ramnit | 3d08f0194e417a34913be6108bbe460b931c01d5fc18fe63fd8110024442af04

Analysis

max time kernel
150s
max time network
146s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 22:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

239ba803d903e46e8936c2b2a92a3692_JaffaCakes118.exe
Size

183KB
MD5

239ba803d903e46e8936c2b2a92a3692
SHA1

bd18239891f9888eb3b6eb773997734dfc3c2f8e
SHA256

3d08f0194e417a34913be6108bbe460b931c01d5fc18fe63fd8110024442af04
SHA512

4db07d76baa5fcceb6b0936a3ddee110ebb49e851ae658ec0a5efa05bfb004134be88957c1d723da261983fe6af872d95470a2abb2191b920adc249ee6862b4e
SSDEEP

1536:YfR8PvYs+zXp171QFL8H05LrMd7foPdSiWDteYBYkx0l5dVFWuA65GWiZNIsV2BT:YTpLRQFm4rMd7foPdSz6kxotwI+2BT

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "userinit.exe,c:\\program files (x86)\\microsoft\\watermark.exe"	svchost.exe

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit

Deletes itself 1 IoCs

pid	Process
2924	cmd.exe

Executes dropped EXE 5 IoCs

pid	Process
968	239ba803d903e46e8936c2b2a92a3692_JaffaCakes118mgr.exe
2688	WaterMark.exe
2608	refzsk.exe
2052	refzskmgr.exe
2880	WaterMark.exe

Loads dropped DLL 8 IoCs

pid	Process
2172	239ba803d903e46e8936c2b2a92a3692_JaffaCakes118.exe
2172	239ba803d903e46e8936c2b2a92a3692_JaffaCakes118.exe
968	239ba803d903e46e8936c2b2a92a3692_JaffaCakes118mgr.exe
968	239ba803d903e46e8936c2b2a92a3692_JaffaCakes118mgr.exe
2608	refzsk.exe
2608	refzsk.exe
2052	refzskmgr.exe
2052	refzskmgr.exe

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/968-16-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/968-15-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/968-14-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/968-13-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/968-22-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/968-19-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/968-18-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2688-41-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2052-93-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2880-101-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2688-1300-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2688-1303-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2880-1306-0x0000000000400000-0x0000000000421000-memory.dmp	upx

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\refzsk.exe	239ba803d903e46e8936c2b2a92a3692_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\refzsk.exe	239ba803d903e46e8936c2b2a92a3692_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dmlconf.dat	svchost.exe
File opened for modification	C:\Windows\SysWOW64\dmlconf.dat	svchost.exe
File created	C:\Windows\SysWOW64\refzskmgr.exe	refzsk.exe
File opened for modification	C:\Windows\SysWOW64\dmlconf.dat	svchost.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL	svchost.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Management.Instrumentation.Resources.dll	svchost.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\EXPSRV.DLL	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\px14D8.tmp	239ba803d903e46e8936c2b2a92a3692_JaffaCakes118mgr.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Speech.resources.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_output\libflaschen_plugin.dll	svchost.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ViewerPS.dll	svchost.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\OARPMANR.DLL	svchost.exe
File opened for modification	C:\Program Files\Java\jre7\bin\verify.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html	svchost.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jsound.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsfsstorage_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\librv32_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Windows Mail\wabimp.dll	svchost.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msadox.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Windows Defender\MpAsDesc.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe	svchost.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Windows Media Player\setup_wm.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEXBE.DLL	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jre7\bin\verify.dll	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libaribcam_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll	svchost.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\mraut.dll	svchost.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msader15.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpsychedelic_plugin.dll	svchost.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\icucnv36.dll	svchost.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\Microsoft.Ink.dll	svchost.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	svchost.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	svchost.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\control\libntservice_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll	svchost.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll	svchost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsusf_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\librv32_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_output\libvdummy_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jre7\bin\prism-d3d.dll	svchost.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\gui\libqt_plugin.dll	svchost.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\penjpn.dll	svchost.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_standard_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_output\libglwin32_plugin.dll	svchost.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\pipres.dll	svchost.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2688	WaterMark.exe
2688	WaterMark.exe
2880	WaterMark.exe
2880	WaterMark.exe
2688	WaterMark.exe
2688	WaterMark.exe
2688	WaterMark.exe
2688	WaterMark.exe
2688	WaterMark.exe
2688	WaterMark.exe
1100	svchost.exe
2880	WaterMark.exe
2880	WaterMark.exe
2880	WaterMark.exe
2880	WaterMark.exe
2880	WaterMark.exe
2880	WaterMark.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe
1100	svchost.exe
2728	svchost.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	2688	WaterMark.exe
Token: SeIncBasePriorityPrivilege	2172	239ba803d903e46e8936c2b2a92a3692_JaffaCakes118.exe
Token: SeDebugPrivilege	2880	WaterMark.exe
Token: SeDebugPrivilege	1100	svchost.exe
Token: SeDebugPrivilege	2688	WaterMark.exe
Token: SeDebugPrivilege	2728	svchost.exe
Token: SeDebugPrivilege	2608	refzsk.exe
Token: SeDebugPrivilege	2880	WaterMark.exe

