fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 10:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe
Size

602KB
MD5

23aaa50b23c1463d22d8576c300c90ee
SHA1

32c3cbbcd353683824cfa05bf0abe8a762c35665
SHA256

fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed
SHA512

6fe645e38e7fdf6d039bcb5ced5909cb04cba71db66c973365a26b1dffb5d758603e9ffed94a55e060404d27bcca9580f46cc340ac6d547836105f96848694c7
SSDEEP

12288:dIny5DYTjAen8EtaFKMvs+fQXlQ8ct7QhAcbJrUaFRwV+9:JUTjAenUFKWFcMjwJxFRa+

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

Processes:

fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe

description ioc process

File created C:\Windows\system32\drivers\nethfdrv.sys fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe
Executes dropped EXE 5 IoCs

Processes:

installd.exenethtsrv.exenetupdsrv.exenethtsrv.exenetupdsrv.exe

pid process

1548 installd.exe
1660 nethtsrv.exe
1712 netupdsrv.exe
328 nethtsrv.exe
896 netupdsrv.exe

description	ioc	process
File created	C:\Windows\system32\drivers\nethfdrv.sys	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe

pid	process
1548	installd.exe
1660	nethtsrv.exe
1712	netupdsrv.exe
328	nethtsrv.exe
896	netupdsrv.exe

Loads dropped DLL 13 IoCs

Processes:

fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exeinstalld.exenethtsrv.exenethtsrv.exe

pid	process
1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe
1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe
1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe
1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe
1548	installd.exe
1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe
1660	nethtsrv.exe
1660	nethtsrv.exe
1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe
1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe
328	nethtsrv.exe
328	nethtsrv.exe
1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 5 IoCs

Processes:

fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe

description	ioc	process
File created	C:\Windows\SysWOW64\netupdsrv.exe	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe
File created	C:\Windows\SysWOW64\hfnapi.dll	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe
File created	C:\Windows\SysWOW64\hfpapi.dll	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe
File created	C:\Windows\SysWOW64\installd.exe	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe
File created	C:\Windows\SysWOW64\nethtsrv.exe	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe

Drops file in Program Files directory 3 IoCs

Processes:

fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe

description	ioc	process
File created	C:\Program Files (x86)\Common Files\Config\data.xml	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe
File created	C:\Program Files (x86)\Common Files\Config\ver.xml	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe
File created	C:\Program Files (x86)\Common Files\config\uninstinethnfd.exe	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Runs net.exe
Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

460
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

nethtsrv.exe

description pid process

Token: SeDebugPrivilege 328 nethtsrv.exe

pid	process
460

description	pid	process
Token: SeDebugPrivilege	328	nethtsrv.exe

Suspicious use of WriteProcessMemory 50 IoCs

Processes:

fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exenet.exenet.exenet.exenet.exe

