ramnit | eebbb2f8fe7ae75890893ccf3e4de076cb347cab052b8737f2667742763d0a1f

Analysis

max time kernel
150s
max time network
142s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 00:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

181858b30e17871444391ed77dbb889c_JaffaCakes118.exe
Size

121KB
MD5

181858b30e17871444391ed77dbb889c
SHA1

31463ddc72ea8f3939aef3c1b61580778d8219e8
SHA256

eebbb2f8fe7ae75890893ccf3e4de076cb347cab052b8737f2667742763d0a1f
SHA512

6d7e94b87198afb93b47d626366514c2dd4cd0b9e3ed14c573a0a1b48dc5a2e2c770f3c87f0100be805787c63dc0ed5dd8088812f1191769b63acf1222c00f09
SSDEEP

1536:P8kwilTEhU4HDa1KkjWXUa21mc/Mue9zp:XhlohUEK9ekp0

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

svchost.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "userinit.exe,c:\\program files (x86)\\microsoft\\watermark.exe"	svchost.exe

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Executes dropped EXE 1 IoCs

Processes:

WaterMark.exe

pid process

2056 WaterMark.exe
Loads dropped DLL 2 IoCs

Processes:

181858b30e17871444391ed77dbb889c_JaffaCakes118.exe

pid process

636 181858b30e17871444391ed77dbb889c_JaffaCakes118.exe
636 181858b30e17871444391ed77dbb889c_JaffaCakes118.exe

pid	process
636	181858b30e17871444391ed77dbb889c_JaffaCakes118.exe
636	181858b30e17871444391ed77dbb889c_JaffaCakes118.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2056-15-0x0000000000400000-0x0000000000426000-memory.dmp	upx
behavioral1/memory/2056-14-0x0000000000400000-0x0000000000426000-memory.dmp	upx
behavioral1/memory/636-9-0x0000000000400000-0x0000000000426000-memory.dmp	upx
behavioral1/memory/2056-17-0x0000000000400000-0x0000000000426000-memory.dmp	upx
behavioral1/memory/2056-509-0x0000000000400000-0x0000000000426000-memory.dmp	upx
behavioral1/memory/2056-512-0x0000000000400000-0x0000000000426000-memory.dmp	upx

Drops file in System32 directory 2 IoCs

Processes:

svchost.exe

description ioc process

File created C:\Windows\SysWOW64\dmlconf.dat svchost.exe
File opened for modification C:\Windows\SysWOW64\dmlconf.dat svchost.exe

description	ioc	process
File created	C:\Windows\SysWOW64\dmlconf.dat	svchost.exe
File opened for modification	C:\Windows\SysWOW64\dmlconf.dat	svchost.exe

Drops file in Program Files directory 64 IoCs

Processes:

svchost.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\pencht.dll	svchost.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\promointl.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Utilities.v3.5.resources.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\calendar.html	svchost.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\InkObj.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Design.Resources.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libposterize_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d9_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Client.resources.dll	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Client.resources.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll	svchost.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msader15.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblendbench_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libprefetch_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jre7\bin\dt_shmem.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Windows Journal\JNWDRV.dll	svchost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL	svchost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libx265_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\PhotoViewer.dll	svchost.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\penusa.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll	svchost.exe
File opened for modification	C:\Program Files\Mozilla Firefox\ipcclientcerts.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll	svchost.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEWSS.DLL	svchost.exe
File opened for modification	C:\Program Files\DVD Maker\OmdProject.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_av1_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\MCESidebarCtrl.dll	svchost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jre7\bin\fxplugins.dll	svchost.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\slideShow.html	svchost.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\msadcer.dll	svchost.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsusf_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Resources.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll	svchost.exe

Suspicious behavior: EnumeratesProcesses 37 IoCs

Processes:

WaterMark.exesvchost.exe

pid	process
2056	WaterMark.exe
2056	WaterMark.exe
2056	WaterMark.exe
2056	WaterMark.exe
2056	WaterMark.exe
2056	WaterMark.exe
2056	WaterMark.exe
2056	WaterMark.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

WaterMark.exesvchost.exe

description pid process

Token: SeDebugPrivilege 2056 WaterMark.exe
Token: SeDebugPrivilege 2800 svchost.exe
Token: SeDebugPrivilege 2056 WaterMark.exe

description	pid	process
Token: SeDebugPrivilege	2056	WaterMark.exe
Token: SeDebugPrivilege	2800	svchost.exe
Token: SeDebugPrivilege	2056	WaterMark.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