Suspicious use of UnmapMainImage 4 IoCs

pid	Process
968	239ba803d903e46e8936c2b2a92a3692_JaffaCakes118mgr.exe
2688	WaterMark.exe
2052	refzskmgr.exe
2880	WaterMark.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 968	2172	239ba803d903e46e8936c2b2a92a3692_JaffaCakes118.exe	28
PID 2172 wrote to memory of 968	2172	239ba803d903e46e8936c2b2a92a3692_JaffaCakes118.exe	28
PID 2172 wrote to memory of 968	2172	239ba803d903e46e8936c2b2a92a3692_JaffaCakes118.exe	28
PID 2172 wrote to memory of 968	2172	239ba803d903e46e8936c2b2a92a3692_JaffaCakes118.exe	28
PID 968 wrote to memory of 2688	968	239ba803d903e46e8936c2b2a92a3692_JaffaCakes118mgr.exe	29
PID 968 wrote to memory of 2688	968	239ba803d903e46e8936c2b2a92a3692_JaffaCakes118mgr.exe	29
PID 968 wrote to memory of 2688	968	239ba803d903e46e8936c2b2a92a3692_JaffaCakes118mgr.exe	29
PID 968 wrote to memory of 2688	968	239ba803d903e46e8936c2b2a92a3692_JaffaCakes118mgr.exe	29
PID 2688 wrote to memory of 2500	2688	WaterMark.exe	31
PID 2688 wrote to memory of 2500	2688	WaterMark.exe	31
PID 2688 wrote to memory of 2500	2688	WaterMark.exe	31
PID 2688 wrote to memory of 2500	2688	WaterMark.exe	31
PID 2688 wrote to memory of 2500	2688	WaterMark.exe	31
PID 2688 wrote to memory of 2500	2688	WaterMark.exe	31
PID 2688 wrote to memory of 2500	2688	WaterMark.exe	31
PID 2688 wrote to memory of 2500	2688	WaterMark.exe	31
PID 2688 wrote to memory of 2500	2688	WaterMark.exe	31
PID 2688 wrote to memory of 2500	2688	WaterMark.exe	31
PID 2608 wrote to memory of 2052	2608	refzsk.exe	32
PID 2608 wrote to memory of 2052	2608	refzsk.exe	32
PID 2608 wrote to memory of 2052	2608	refzsk.exe	32
PID 2608 wrote to memory of 2052	2608	refzsk.exe	32
PID 2172 wrote to memory of 2924	2172	239ba803d903e46e8936c2b2a92a3692_JaffaCakes118.exe	33
PID 2172 wrote to memory of 2924	2172	239ba803d903e46e8936c2b2a92a3692_JaffaCakes118.exe	33
PID 2172 wrote to memory of 2924	2172	239ba803d903e46e8936c2b2a92a3692_JaffaCakes118.exe	33
PID 2172 wrote to memory of 2924	2172	239ba803d903e46e8936c2b2a92a3692_JaffaCakes118.exe	33
PID 2052 wrote to memory of 2880	2052	refzskmgr.exe	34
PID 2052 wrote to memory of 2880	2052	refzskmgr.exe	34
PID 2052 wrote to memory of 2880	2052	refzskmgr.exe	34
PID 2052 wrote to memory of 2880	2052	refzskmgr.exe	34
PID 2880 wrote to memory of 2496	2880	WaterMark.exe	35
PID 2880 wrote to memory of 2496	2880	WaterMark.exe	35
PID 2880 wrote to memory of 2496	2880	WaterMark.exe	35
PID 2880 wrote to memory of 2496	2880	WaterMark.exe	35
PID 2880 wrote to memory of 2496	2880	WaterMark.exe	35
PID 2880 wrote to memory of 2496	2880	WaterMark.exe	35
PID 2880 wrote to memory of 2496	2880	WaterMark.exe	35
PID 2880 wrote to memory of 2496	2880	WaterMark.exe	35
PID 2880 wrote to memory of 2496	2880	WaterMark.exe	35
PID 2880 wrote to memory of 2496	2880	WaterMark.exe	35
PID 2688 wrote to memory of 1100	2688	WaterMark.exe	36
PID 2688 wrote to memory of 1100	2688	WaterMark.exe	36
PID 2688 wrote to memory of 1100	2688	WaterMark.exe	36
PID 2688 wrote to memory of 1100	2688	WaterMark.exe	36
PID 2688 wrote to memory of 1100	2688	WaterMark.exe	36
PID 2688 wrote to memory of 1100	2688	WaterMark.exe	36
PID 2688 wrote to memory of 1100	2688	WaterMark.exe	36
PID 2688 wrote to memory of 1100	2688	WaterMark.exe	36
PID 2688 wrote to memory of 1100	2688	WaterMark.exe	36
PID 2688 wrote to memory of 1100	2688	WaterMark.exe	36
PID 1100 wrote to memory of 260	1100	svchost.exe	1
PID 1100 wrote to memory of 260	1100	svchost.exe	1
PID 1100 wrote to memory of 260	1100	svchost.exe	1
PID 1100 wrote to memory of 260	1100	svchost.exe	1
PID 1100 wrote to memory of 260	1100	svchost.exe	1
PID 1100 wrote to memory of 336	1100	svchost.exe	2
PID 1100 wrote to memory of 336	1100	svchost.exe	2
PID 1100 wrote to memory of 336	1100	svchost.exe	2
PID 1100 wrote to memory of 336	1100	svchost.exe	2
PID 1100 wrote to memory of 336	1100	svchost.exe	2
PID 1100 wrote to memory of 384	1100	svchost.exe	3
PID 1100 wrote to memory of 384	1100	svchost.exe	3
PID 1100 wrote to memory of 384	1100	svchost.exe	3
PID 1100 wrote to memory of 384	1100	svchost.exe	3

