Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

db85cb238e...18.exe

windows7-x64

10

db85cb238e...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/09/2024, 00:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db85cb238e72f409ce425e6f7084c41e_JaffaCakes118.exe

  • Size

    2.1MB

  • MD5

    db85cb238e72f409ce425e6f7084c41e

  • SHA1

    2104a6002bc2ab0b71922c6336e979f85a123265

  • SHA256

    554b6a36340629ea467d107f679e87226f42435e26f49f327a2faee2fdf859dd

  • SHA512

    5f967dc5b121decda46ba5d3bb6e39265f4f13ac5b34f96603874783494c5e32bc50e293c05f10948faeb11763cbe2edecf6d0ac7a8283fc58d88995ce869381

  • SSDEEP

    49152:/XTG77pd3I7UCAVw6WPijpyhwq+VWgzuABzbreCYXIT14Eso:CFFIYHGlUAwLlnT

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Signatures

  • Ardamax

    A keylogger first seen in 2013.

    keyloggerstealerardamax
  • Ardamax main executable 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 6 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 2 IoCs
    installer
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\db85cb238e72f409ce425e6f7084c41e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\db85cb238e72f409ce425e6f7084c41e_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4784
    • C:\Windows\SysWOW64\DFTIWT\FNM.exe
      "C:\Windows\system32\DFTIWT\FNM.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2320
    • C:\Users\Admin\AppData\Local\Temp\full_akl 3.7.exe
      "C:\Users\Admin\AppData\Local\Temp\full_akl 3.7.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4876
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.ardamax.com/keylogger/
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:4776
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc102046f8,0x7ffc10204708,0x7ffc10204718
          4⤵
            PID:4128
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,14850473564164504240,2761731928094648725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
            4⤵
              PID:3020
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,14850473564164504240,2761731928094648725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:2688
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,14850473564164504240,2761731928094648725,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
              4⤵
                PID:3984
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14850473564164504240,2761731928094648725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
                4⤵
                  PID:3436
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14850473564164504240,2761731928094648725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
                  4⤵
                    PID:2948
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,14850473564164504240,2761731928094648725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
                    4⤵
                      PID:3596
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,14850473564164504240,2761731928094648725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
                      4⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:3124
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14850473564164504240,2761731928094648725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
                      4⤵
                        PID:4576
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14850473564164504240,2761731928094648725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
                        4⤵
                          PID:4200
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14850473564164504240,2761731928094648725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
                          4⤵
                            PID:1972
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14850473564164504240,2761731928094648725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
                            4⤵
                              PID:2880
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14850473564164504240,2761731928094648725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
                              4⤵
                                PID:2328
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14850473564164504240,2761731928094648725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
                                4⤵
                                  PID:3256
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,14850473564164504240,2761731928094648725,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5596 /prefetch:2
                                  4⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1384
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2400
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3772

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                719923124ee00fb57378e0ebcbe894f7

                                SHA1

                                cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

                                SHA256

                                aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

                                SHA512

                                a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                d7114a6cd851f9bf56cf771c37d664a2

                                SHA1

                                769c5d04fd83e583f15ab1ef659de8f883ecab8a

                                SHA256

                                d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

                                SHA512

                                33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
                                Filesize

                                212KB

                                MD5

                                08ec57068db9971e917b9046f90d0e49

                                SHA1

                                28b80d73a861f88735d89e301fa98f2ae502e94b

                                SHA256

                                7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

                                SHA512

                                b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                168B

                                MD5

                                5135060aacd1737a14bf41606d6df0e0

                                SHA1

                                18d47a586051700ecb92fa728891e65dfeb25649

                                SHA256

                                c054780d35af6f2788027982a5eef86111d5dc3c53c756e9c7ff2d237ea048ee

                                SHA512

                                f9724787864818e2979d7f7b87e7406793f82db8b4fb075472349be4eb4e64cfa738516a3b2c0c2a4266f1fab30e268a2470c5fcdcb6dbe501740e8252da2850

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                1KB

                                MD5

                                b12eab10fed4285a4463f89d7c0ecb29

                                SHA1

                                25dde42eddb78d5a884610b328a6311d4f87f3f9

                                SHA256

                                b4ac8a90933a8e87ee80f1103bc7a5a57a7770e969e130c2490385c757e619d1

                                SHA512

                                fe5f6e5e421689bb727273199d3b8ec50d52d10698fcbb8761fb74d48a801483c6b7d1f39ff979171449805a9e2d209f2545918cd3100b9ab53d683eb66e9947

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                5KB

                                MD5

                                82e392b910febb63efecb02c67b433f7

                                SHA1

                                f671d2fbdbfe77083b1c2419203d3a61c3ace7ff

                                SHA256

                                0f4da5e4e8233e818b71c19799349dd340dd61705146ca4b8fd630e405f2e6bd

                                SHA512

                                74e2469819b67860cfbd2f91376229ae70cb24e0759eeb51cffee87b1b25b49190ec3030e7a4e4135dde609d3c59d152d239ad32f024b22d37f6c644ad435a4e

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                1f3b5bb4a93b775c0eb8d30c37577965