description	pid	process	target process
PID 1800 wrote to memory of 2028	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	net.exe
PID 1800 wrote to memory of 2028	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	net.exe
PID 1800 wrote to memory of 2028	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	net.exe
PID 1800 wrote to memory of 2028	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	net.exe
PID 2028 wrote to memory of 960	2028	net.exe	net1.exe
PID 2028 wrote to memory of 960	2028	net.exe	net1.exe
PID 2028 wrote to memory of 960	2028	net.exe	net1.exe
PID 2028 wrote to memory of 960	2028	net.exe	net1.exe
PID 1800 wrote to memory of 1584	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	net.exe
PID 1800 wrote to memory of 1584	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	net.exe
PID 1800 wrote to memory of 1584	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	net.exe
PID 1800 wrote to memory of 1584	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	net.exe
PID 1584 wrote to memory of 1252	1584	net.exe	net1.exe
PID 1584 wrote to memory of 1252	1584	net.exe	net1.exe
PID 1584 wrote to memory of 1252	1584	net.exe	net1.exe
PID 1584 wrote to memory of 1252	1584	net.exe	net1.exe
PID 1800 wrote to memory of 1548	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	installd.exe
PID 1800 wrote to memory of 1548	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	installd.exe
PID 1800 wrote to memory of 1548	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	installd.exe
PID 1800 wrote to memory of 1548	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	installd.exe
PID 1800 wrote to memory of 1548	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	installd.exe
PID 1800 wrote to memory of 1548	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	installd.exe
PID 1800 wrote to memory of 1548	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	installd.exe
PID 1800 wrote to memory of 1660	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	nethtsrv.exe
PID 1800 wrote to memory of 1660	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	nethtsrv.exe
PID 1800 wrote to memory of 1660	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	nethtsrv.exe
PID 1800 wrote to memory of 1660	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	nethtsrv.exe
PID 1800 wrote to memory of 1712	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	netupdsrv.exe
PID 1800 wrote to memory of 1712	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	netupdsrv.exe
PID 1800 wrote to memory of 1712	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	netupdsrv.exe
PID 1800 wrote to memory of 1712	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	netupdsrv.exe
PID 1800 wrote to memory of 1712	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	netupdsrv.exe
PID 1800 wrote to memory of 1712	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	netupdsrv.exe
PID 1800 wrote to memory of 1712	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	netupdsrv.exe
PID 1800 wrote to memory of 1940	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	net.exe
PID 1800 wrote to memory of 1940	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	net.exe
PID 1800 wrote to memory of 1940	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	net.exe
PID 1800 wrote to memory of 1940	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	net.exe
PID 1940 wrote to memory of 1988	1940	net.exe	net1.exe
PID 1940 wrote to memory of 1988	1940	net.exe	net1.exe
PID 1940 wrote to memory of 1988	1940	net.exe	net1.exe
PID 1940 wrote to memory of 1988	1940	net.exe	net1.exe
PID 1800 wrote to memory of 1716	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	net.exe
PID 1800 wrote to memory of 1716	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	net.exe
PID 1800 wrote to memory of 1716	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	net.exe
PID 1800 wrote to memory of 1716	1800	fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe	net.exe
PID 1716 wrote to memory of 888	1716	net.exe	net1.exe
PID 1716 wrote to memory of 888	1716	net.exe	net1.exe
PID 1716 wrote to memory of 888	1716	net.exe	net1.exe
PID 1716 wrote to memory of 888	1716	net.exe	net1.exe

C:\Users\Admin\AppData\Local\Temp\fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe
"C:\Users\Admin\AppData\Local\Temp\fdeef4d245bf36863e8470c33815328b7e75c9498771c0f77e53f55e80f744ed.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1800

C:\Windows\SysWOW64\net.exe
net stop nethttpservice
2⤵
- Suspicious use of WriteProcessMemory
PID:2028

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop nethttpservice
3⤵
PID:960

C:\Windows\SysWOW64\net.exe
net stop serviceupdater
2⤵
- Suspicious use of WriteProcessMemory
PID:1584

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop serviceupdater
3⤵
PID:1252

C:\Windows\SysWOW64\installd.exe
"C:\Windows\system32\installd.exe" nethfdrv
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1548

C:\Windows\SysWOW64\nethtsrv.exe
"C:\Windows\system32\nethtsrv.exe" -nfdi
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1660

C:\Windows\SysWOW64\netupdsrv.exe
"C:\Windows\system32\netupdsrv.exe" -nfdi
2⤵
- Executes dropped EXE
PID:1712

C:\Windows\SysWOW64\net.exe
net start nethttpservice
2⤵
- Suspicious use of WriteProcessMemory
PID:1940

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start nethttpservice
3⤵
PID:1988

C:\Windows\SysWOW64\net.exe
net start serviceupdater
2⤵
- Suspicious use of WriteProcessMemory
PID:1716

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start serviceupdater
3⤵
PID:888

C:\Windows\SysWOW64\nethtsrv.exe
C:\Windows\SysWOW64\nethtsrv.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:328

C:\Windows\SysWOW64\netupdsrv.exe
C:\Windows\SysWOW64\netupdsrv.exe
1⤵
- Executes dropped EXE
PID:896

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
e4c805bde36b1f024302c96e5096d9f6

SHA1
45b8ec9ef52632dae3ff18eec0436e39abcfc29a

SHA256
c65ed689486643ae58db18dd7562af84887acc3873022637625f5569a20a8835

SHA512
f2972113b60161ff9c52413614e2fffe16a54d28b28a070d57700ad5b5399ef8f7588966a07a4c5ac83b2c3bcf76d9ecefa5474911be2154002bdae110dc3dc5

Download Submit
C:\Windows\SysWOW64\hfpapi.dll

Filesize
241KB

MD5
e0cbde42b076d2eb9498f6ed8951d21c

SHA1
284315ee1bff96e1a7f29605e675105b278ea5f2

SHA256
263746b331fb788cba348a27eed4e52dcf503fa29ef995d9daac1288ca31499c

SHA512
1536e884b4a9a0a75235de468ddabbf93b449bab0ad29df485964a120f32e6df416e990521fc8781dca19a37a5b8f4cd8788c2b09c7acc4ff495842154e10a25