C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe
1⤵
PID:260

C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
1⤵
PID:336

C:\Windows\system32\wininit.exe
wininit.exe
1⤵
PID:384
- C:\Windows\system32\services.exe
  C:\Windows\system32\services.exe
  2⤵
  PID:480
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    3⤵
    PID:608
  - - C:\Windows\system32\DllHost.exe
      C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
      4⤵
      PID:1316
  - - C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\system32\wbem\wmiprvse.exe -Embedding
      4⤵
      PID:780
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    3⤵
    PID:684
- - C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    3⤵
    PID:756
- - C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    3⤵
    PID:820
  - - C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      4⤵
      PID:1044
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    3⤵
    PID:860
  - - C:\Windows\system32\wbem\WMIADAP.EXE
      wmiadap.exe /F /T /R
      4⤵
      PID:1412
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalService
    3⤵
    PID:972
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    3⤵
    PID:304
- - C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    3⤵
    PID:1060
- - C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\spoolsv.exe
    3⤵
    PID:1080
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    3⤵
    PID:1160
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    3⤵
    PID:1740
- - C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\sppsvc.exe
    3⤵
    PID:2056
- - C:\Windows\SysWOW64\refzsk.exe
    C:\Windows\SysWOW64\refzsk.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Windows\SysWOW64\refzskmgr.exe
      C:\Windows\SysWOW64\refzskmgr.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of UnmapMainImage
      Suspicious use of WriteProcessMemory
      PID:2052
    - - C:\Program Files (x86)\Microsoft\WaterMark.exe
        
        "C:\Program Files (x86)\Microsoft\WaterMark.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of UnmapMainImage
        Suspicious use of WriteProcessMemory
        
        PID:2880
      - C:\Windows\SysWOW64\svchost.exe
        
        C:\Windows\system32\svchost.exe
        6⤵
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:2496
      - C:\Windows\SysWOW64\svchost.exe
        
        C:\Windows\system32\svchost.exe
        6⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2728
- C:\Windows\system32\lsass.exe
  C:\Windows\system32\lsass.exe
  2⤵
  PID:496
- C:\Windows\system32\lsm.exe
  C:\Windows\system32\lsm.exe
  2⤵
  PID:504

C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
1⤵
PID:400

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:436

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1112
- C:\Users\Admin\AppData\Local\Temp\239ba803d903e46e8936c2b2a92a3692_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\239ba803d903e46e8936c2b2a92a3692_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Users\Admin\AppData\Local\Temp\239ba803d903e46e8936c2b2a92a3692_JaffaCakes118mgr.exe
    C:\Users\Admin\AppData\Local\Temp\239ba803d903e46e8936c2b2a92a3692_JaffaCakes118mgr.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious use of UnmapMainImage
    - Suspicious use of WriteProcessMemory
    PID:968
  - - C:\Program Files (x86)\Microsoft\WaterMark.exe
      "C:\Program Files (x86)\Microsoft\WaterMark.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of UnmapMainImage
      Suspicious use of WriteProcessMemory
      PID:2688
    - - C:\Windows\SysWOW64\svchost.exe
        
        C:\Windows\system32\svchost.exe
        5⤵
        Modifies WinLogon for persistence
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:2500
    - - C:\Windows\SysWOW64\svchost.exe
        
        C:\Windows\system32\svchost.exe
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1100
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\239BA8~1.EXE > nul
    3⤵
    - Deletes itself
    PID:2924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
183KB

MD5
1ba2881031567971eae1d7f3c82d6a6d

SHA1
2d605d0ea8be26ce202fd6cb2d18c5cf7b122c2d

SHA256
d0324d6562b6a4ace95e8667c2f78d3162f6a359cc86891d251eb0056853a185

SHA512
59b8e31a6a2b4049a5cfa9a6ae5fe7fbc378c78301478d015b8e4127facd7ebd78b18e8d68aa8c529ea5a6614cdb7618cc0cb1d13d71335ed0cc4ce003e19408

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
132KB

MD5
83831701f479b2f45deb006bddfe6576

SHA1
4247d949b4a45eb9b1acb25266380ac73ed02de7

SHA256
89ee6d739f7f335a0bc0cc60959d39736883994501afb58a99d44e52e3bfc947

SHA512
3248bad5f89bfe54cfa4cc8f53c3b5183e005910cddaf7a00f1e5cfcebb0d8d7de6c9cc4eb7a512ae4f316a3aad10f610e0b3d09a25f588483d12682d5eaf724

Download Submit
C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html

Filesize
232KB

MD5
b2a9900badab5e6c8e2f9dbf4549a3ab

SHA1
89ef84a3dfb0d9093e50b271a514bb2c7d6267d4

SHA256
b4a28851a63c981a557d2abb64795785741d4ed37a74a755a30f541165accd1f

SHA512
0f6146c4b7f84cdc2949b7b225ddb584229d0ca69b48eb1254e504c4f967fdf0217cbb2037b98bba69ca845575e7dc4d9d3f32804e546fd272a74338d4c53e76