                                SHA1

                                b865095ed8427264878743a63bd31257158320c9

                                SHA256

                                6337cac83c1f84499c66b4142dffe085870d7ecd3f50b79c00e80a2bf7183054

                                SHA512

                                51cc8a4f57a08feb4917d8a58a19152b5d9f14eab9ad907a71052e2c2e8947298ae5b1d0b02f94246f5fe1f1810dcd460549d801378b8f890afdf259cbb71020

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                10KB

                                MD5

                                ff8e75c48c1ef77b088b241b53fa55a2

                                SHA1

                                81d9dbbc2f646e83766423daf7ccb827f3ad4e75

                                SHA256

                                594a96bd8a90a994509929e1f8a433ab3c24d5ac4e2ef9daee209fa78a3ece9e

                                SHA512

                                498f7c0fe13555f9b41d9d296836e80ec666a8d7d23c76e9232e46d99d9bd4cd694c1ff0ba8102ac9623442c294d1042b7d4f69e78011b499dbde2afc0d12b87

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Temp\full_akl 3.7.exe
                                Filesize

                                1.0MB

                                MD5

                                1f4efd51cd3b9fa7e1cc7b7652a76ef0

                                SHA1

                                def71ec3350a21ecb16f487c9b39c34b3f8a821c

                                SHA256

                                006c8b3ae6baa951713f9f9c406555fcbb58a5e900d15f33f251d48c8fa3ea32

                                SHA512

                                ea1b8e592d3a04c8c582db33585d588f9c2c5095b42e13baeefeffe836632ec8f47df0024872877754e289d0564291f8117a3ab571050ed98c1d08a19aa2bad4

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Temp\nse84C1.tmp\System.dll
                                Filesize

                                11KB

                                MD5

                                c17103ae9072a06da581dec998343fc1

                                SHA1

                                b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

                                SHA256

                                dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

                                SHA512

                                d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

                                Download Submit

                              • C:\Windows\SysWOW64\DFTIWT\AKV.exe
                                Filesize

                                456KB

                                MD5

                                1f29b1075a91b3da0ccc0b9c49eece56

                                SHA1

                                048e675f087181035aedece9e7b11d065c6355cc

                                SHA256

                                4f6825548b32329c3360ed9abb7c0a6809a2c2291cf0bcaac511a9fa32a6336e

                                SHA512

                                7e152caf055f57f599ecc1e3a404b540b721b3315d2ba16bff6eb21f03edeb3a06ae185621e3139293612d94210f500f098bd281489ca7f336efd8b5284ee060

                                Download Submit

                              • C:\Windows\SysWOW64\DFTIWT\FNM.001
                                Filesize

                                61KB

                                MD5

                                31c866d8e4448c28ae63660a0521cd92

                                SHA1

                                0e4dcb44e3c8589688b8eacdd8cc463a920baab9

                                SHA256

                                dc0eaf9d62f0e40b6522d28b2e06b39ff619f9086ea7aa45fd40396a8eb61aa1

                                SHA512

                                1076da7f8137a90b5d3bbbbe2b24fd9774de6adbcdfd41fd55ae90c70b9eb4bbf441732689ad25e5b3048987bfb1d63ba59d5831a04c6d84cb05bbfd2d32f839

                                Download Submit

                              • C:\Windows\SysWOW64\DFTIWT\FNM.002
                                Filesize

                                43KB

                                MD5

                                093e599a1281e943ce1592f61d9591af

                                SHA1

                                6896810fe9b7efe4f5ae68bf280fec637e97adf5

                                SHA256

                                1ac0964d97b02204f4d4ae79cd5244342f1a1798f5846e9dd7f3448d4177a009

                                SHA512

                                64cb58fbf6295d15d9ee6a8a7a325e7673af7ee02e4ece8da5a95257f666566a425b348b802b78ac82e7868ba7923f85255c2c31e548618afa9706c1f88d34dc

                                Download Submit

                              • C:\Windows\SysWOW64\DFTIWT\FNM.004
                                Filesize

                                1KB

                                MD5

                                a21020ced8a55263e4e6fd82a004c106

                                SHA1

                                78de3d3a9bbc88df5b10cd10822d512bc33043f2

                                SHA256

                                2e9a200005b14ecdc7ba79cfc19ba3fb1779393ca78c02a2cd6e4a6fd0f8757f

                                SHA512

                                ce7238d1afbe2aa800f6c00a95d7f26d6f49d7bbb27f14d1725c6506e8957c06f265a27d45c68354f1680e91666099732de794758653c6514b1b2288f91ad5a1

                                Download Submit

                              • C:\Windows\SysWOW64\DFTIWT\FNM.exe
                                Filesize

                                1.5MB

                                MD5

                                0aaffc12ef1b416b9276bdc3fdec9dff

                                SHA1

                                9f38d7cf6241d867da58f89db9ff26544314b938

                                SHA256

                                42b33dd905c5668c2518a6a7d407fb10c303cfedeaefcd7b6e4c7cc1b891c73b

                                SHA512

                                bbde0986b298c6172e7c8e3f938db9425f54cca097e280736e1ba289afd06a0b86f7cbc91f6d46458bc8e75069c12cda1cf808acf3b6c773b0661d081136ee7c

                                Download Submit

                              • memory/2320-64-0x00000000006F0000-0x00000000006F1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/2320-18-0x00000000006F0000-0x00000000006F1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/4876-37-0x0000000004500000-0x0000000004515000-memory.dmp

                                Filesize

                                84KB

                                Download