Download Submit
C:\Windows\SysWOW64\installd.exe

Filesize
108KB

MD5
82d6b66bb61a4f875d4925e052825a82

SHA1
b4ce208ec5a2829bbe15800f39f05690115c94ae

SHA256
2a363fdfb27f72f78cc923a463619dd8cc11f43d93ddbc85b2e3cc5e16838426

SHA512
78d572a8373c49d3db48f1cbffea8828428f6ba3fadae15e9286984689cbf48d535605adcecb68008c38aa9466416df0a8817ae2625e447c3fd31c5a6e4fd20b

Download Submit
C:\Windows\SysWOW64\nethtsrv.exe

Filesize
176KB

MD5
e6b666988ed4ae70b39e018d4f3f7078

SHA1
51d9af90866e7d1c386fc15ba1f4463e2d9b8cd9

SHA256
b4b4c16a18f3e977380b3818af1830d1a1d9b7be3762d7cb304869c3921d3d75

SHA512
77b2e6b115a29791afb4c07a2f750ddceb76a05ffad4a3b94b33e0d89bad018696ac4c7211f022aeef140ae2c7d5d891d94c8fa76366bffc29672a5cc9f02eeb

Download Submit
C:\Windows\SysWOW64\nethtsrv.exe

Filesize
176KB

MD5
e6b666988ed4ae70b39e018d4f3f7078

SHA1
51d9af90866e7d1c386fc15ba1f4463e2d9b8cd9

SHA256
b4b4c16a18f3e977380b3818af1830d1a1d9b7be3762d7cb304869c3921d3d75

SHA512
77b2e6b115a29791afb4c07a2f750ddceb76a05ffad4a3b94b33e0d89bad018696ac4c7211f022aeef140ae2c7d5d891d94c8fa76366bffc29672a5cc9f02eeb

Download Submit
C:\Windows\SysWOW64\netupdsrv.exe

Filesize
158KB

MD5
c6fed74a74b76cca9e07aaf702ae863c

SHA1
eb0702d219d11c4c229ac55d47a9b7c5a87e5ba3

SHA256
0f7d7bcfeb61e48921d485a2ef3a41c4d320c8070c539e7929c90d5914376960

SHA512
a392e8d7d36b3f0c2402e717f56bb149a3ee78da1c4f9338d482218af82eecced6a54521f6541d9aed869de7d892162e44b252742550cd649fafc2ce5a58970c

Download Submit
C:\Windows\SysWOW64\netupdsrv.exe

Filesize
158KB

MD5
c6fed74a74b76cca9e07aaf702ae863c

SHA1
eb0702d219d11c4c229ac55d47a9b7c5a87e5ba3

SHA256
0f7d7bcfeb61e48921d485a2ef3a41c4d320c8070c539e7929c90d5914376960

SHA512
a392e8d7d36b3f0c2402e717f56bb149a3ee78da1c4f9338d482218af82eecced6a54521f6541d9aed869de7d892162e44b252742550cd649fafc2ce5a58970c

Download Submit
\Users\Admin\AppData\Local\Temp\nsiF0F6.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsiF0F6.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nsiF0F6.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nsiF0F6.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nsiF0F6.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
e4c805bde36b1f024302c96e5096d9f6

SHA1
45b8ec9ef52632dae3ff18eec0436e39abcfc29a

SHA256
c65ed689486643ae58db18dd7562af84887acc3873022637625f5569a20a8835

SHA512
f2972113b60161ff9c52413614e2fffe16a54d28b28a070d57700ad5b5399ef8f7588966a07a4c5ac83b2c3bcf76d9ecefa5474911be2154002bdae110dc3dc5

Download Submit
\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
e4c805bde36b1f024302c96e5096d9f6

SHA1
45b8ec9ef52632dae3ff18eec0436e39abcfc29a

SHA256
c65ed689486643ae58db18dd7562af84887acc3873022637625f5569a20a8835

SHA512
f2972113b60161ff9c52413614e2fffe16a54d28b28a070d57700ad5b5399ef8f7588966a07a4c5ac83b2c3bcf76d9ecefa5474911be2154002bdae110dc3dc5

Download Submit
\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
e4c805bde36b1f024302c96e5096d9f6