Download Submit
C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html

Filesize
255KB

MD5
dda417a251441bd1adecd92ff042be6f

SHA1
67151e38481b957a3ffc72c3da5b20d72a6dcdcd

SHA256
69d157999c8fbe07e2b55f03205096a7f51c02aa71aeb3426ccbf1d684d2e2f3

SHA512
0a1d5166e42626d461230f426d06b8701f58d57ea26dd3fba0c4b106e5190a60f09741affbd63f6800d419b10b1030c72c0ceb19024745673467d474c17a2941

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html

Filesize
232KB

MD5
c78128c585f3239ced5ccf5afa521a0d

SHA1
5f72958c1b2652e1c91f0a82f64c089883c2133f

SHA256
73cd3bb53e3c2a2c0a4954dbc0ff68543dbbf3c8ede82e44e7c8f1494b9d31c7

SHA512
c0362e67ae3887ffd7985e49cfd63720152f11ff9a446e9b53cb233b879e56296bf511f209de465e828a9314c77dd1c2dd8563deb09811d296c969c2e52ea294

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html

Filesize
233KB

MD5
e748309e09dc1e5b5c0bae953bec5ed1

SHA1
e8244bfedcd6bfd4e96c3f39c3f26f513996ba53

SHA256
2933140c172bde8d61bf2ab5ea245422ec3ee651d4c7ce870e56137eab29bfcc

SHA512
d5e0f652979a7c9235785ce86a57fc756c92a447327685387da03357a0c26349c103c9050e2af9f8d03f640f1e0f39e9430746d609bd2f4f6f78bf6951532589

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html

Filesize
248KB

MD5
884d62241ebd01bedee7a0a847e94a7a

SHA1
d75b4b59b4313271e8dc724349c9f779ac8d1c0b

SHA256
3c9d01e5b2fee1a8424f873aeb4603afae2711b33326487135cb0e7750666f21

SHA512
1eb3e82c5a7635a775bd19f444550a3fd6384508aae703cbca40256ed2415ecbb2fd5bdb075d7d911f2781b787a1879870f7d8a300d51a2d4ebbfc3e448066f5

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html

Filesize
238KB

MD5
1b01cb7d05cf64c15298bd884b591dd2

SHA1
cbf2a594b70b761566bb2a00068b79dfd77159e4

SHA256
164e64973c6b5562f6527116dd41abd7110c75f3207ed913fe69fd44d95a8e19

SHA512
316523392201002b0e9b36059c44e28d54dc820ff20dbeed2f90adba263254d982e2d69a09e942401c60edc441778b541d2f60daf3a6fb84d2c187bf0820dda2

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html

Filesize
233KB

MD5
43c5a77e8599684de6070c94b9c4ad7b

SHA1
f789faf674e90316e0b570bacc4f6964f9fb8670

SHA256
bb8e027641559f1936b392ba5d5ea1d961d5f63f8aefbe344d1e545ea598030e

SHA512
724a283096d5305d202f7437cabf7975c4e9467e00ddc588771363e1c53f04570405865259b7526c52b9f3b06fe5bf0bdca1e3618116a04c20b91d89a36cceb2

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html

Filesize
248KB

MD5
57d93b1d08eb8061a85ec872d1a177c6

SHA1
5692c9fbd9a05e02bda43d90a72f6792d1a90c3a

SHA256
8b5553d30e374be66926fd2e6ee3f7fd2f16e2420f9054c5729357d72edf70ab

SHA512
576e6acb7a1bed422cfde8beeafdd907d5e999191f1d7fbc1e95a0193231793e99381dd361fbcda34df09880d3a69f73c7393d47cbed9160051d2cd3f8cb291c

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html

Filesize
238KB

MD5
7e3d6505233d679eea9feac61a655613

SHA1
1e304e2ef0f0be4c6d6fadcf4513474979e192f6

SHA256
b9e29cb57b4fc075e3554308e65a3410ba3569e0ff6b44506ae13d0f52ca2611

SHA512
f0e984761e90ea228e9abad9a6c014524d3722e83422f7c55250e0b8b2524e22daab34ff79c39a47dd3e853def35dfbd9d92f1f7d461107dfd34eec43106424e

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html

Filesize
244KB

MD5
1c5478cea04a2b4d8571f4c92738dc2f

SHA1
a2ededc906ec08a6ed174978b114c78366ad488b

SHA256
407d1fe1d75f031404c0597e380e0036f75c056350f472edb3fabf89e22d641a

SHA512
6424e9e261433389d5df815ac81e707a5b94ddaa4d64f177af8473afef89a57e2ddfaf81dd90945b0b5af509fc58ada5d1da2ae92fc8bf858ba725c17026007c

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html

Filesize
240KB

MD5
74bcdd51c0dc7f9bce868bb6381e38dc

SHA1
f82de2564bee43c81e193e050e1d9410566d0697

SHA256
4f88f5de97b29b92c0567f516bb958ab2c53f02904f5da1a4fef1c2ea9e7daa8

SHA512
0e70a28c9acfe902817d65a633a8d5f443ad2e2a3c05eb84c8dc506007ef1c80fc40cf84449f8873fd7df61555ba489faacd94fd273c4ac17aebd1ca6d464480