181858b30e17871444391ed77dbb889c_JaffaCakes118.exeWaterMark.exesvchost.exe

description	pid	process	target process
PID 636 wrote to memory of 2056	636	181858b30e17871444391ed77dbb889c_JaffaCakes118.exe	WaterMark.exe
PID 636 wrote to memory of 2056	636	181858b30e17871444391ed77dbb889c_JaffaCakes118.exe	WaterMark.exe
PID 636 wrote to memory of 2056	636	181858b30e17871444391ed77dbb889c_JaffaCakes118.exe	WaterMark.exe
PID 636 wrote to memory of 2056	636	181858b30e17871444391ed77dbb889c_JaffaCakes118.exe	WaterMark.exe
PID 2056 wrote to memory of 2664	2056	WaterMark.exe	svchost.exe
PID 2056 wrote to memory of 2664	2056	WaterMark.exe	svchost.exe
PID 2056 wrote to memory of 2664	2056	WaterMark.exe	svchost.exe
PID 2056 wrote to memory of 2664	2056	WaterMark.exe	svchost.exe
PID 2056 wrote to memory of 2664	2056	WaterMark.exe	svchost.exe
PID 2056 wrote to memory of 2664	2056	WaterMark.exe	svchost.exe
PID 2056 wrote to memory of 2664	2056	WaterMark.exe	svchost.exe
PID 2056 wrote to memory of 2664	2056	WaterMark.exe	svchost.exe
PID 2056 wrote to memory of 2664	2056	WaterMark.exe	svchost.exe
PID 2056 wrote to memory of 2664	2056	WaterMark.exe	svchost.exe
PID 2056 wrote to memory of 2800	2056	WaterMark.exe	svchost.exe
PID 2056 wrote to memory of 2800	2056	WaterMark.exe	svchost.exe
PID 2056 wrote to memory of 2800	2056	WaterMark.exe	svchost.exe
PID 2056 wrote to memory of 2800	2056	WaterMark.exe	svchost.exe
PID 2056 wrote to memory of 2800	2056	WaterMark.exe	svchost.exe
PID 2056 wrote to memory of 2800	2056	WaterMark.exe	svchost.exe
PID 2056 wrote to memory of 2800	2056	WaterMark.exe	svchost.exe
PID 2056 wrote to memory of 2800	2056	WaterMark.exe	svchost.exe
PID 2056 wrote to memory of 2800	2056	WaterMark.exe	svchost.exe
PID 2056 wrote to memory of 2800	2056	WaterMark.exe	svchost.exe
PID 2800 wrote to memory of 256	2800	svchost.exe	smss.exe
PID 2800 wrote to memory of 256	2800	svchost.exe	smss.exe
PID 2800 wrote to memory of 256	2800	svchost.exe	smss.exe
PID 2800 wrote to memory of 256	2800	svchost.exe	smss.exe
PID 2800 wrote to memory of 256	2800	svchost.exe	smss.exe
PID 2800 wrote to memory of 332	2800	svchost.exe	csrss.exe
PID 2800 wrote to memory of 332	2800	svchost.exe	csrss.exe
PID 2800 wrote to memory of 332	2800	svchost.exe	csrss.exe
PID 2800 wrote to memory of 332	2800	svchost.exe	csrss.exe
PID 2800 wrote to memory of 332	2800	svchost.exe	csrss.exe
PID 2800 wrote to memory of 380	2800	svchost.exe	wininit.exe
PID 2800 wrote to memory of 380	2800	svchost.exe	wininit.exe
PID 2800 wrote to memory of 380	2800	svchost.exe	wininit.exe
PID 2800 wrote to memory of 380	2800	svchost.exe	wininit.exe
PID 2800 wrote to memory of 380	2800	svchost.exe	wininit.exe
PID 2800 wrote to memory of 392	2800	svchost.exe	csrss.exe
PID 2800 wrote to memory of 392	2800	svchost.exe	csrss.exe
PID 2800 wrote to memory of 392	2800	svchost.exe	csrss.exe
PID 2800 wrote to memory of 392	2800	svchost.exe	csrss.exe
PID 2800 wrote to memory of 392	2800	svchost.exe	csrss.exe
PID 2800 wrote to memory of 428	2800	svchost.exe	winlogon.exe
PID 2800 wrote to memory of 428	2800	svchost.exe	winlogon.exe
PID 2800 wrote to memory of 428	2800	svchost.exe	winlogon.exe
PID 2800 wrote to memory of 428	2800	svchost.exe	winlogon.exe
PID 2800 wrote to memory of 428	2800	svchost.exe	winlogon.exe
PID 2800 wrote to memory of 476	2800	svchost.exe	services.exe
PID 2800 wrote to memory of 476	2800	svchost.exe	services.exe
PID 2800 wrote to memory of 476	2800	svchost.exe	services.exe
PID 2800 wrote to memory of 476	2800	svchost.exe	services.exe
PID 2800 wrote to memory of 476	2800	svchost.exe	services.exe
PID 2800 wrote to memory of 484	2800	svchost.exe	lsass.exe
PID 2800 wrote to memory of 484	2800	svchost.exe	lsass.exe
PID 2800 wrote to memory of 484	2800	svchost.exe	lsass.exe
PID 2800 wrote to memory of 484	2800	svchost.exe	lsass.exe
PID 2800 wrote to memory of 484	2800	svchost.exe	lsass.exe
PID 2800 wrote to memory of 492	2800	svchost.exe	lsm.exe
PID 2800 wrote to memory of 492	2800	svchost.exe	lsm.exe
PID 2800 wrote to memory of 492	2800	svchost.exe	lsm.exe
PID 2800 wrote to memory of 492	2800	svchost.exe	lsm.exe
PID 2800 wrote to memory of 492	2800	svchost.exe	lsm.exe

