000-memory.dmp

Filesize
4KB

Download
memory/548-276-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/548-419-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/548-32-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/548-70-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/548-269-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/548-40-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1304-0-0x0000000000BA0000-0x0000000000BCC000-memory.dmp

Filesize
176KB

Download
memory/1304-8-0x0000000000BA0000-0x0000000000BCC000-memory.dmp

Filesize
176KB

Download
memory/2220-10-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2220-28-0x0000000000050000-0x0000000000085000-memory.dmp

Filesize
212KB

Download
memory/2220-29-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2220-16-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2220-19-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2220-15-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2220-12-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2220-14-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2220-13-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2220-11-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2664-61-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download
memory/2664-66-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2664-44-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2664-46-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download
memory/2664-53-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2664-59-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2664-416-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2664-58-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2664-63-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/2676-91-0x0000000020010000-0x000000002001B000-memory.dmp

Filesize
44KB

Download
memory/2676-72-0x0000000020010000-0x000000002001B000-memory.dmp

Filesize
44KB

Download
memory/2676-93-0x00000000779D0000-0x00000000779D1000-memory.dmp

Filesize
4KB

Download
memory/2676-88-0x0000000020010000-0x000000002001B000-memory.dmp

Filesize
44KB

Download
memory/2676-89-0x0000000020010000-0x000000002001B000-memory.dmp

Filesize
44KB

Download
memory/2676-82-0x0000000020010000-0x000000002001B000-memory.dmp

Filesize
44KB

Download
memory/2676-90-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2676-87-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2676-86-0x0000000020010000-0x000000002001B000-memory.dmp

Filesize
44KB

Download