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html

Filesize
233KB

MD5
8208e5c439e75cbd076c50b173cfdbdb

SHA1
96099c5d86a96252b966be904cf2a19a88fed208

SHA256
c0d6b5debb1a6efacfd9b5bf1b06dba8d6cb6a01dfc2c4c4055c2ad6aeec4b49

SHA512
e612193fb1ef7dd4fa404f465c04357af6c270287af9a4b9469bec354a02a3cda9942f2ee36c012279f4cf0c8c63f19962d257f93887041a2aba15a49dda2ead

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html

Filesize
244KB

MD5
b2f76ecc595a7d4b4bc7ab887d985e2f

SHA1
03d0c6f8bd7f42f8bc59ef5082bb38f5ae8f0107

SHA256
7f61750b8d2ef12101b3d636ecf9ba3327ef6c52daa8c351a7999477a1fba294

SHA512
87871e312a2254059021838ffb667c64bdf6500ccfce09d4ff624ad5ba22179289ababf2e08c82aeb52e47622ab5e13b12c34a627a9393aa1dfd59418a143f9d

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html

Filesize
240KB

MD5
83fd2092730b3b430ba276a518e2438c

SHA1
91d953892432b90ff2d2e6fe5f7371b1037e5653

SHA256
6baa69a9a8ed3663fb7cad029e1dda3c83d33d66b30c0702a4144660e539b19a

SHA512
3e17b6a14e7cd8728bf68f87b2ec21ed694423219437b01375ad615f383f8cc284507b552150208000cb800d37dc9ddc06237ed62e11a5cc7bc48e12ffc2819a

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html

Filesize
233KB

MD5
a4b4a89e52f25a3f6fc4399afad12446

SHA1
b6d252e70e111145c5658e5fd7980f7039b5e199

SHA256
073fb4786ee33b8cce949fe8e1ad04dffdef005f69e02ec28be4d52fd04e51d1

SHA512
03738efaeffbe3d00a7583c889c73f420391308b076260eb938e8438d8eb413f17a49be423f1799f19e3731b62a3a821c1ed6837042abd6be234edeb2af07e7d

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
244KB

MD5
d70aa21f172e891b0550b6e9a0fc3e95

SHA1
71b86e8989607ba6285ab3f2ae99449da96911d2

SHA256
37a4752110dfde73d1806c20f0b17c05edc70b8d0fb671936f47deeae6eee225

SHA512
7374ee0bfb91b60de073107c8e9117153bba64a5509395c819933676581b8c2f7d2440b6364876bd44a0f2d6bb9e150efd6204d7f5d57de77fb59dd8d484d48b

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
240KB

MD5
4caebeaadb6c88947d6982a3efb4b4dc

SHA1
01f993c2d8fc04598a2c6fae46d1bed0c53711e4

SHA256
ade729fbf367165db04c1f108150e2e846598325582889658f3209edba5875ea

SHA512
94f3f4d0df8caa7a3fde76d075b5dca63aad727b810462cf4973aefae39952dc4d94c6bfb284e82cd2209f1e2abbecf39269e49a140f7357480250a439cc346b

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html

Filesize
247KB

MD5
1278cc301cbe5ed1edee82c3c693cd2a

SHA1
225fc4a9cd166a76c6b918441ec4c833519dd8d2

SHA256
d832aafca2e82798d03f158ff0f22602544fbe57cf5600275fd49c43f35023e4

SHA512
a9ecdf05c6ab8ec0fa9825e2e239db8cafa790ead24c1a176cedda2d1a8a1235dea595522801577558e5ca41c9440dbd1ae7ce85da006e6c858bc029cfca4f41

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html

Filesize
244KB

MD5
71fdb4bc41b4c4f923a05f4b5d8db28d

SHA1
75f3dc0f5dc777b6f528c3ebbeee73818d93cd27

SHA256
ebffa6e1f5403ef004b595b4cea1c3b26b248f8be89abb89773c82ad191feb38

SHA512
e33164bc09fc999c5e9eaca9083a710293c22cc6b773c6397ad0036e37bea808ca9bbebe554c803a5a785115751099d2b9a9c990e7afb6879105f2e69c5bfeeb

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html

Filesize
240KB

MD5
9afe1345b0632f215ce951baa1093bc0

SHA1
9d41ea4841fe3e74d8c0c92572da1994ada9fd5d

SHA256
fb2a766cc26fea44667ca96df82e5dea03edc15efa3754ec9417a035b24a48d4

SHA512
4bbd279b3ba4e7a8ad28135e96f6b87d62644a939cc14806c879a4c382e877d5d5e134417961b79c190349a273376211c40a3d47d0f7eba532ec154d59e21896

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html

Filesize
245KB

MD5
c68f1a0dbda1c10417f42bdc9c4b7ee2

SHA1
db44538c48a455c34051da685124c4d18367e748

SHA256
11fc40605052bb7824d24f32e07ff82d5ced734fad7cf6f3dc3eac4f4bd6a9f0

SHA512
7260104be64b459381550b2e3612f868411f308c2bb0d66ff51e8cd49eda3fc79742d8219f9400c1cf1c926285f5c08d380f15f5c63aa31fb5d6fafa408d4f85