C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe
1⤵
PID:256

C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
1⤵
PID:332

C:\Windows\system32\wininit.exe
wininit.exe
1⤵
PID:380

C:\Windows\system32\services.exe
C:\Windows\system32\services.exe
2⤵
PID:476

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
3⤵
PID:608

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
4⤵
PID:1952

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -Embedding
4⤵
PID:2864

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k RPCSS
3⤵
PID:676

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
3⤵
PID:760

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
3⤵
PID:828

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
4⤵
PID:1288

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs
3⤵
PID:872

C:\Windows\system32\wbem\WMIADAP.EXE
wmiadap.exe /F /T /R
4⤵
PID:1216

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService
3⤵
PID:1004

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService
3⤵
PID:340

C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
3⤵
PID:376

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
3⤵
PID:1036

C:\Windows\system32\taskhost.exe
"taskhost.exe"
3⤵
PID:1220

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
3⤵
PID:2140

C:\Windows\system32\sppsvc.exe
C:\Windows\system32\sppsvc.exe
3⤵
PID:3028

C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
2⤵
PID:484

C:\Windows\system32\lsm.exe
C:\Windows\system32\lsm.exe
2⤵
PID:492

C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
1⤵
PID:392

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:428

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1328

C:\Users\Admin\AppData\Local\Temp\181858b30e17871444391ed77dbb889c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\181858b30e17871444391ed77dbb889c_JaffaCakes118.exe"
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:636

C:\Program Files (x86)\Microsoft\WaterMark.exe
"C:\Program Files (x86)\Microsoft\WaterMark.exe"
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2056

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
4⤵
- Modifies WinLogon for persistence
- Drops file in System32 directory
- Drops file in Program Files directory
PID:2664

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2800

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\WaterMark.exe
Filesize
121KB

MD5
181858b30e17871444391ed77dbb889c

SHA1
31463ddc72ea8f3939aef3c1b61580778d8219e8

SHA256
eebbb2f8fe7ae75890893ccf3e4de076cb347cab052b8737f2667742763d0a1f

SHA512
6d7e94b87198afb93b47d626366514c2dd4cd0b9e3ed14c573a0a1b48dc5a2e2c770f3c87f0100be805787c63dc0ed5dd8088812f1191769b63acf1222c00f09

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize
255KB

MD5
5f4201095cbe09d7e830777508216eed

SHA1
dd5f76874b874f1188bf4534e92b0793978d8d8a

SHA256
4543d11841b5146c00f7e978f7755ca98231a5f6621f8157d146efc52e1438f9

SHA512
29138e1093a90021db769710d96089f7b85cb6b86bf9778050bf381035b3eaa9ff758d50245882530946a83aa0b4d460c89ac9420da76ac2d51d89a502d3cf09

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize
251KB

MD5
b7c18d9f72ba2960e2231121c8cb19f2

SHA1
802f9e879ab5b8cbc02e92517f24c3fb55dd849f

SHA256
8a74665f6d687dc1caaa92aac3033aef2067ed0c980593367d9a88dd8be102cc

SHA512
609086059fc86a95408d1d6525ee61725ea0f92711c6cc51e3a3840a68892b489a14531e83b044a4161d8e2c17f68031fdd7d68701308929e01d0db5737d7d57

Download Submit
memory/636-9-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/636-10-0x00000000003A0000-0x00000000003C6000-memory.dmp

Filesize
152KB

Download
memory/636-0-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2056-16-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2056-12-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2056-17-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2056-14-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2056-15-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2056-512-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2056-509-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2056-51-0x000000007738F000-0x0000000077390000-memory.dmp

Filesize
4KB

Download
memory/2056-43-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2664-39-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2664-25-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download
memory/2664-34-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2664-19-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2664-27-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2664-31-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2664-21-0x00000000000C0000-0x00000000000C1000-memory.dmp

Filesize
4KB

Download
memory/2664-733-0x0000000020010000-0x0000000020022000-memory.dmp

Filesize
72KB

Download
memory/2664-26-0x00000000000C0000-0x00000000000C1000-memory.dmp

Filesize
4KB

Download
memory/2800-56-0x0000000020010000-0x000000002001B000-memory.dmp

Filesize
44KB

Download
memory/2800-61-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2800-60-0x0000000077390000-0x0000000077391000-memory.dmp

Filesize
4KB

Download
memory/2800-59-0x0000000020010000-0x000000002001B000-memory.dmp

Filesize
44KB

Download
memory/2800-62-0x0000000020010000-0x000000002001B000-memory.dmp

Filesize
44KB

Download
memory/2800-57-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2800-58-0x0000000020010000-0x000000002001B000-memory.dmp

Filesize
44KB

Download
memory/2800-52-0x0000000020010000-0x000000002001B000-memory.dmp

Filesize
44KB

Download
memory/2800-45-0x0000000020010000-0x000000002001B000-memory.dmp

Filesize
44KB

Download