SHA1
45b8ec9ef52632dae3ff18eec0436e39abcfc29a

SHA256
c65ed689486643ae58db18dd7562af84887acc3873022637625f5569a20a8835

SHA512
f2972113b60161ff9c52413614e2fffe16a54d28b28a070d57700ad5b5399ef8f7588966a07a4c5ac83b2c3bcf76d9ecefa5474911be2154002bdae110dc3dc5

Download Submit
\Windows\SysWOW64\hfpapi.dll

Filesize
241KB

MD5
e0cbde42b076d2eb9498f6ed8951d21c

SHA1
284315ee1bff96e1a7f29605e675105b278ea5f2

SHA256
263746b331fb788cba348a27eed4e52dcf503fa29ef995d9daac1288ca31499c

SHA512
1536e884b4a9a0a75235de468ddabbf93b449bab0ad29df485964a120f32e6df416e990521fc8781dca19a37a5b8f4cd8788c2b09c7acc4ff495842154e10a25

Download Submit
\Windows\SysWOW64\hfpapi.dll

Filesize
241KB

MD5
e0cbde42b076d2eb9498f6ed8951d21c

SHA1
284315ee1bff96e1a7f29605e675105b278ea5f2

SHA256
263746b331fb788cba348a27eed4e52dcf503fa29ef995d9daac1288ca31499c

SHA512
1536e884b4a9a0a75235de468ddabbf93b449bab0ad29df485964a120f32e6df416e990521fc8781dca19a37a5b8f4cd8788c2b09c7acc4ff495842154e10a25

Download Submit
\Windows\SysWOW64\installd.exe

Filesize
108KB

MD5
82d6b66bb61a4f875d4925e052825a82

SHA1
b4ce208ec5a2829bbe15800f39f05690115c94ae

SHA256
2a363fdfb27f72f78cc923a463619dd8cc11f43d93ddbc85b2e3cc5e16838426

SHA512
78d572a8373c49d3db48f1cbffea8828428f6ba3fadae15e9286984689cbf48d535605adcecb68008c38aa9466416df0a8817ae2625e447c3fd31c5a6e4fd20b

Download Submit
\Windows\SysWOW64\nethtsrv.exe

Filesize
176KB

MD5
e6b666988ed4ae70b39e018d4f3f7078

SHA1
51d9af90866e7d1c386fc15ba1f4463e2d9b8cd9

SHA256
b4b4c16a18f3e977380b3818af1830d1a1d9b7be3762d7cb304869c3921d3d75

SHA512
77b2e6b115a29791afb4c07a2f750ddceb76a05ffad4a3b94b33e0d89bad018696ac4c7211f022aeef140ae2c7d5d891d94c8fa76366bffc29672a5cc9f02eeb

Download Submit
\Windows\SysWOW64\netupdsrv.exe

Filesize
158KB

MD5
c6fed74a74b76cca9e07aaf702ae863c

SHA1
eb0702d219d11c4c229ac55d47a9b7c5a87e5ba3

SHA256
0f7d7bcfeb61e48921d485a2ef3a41c4d320c8070c539e7929c90d5914376960

SHA512
a392e8d7d36b3f0c2402e717f56bb149a3ee78da1c4f9338d482218af82eecced6a54521f6541d9aed869de7d892162e44b252742550cd649fafc2ce5a58970c

Download Submit
memory/888-87-0x0000000000000000-mapping.dmp

Download
memory/960-58-0x0000000000000000-mapping.dmp

Download
memory/1252-62-0x0000000000000000-mapping.dmp

Download
memory/1548-64-0x0000000000000000-mapping.dmp

Download
memory/1584-61-0x0000000000000000-mapping.dmp

Download
memory/1660-70-0x0000000000000000-mapping.dmp

Download
memory/1712-76-0x0000000000000000-mapping.dmp

Download
memory/1716-86-0x0000000000000000-mapping.dmp

Download
memory/1800-54-0x00000000758C1000-0x00000000758C3000-memory.dmp

Filesize
8KB

Download
memory/1800-59-0x0000000000360000-0x00000000007BE000-memory.dmp

Filesize
4.4MB

Download
memory/1800-90-0x0000000000360000-0x00000000007BE000-memory.dmp

Filesize
4.4MB

Download
memory/1940-80-0x0000000000000000-mapping.dmp

Download
memory/1988-81-0x0000000000000000-mapping.dmp

Download
memory/2028-57-0x0000000000000000-mapping.dmp

Download