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html

Filesize
244KB

MD5
7370712a4861c7d9db2fb81e9f1a13af

SHA1
d9a5f37f272dc819fc075c728d0fc73e6291389f

SHA256
50ae60a77aafe44c019172f2f756e9f1219aa06f662891c9525168f2b3ae8e53

SHA512
7ac9a721850a66be10c0ccc603cf13a59ad8a20e462b9f9e1f1fa692862958b3040ba797c0b408dd68856703493e8654d43cbea33a933f58aa14f426e7dba9ad

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html

Filesize
240KB

MD5
a3b6f8dd4d0dcd9d3d6ff23fdfeb5c8e

SHA1
df22abf220f4725f9ebd847b89e06dbcb0a7b387

SHA256
4d705c228110e9885c2f9f6bc1563fb4028effaa2fae32decde4eceb15b25b7d

SHA512
ea46620a40fcc3e9c1d229c29bbd7851ecf00926db2f1c7d9dc8f5b125337be3998e726867f3980cff6e721974a189145f0b2801b4cc2a7d3916a5189b4a0203

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html

Filesize
246KB

MD5
4a402c1b4cbb8e2d164286e6847e4771

SHA1
06d432b96fdebcc381677a430058167523b019f2

SHA256
9fb3dde7bbd6dc662161f9c752aa1bda005188e207d5137d3c35e0d57451820f

SHA512
5986bebce7f9f8879ad5113bf7c84bc5f8925395caa04f710b4c7c3681b5d440e456f4bfb98fd4d69512f664399ca21280073ee8f14790a545d09452460810d1

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
244KB

MD5
364c9f63f1a61661bcfed086d9a374c2

SHA1
fecc47a1e6f64baff0517da85346167212e3af6c

SHA256
135dc60ec631f0ed028f4e6d040a2a61d4c673d1c766656e901e47bd02e3182e

SHA512
3b64d97e4f35a581d7d294f385f8751dc0a84032351421b039f168d41d082d9459fb1ad42320fdf26630e9cbd5135d4a162781c5f65f32bdf624f94f584f283c

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
240KB

MD5
9fe0c2b53347667a2bfaf02f7d73ec56

SHA1
7cca57e7f3531356470fcae46582be1c01e5021d

SHA256
fc7c80ceb98f28f5ee14ff2d531809f67201cf6efd7f0c57fc807a41bdc29e60

SHA512
ea40046fc5cd4478bd8d22366c91c4da49533c6401ed472a46e074d58151201075cc8e79a9990f838cd182ea2b6a9644a29aacfbc3b248466e05f7dee149323c

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html

Filesize
247KB

MD5
76b9b7a1ff24c5deb734b005ebd1311a

SHA1
2774578324cc76728462f8edf9fc1d37ef7f3c91

SHA256
2e1b03d1699d1ec041695b2737f28ad3b60939f696ca737a4b6627ef19bfe594

SHA512
474e2faf747ede97fc0bc809cb5c900adf24abec19eee8f67d8a2d5d6a58c5f2877063c5c1238f69eaa00b8100ce0a5ef6cc2a7684307599df6025374237a518

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
244KB

MD5
8c20ffbe78b13995d0f151cdd8276c7a

SHA1
0f4c6da3ad56577c17945a4b80965eb6a69ca0fc

SHA256
dae98b8941acb7344b1572858deec644b81bdfb6d003185eb6d4a50c340ba203

SHA512
996e68361135e2c1f5ca2edb1abc6d3350c2f04d274ba77b34ec863bb717ba655f9567e0f177661976997ff49a04b110704b0f179659db8085fda09a64ff47c7

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
240KB

MD5
6c6b17247fd021350e5336ce7f189d06

SHA1
316c35d9582513eb90d329098723eee582b50fc9

SHA256
18850f0f29764090035a7ce4b0fbecb88e3d454593c994af2c02dc40a403e3e1

SHA512
349d179b73f2fa0b05faea968770c073939e1f0cfd2a8677413d4159ee978c516146139309db9352b9237d426186233d19bcb712a9b381455e068e1d62eb0df2

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html

Filesize
244KB

MD5
c54a4107bbef3bb7500fd877712e2782

SHA1
0c77ef7fe25411af7af37f8ea5dcbdbb17c3f17b

SHA256
e8db3a05e5ec90482400adaa8810fedf5a2f1a94f6ec39b709d5013c5f24616c

SHA512
1978fe185047521221f18e5f1c4ce18c149bbeb826f49f653aa475a4b956d84de93e5c394edf65cde2ee464c6e8237064302831fb62f8fc9d5358b1ab8efecab

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html

Filesize
240KB

MD5
0dbe7e92d7840b2f74bffbcb269a59e4

SHA1
218ad392cc2e4e7d6c705fe170dd313eab082137

SHA256
65396f5653f4689b1252e1c0eeabd6eba2c32642c568362b950746e6b0fa87fd

SHA512
f5e78d0708c080532e51755125a5d3142dad5f08ef9f15a3f7626f3af0cbfc0d3f62d1d79054b95ff9b8c1bf0b16c481478cab1b1d5148e3ee00cea5e02c6429

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html

Filesize
244KB

MD5
22697bd0f62d865da75f72ecabf85de5

SHA1
c49beaed95ea80342211afb9073b39c7e6a9a253

SHA256
9382f52e1031f5686936297040e0e40e9febb95ca7e1f71140a1a63d525d5faa

SHA512
27d7702ee524b63e8e7fe93888e66a01b38b0455f3221e7f9b6c8a565cb2f3e0a0a1f97cc58b10efb226666ce82676a1d72cfb58b00666ba99028a28aa904e20

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html

Filesize
240KB

MD5
581bfe6703b1cee15313ec0dda01432a

SHA1
1906504c8c8a7e2438b31ff58b8ba5d20bad2c65

SHA256
061d6ce17d338dfe6af7b339ee1b3dadf18dbd19061f61791dd3234e5a547e22

SHA512
2acb8279caf2fb69c5be28edce6cc30e0ba25d17a53c5616329da1977c4c9a7cd0cda71ef292d9fef7d09e41e28b3adc5cb31de80f1a8cfa84ca5d23cd741d8f

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html

Filesize
244KB

MD5
d632fa9281e3d4f92b57df8c5b7ba764

SHA1
6c040a9fbff6b1ac531e1d7804079334fc73063b

SHA256
f4cf94f91ac0bf7697f312034aa7985781f5b7c9ad8473d1275a97b30e11da5f

SHA512
78765729451ce823bbca9122677891b30e346cdf2b6f0d6edef1a313f00715f39bcd5f2a85792289cd565075fabd085adf43252d6ce41a23d8af7ce0dbdb8476

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html

Filesize
240KB

MD5
48b5a9241f5cb4ee264c583bde920110

SHA1
44a528c63bd10d64d99861ace86d86c7507e8025

SHA256
3561133ed5727dee746e0d5e8ddc0a1ce22256e7dd2495d650d93da98654be83

SHA512
da7ea97a9ad46a020e3af7538bda35af6bdc7e9f89821814e6d98374af38cdc424ffc1587e4e8ad2aac21a38a4ee3b393427bc27153534e4f4346e2ffed0de6c

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html

Filesize
244KB

MD5
dd162fa031260b93c7f5507f613a81d8

SHA1
7daffacea07e5e2589f70f3ce0eca9270b85f597

SHA256
836dd07cd59f3c744ea33def174b9a3d5aed034c91343c8bf36ac7cf0813faab

SHA512
dc78b0352b670a4be817771f1998bfe2316e63792fbbe8775cc1c2ea7369714bb1dcfd9189e149deecba99416f5d65c817ad4d491ac77c2c91ea212b8b3ca011

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html

Filesize
240KB

MD5
8c08b284f492467754c770b445b76f29

SHA1
6e6b7efc72629590611893cb0378d59ae95cd964

SHA256
bea43f846e6d94335a1301bb85add6798681fb8b1d2b28880ed880c11e5f5ebc

SHA512
66511deaf16c84b2e4bc92ad6b6cbc0be00dd5992c10386f69d0700a5003b5df5270b9bdbafe211a687f9b5cb30fe161338af49ad5a436287b3f49ecf1c8367b

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html

Filesize
244KB

MD5
37ebdf466755bb88b1d22f90610803ac

SHA1
173c283618a00c8594d03e72b5cb83aed9f687f7

SHA256
79ac82f9c21781e9e54c167d7406e9291d910a541fda4404d68b5e317ae7e08a

SHA512
b15a6b6a69b7bd49c26be825e3a313fac29702c99bc5f97c9f7af0fa14eba72c64723b4f0fc3cb6929ef8fedcb0823fab426ff4630583c66741b668857237efc

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html

Filesize
240KB

MD5
dcf7ced85f0392b2fda647f995805fe2

SHA1
cc9ed16ea2de51f64790768843c7f4006d0b0c1e

SHA256
7b3149c61bb1d01c550f67dc694cabe78a54d1a6ca1481f997ff8140d63173d4

SHA512
fb04098f110e97d40d3e10e7683a55daacf4055527d4a8cc78fd7c1a0a38e9bf1c384764fbde34fc488b4598150773980a84a77d19585bdf50e8509cee0b314c

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html

Filesize
244KB

MD5
d2ffded22abbbab6957497d6fa467d8e

SHA1
915c5c075d75978824a201082c9835825a552304

SHA256
b288cd8b97387d2b95f6214b816db03ae4313ef4711d89b0bdfb83e8d9256671

SHA512
76d76d3e96fd5f98e582c67f52c354c7b364ae633f653cfd205b7e9343187a86f94c848fd3e0b57323f13fdd071ab607602493fa32f99b7cb4528150be5f8e80

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html

Filesize
240KB

MD5
a17911eb9d6ffe5f4d5bd2aa0b6248da

SHA1
f98613ecd1c81cc7fe6605a18da0c8a273de4320

SHA256
fd4f5594772b93a528539dd90d27767b8e89bfa6bd2f733eae110615579ded52

SHA512
3e1c11b22b0c3888220cf47ffad15bb04dfad2ff19a215487c8084c37d46650603445ff4cd0f4f00ea535cf4bb7929306a5639c36cd2a69ab4693d386cb9fa0d

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm

Filesize
238KB

MD5
32260895133b7f06229ed1f3df0d3f1f

SHA1
3d6a7f1cb99c443391ad403dc33d2bbc109b92fb

SHA256
cd68c46b2cee7e94d0a9f377613439794a42d956fdd43fa2a1ec7ebd3ec0a7f2

SHA512
6081bae9b9638c65fbd9274a868a28eb391d8a56c921a5bf8328c66981d85fa896b468b2826922443d718d1e6e31c318d45ca4d6d9d4f3ccb9d778b9be6d90e6

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm

Filesize
234KB

MD5
bcd21d9570372f88d128019c2f8f5ee5

SHA1
f59ca96b2be9fd44df5e5f3277766cea23bc2c04

SHA256
a201cca48f255a20649ffe20e6edef98d9696af25233758d2879d2073ab6ac00

SHA512
64a31b971b52802dca6b3d8fdc5baaa59094788f65287d2f1d7e2d48089a0fbde7490e77e60c088146233885b3603afdb0970a275b648e380230117d4a4d57b2

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm

Filesize
243KB

MD5
27130fad3a7738e47a4f3c967c9f56d7

SHA1
8d96ed98a54c2f6c85988486f89802215a5c4af5

SHA256
bb785311da6b27ea9e28c782aa5bb59bd3d5ec865892345e4fc6b5b4e3443a8d

SHA512
1c09c244a25f29555225c4f1c3c0a9bc356c2091c5fb0fddcd1fd597465e977a17d339ed702e093ac6b8e474ea58c0aecc5517e3f92c36a5ab9f034b6721f54e

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm

Filesize
238KB

MD5
d21bea4f3a445362ffa506da816b59b8

SHA1
8e50e7a83f7fc94c9a9b65b7eaa0993f280898dd

SHA256
c6a4c98c7a8e4aea8f1976cd82983064096733e036d451c6c6acba7d4e7d3da5

SHA512
f42a1b0b7fa6a4e73421460348424c5b15e9ddd40a4767249af37850bea5169f712b6fd0f51c2c74f8492312b146b3d93e4a24c7534689a71df56d02f96c693f

Download Submit
C:\Windows\SysWOW64\dmlconf.dat

Filesize
16B

MD5
a6f4c6c8f0f7267136086b09affc2eee

SHA1
22bf1aac8f63a7a807f17f7813059cd5436f298a

SHA256
80e7cbe2f69e5da12ef479f133e99c828acd5886238fe5bd5daf2a12c30a54d7

SHA512
001cb61dac5d4181f26961825c539d07c809ef28d4d5ddd46dad3740c06790aca1c0001b5ba6fef85e9aa177d854320df4f368fe4c7e53d7bc0fa9fadea09f3b

Download Submit
C:\Windows\SysWOW64\refzsk.exe

Filesize
183KB

MD5
239ba803d903e46e8936c2b2a92a3692

SHA1
bd18239891f9888eb3b6eb773997734dfc3c2f8e

SHA256
3d08f0194e417a34913be6108bbe460b931c01d5fc18fe63fd8110024442af04

SHA512
4db07d76baa5fcceb6b0936a3ddee110ebb49e851ae658ec0a5efa05bfb004134be88957c1d723da261983fe6af872d95470a2abb2191b920adc249ee6862b4e

Download Submit
\Users\Admin\AppData\Local\Temp\239ba803d903e46e8936c2b2a92a3692_JaffaCakes118mgr.exe

Filesize
115KB

MD5
0a745aeddb83ec4d137dfcc0f3d1ccad

SHA1
bc9f3298a33b71a6a26dc56408eca55d313800ab

SHA256
d28522f5a1bdd4cc70d29ce457e9bfcbb75d6d5fd2537ff15877ee2a502dd907

SHA512
85be6d620235ac9447ab8a65055cbf4d29ef0b6dbffc5d38bfd35071c26622fd0c48729daf4323d7c58e34b0204ba131792b40c9ec38bb4a597f5693e5ba2eaf

Download Submit
memory/968-22-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/968-13-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/968-12-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/968-26-0x0000000000050000-0x000000000007D000-memory.dmp

Filesize
180KB

Download
memory/968-18-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/968-19-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/968-16-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/968-17-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/968-14-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/968-15-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2052-93-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2172-0-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2172-10-0x0000000000220000-0x000000000024D000-memory.dmp

Filesize
180KB

Download
memory/2172-11-0x0000000000220000-0x000000000024D000-memory.dmp

Filesize
180KB

Download
memory/2172-90-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2496-117-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2500-66-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/2500-64-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2500-59-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2500-46-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download
memory/2500-54-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2500-67-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2500-65-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download
memory/2500-1807-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2500-44-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2500-69-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2608-68-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2608-80-0x0000000000440000-0x000000000046D000-memory.dmp

Filesize
180KB

Download
memory/2608-81-0x0000000000440000-0x000000000046D000-memory.dmp

Filesize
180KB

Download
memory/2688-1300-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2688-53-0x000000007766F000-0x0000000077670000-memory.dmp

Filesize
4KB

Download
memory/2688-1303-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2688-41-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2688-42-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/2880-1306-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2880-102-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2880-101-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2880-100-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download