52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b

Analysis

max time kernel
81s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 10:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe
Size

446KB
MD5

deb88485e96e6746128b1fce1d67debb
SHA1

a1c9c0c1770c66b1198c8d23707830e3c840ef84
SHA256

52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b
SHA512

72cb828fab7240650932407b856c7e89cd9b78b794a0b16359ff4f7567ecd267e800e894e3cd79090036649ca97142b167ba12514c843014109f1870a143e2c6
SSDEEP

12288:s268WZO9er6Nodln7MQOyzHiGOlddJPtbjXoxEj/zB/X6:s2Nt7qnRH9OfljyEt6

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

Processes:

52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe

description ioc process

File created C:\Windows\system32\drivers\nethfdrv.sys 52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe
Executes dropped EXE 5 IoCs

Processes:

installd.exenethtsrv.exenetupdsrv.exenethtsrv.exenetupdsrv.exe

pid process

1820 installd.exe
556 nethtsrv.exe
676 netupdsrv.exe
548 nethtsrv.exe
1520 netupdsrv.exe

description	ioc	process
File created	C:\Windows\system32\drivers\nethfdrv.sys	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe

pid	process
1820	installd.exe
556	nethtsrv.exe
676	netupdsrv.exe
548	nethtsrv.exe
1520	netupdsrv.exe

Loads dropped DLL 13 IoCs

Processes:

52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exeinstalld.exenethtsrv.exenethtsrv.exe

pid	process
1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe
1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe
1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe
1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe
1820	installd.exe
1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe
556	nethtsrv.exe
556	nethtsrv.exe
1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe
1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe
548	nethtsrv.exe
548	nethtsrv.exe
1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 5 IoCs

Processes:

52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe

description	ioc	process
File created	C:\Windows\SysWOW64\hfnapi.dll	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe
File created	C:\Windows\SysWOW64\hfpapi.dll	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe
File created	C:\Windows\SysWOW64\installd.exe	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe
File created	C:\Windows\SysWOW64\nethtsrv.exe	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe
File created	C:\Windows\SysWOW64\netupdsrv.exe	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe

Drops file in Program Files directory 3 IoCs

Processes:

52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe

description	ioc	process
File created	C:\Program Files (x86)\Common Files\Config\data.xml	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe
File created	C:\Program Files (x86)\Common Files\Config\ver.xml	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe
File created	C:\Program Files (x86)\Common Files\config\uninstinethnfd.exe	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Runs net.exe
Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

468
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

nethtsrv.exe

description pid process

Token: SeDebugPrivilege 548 nethtsrv.exe

pid	process
468

description	pid	process
Token: SeDebugPrivilege	548	nethtsrv.exe

Suspicious use of WriteProcessMemory 50 IoCs

Processes:

52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exenet.exenet.exenet.exenet.exe

description	pid	process	target process
PID 1628 wrote to memory of 796	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	net.exe
PID 1628 wrote to memory of 796	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	net.exe
PID 1628 wrote to memory of 796	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	net.exe
PID 1628 wrote to memory of 796	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	net.exe
PID 796 wrote to memory of 1180	796	net.exe	net1.exe
PID 796 wrote to memory of 1180	796	net.exe	net1.exe
PID 796 wrote to memory of 1180	796	net.exe	net1.exe
PID 796 wrote to memory of 1180	796	net.exe	net1.exe
PID 1628 wrote to memory of 720	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	net.exe
PID 1628 wrote to memory of 720	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	net.exe
PID 1628 wrote to memory of 720	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	net.exe
PID 1628 wrote to memory of 720	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	net.exe
PID 720 wrote to memory of 856	720	net.exe	net1.exe
PID 720 wrote to memory of 856	720	net.exe	net1.exe
PID 720 wrote to memory of 856	720	net.exe	net1.exe
PID 720 wrote to memory of 856	720	net.exe	net1.exe
PID 1628 wrote to memory of 1820	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	installd.exe
PID 1628 wrote to memory of 1820	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	installd.exe
PID 1628 wrote to memory of 1820	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	installd.exe
PID 1628 wrote to memory of 1820	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	installd.exe
PID 1628 wrote to memory of 1820	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	installd.exe
PID 1628 wrote to memory of 1820	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	installd.exe
PID 1628 wrote to memory of 1820	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	installd.exe
PID 1628 wrote to memory of 556	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	nethtsrv.exe
PID 1628 wrote to memory of 556	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	nethtsrv.exe
PID 1628 wrote to memory of 556	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	nethtsrv.exe
PID 1628 wrote to memory of 556	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	nethtsrv.exe
PID 1628 wrote to memory of 676	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	netupdsrv.exe
PID 1628 wrote to memory of 676	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	netupdsrv.exe
PID 1628 wrote to memory of 676	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	netupdsrv.exe
PID 1628 wrote to memory of 676	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	netupdsrv.exe
PID 1628 wrote to memory of 676	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	netupdsrv.exe
PID 1628 wrote to memory of 676	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	netupdsrv.exe
PID 1628 wrote to memory of 676	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	netupdsrv.exe
PID 1628 wrote to memory of 1964	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	net.exe
PID 1628 wrote to memory of 1964	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	net.exe
PID 1628 wrote to memory of 1964	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	net.exe
PID 1628 wrote to memory of 1964	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	net.exe
PID 1964 wrote to memory of 2036	1964	net.exe	net1.exe
PID 1964 wrote to memory of 2036	1964	net.exe	net1.exe
PID 1964 wrote to memory of 2036	1964	net.exe	net1.exe
PID 1964 wrote to memory of 2036	1964	net.exe	net1.exe
PID 1628 wrote to memory of 1812	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	net.exe
PID 1628 wrote to memory of 1812	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	net.exe
PID 1628 wrote to memory of 1812	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	net.exe
PID 1628 wrote to memory of 1812	1628	52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe	net.exe
PID 1812 wrote to memory of 2028	1812	net.exe	net1.exe
PID 1812 wrote to memory of 2028	1812	net.exe	net1.exe
PID 1812 wrote to memory of 2028	1812	net.exe	net1.exe
PID 1812 wrote to memory of 2028	1812	net.exe	net1.exe

C:\Users\Admin\AppData\Local\Temp\52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe
"C:\Users\Admin\AppData\Local\Temp\52c7d024becca32f92b821cf2a728c89afefe925b0d8e4991a74061d451c676b.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1628

C:\Windows\SysWOW64\net.exe
net stop nethttpservice
2⤵
- Suspicious use of WriteProcessMemory
PID:796

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop nethttpservice
3⤵
PID:1180

C:\Windows\SysWOW64\net.exe
net stop serviceupdater
2⤵
- Suspicious use of WriteProcessMemory
PID:720

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop serviceupdater
3⤵
PID:856

C:\Windows\SysWOW64\installd.exe
"C:\Windows\system32\installd.exe" nethfdrv
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1820

C:\Windows\SysWOW64\nethtsrv.exe
"C:\Windows\system32\nethtsrv.exe" -nfdi
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:556

C:\Windows\SysWOW64\netupdsrv.exe
"C:\Windows\system32\netupdsrv.exe" -nfdi
2⤵
- Executes dropped EXE
PID:676

C:\Windows\SysWOW64\net.exe
net start nethttpservice
2⤵
- Suspicious use of WriteProcessMemory
PID:1964

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start nethttpservice
3⤵
PID:2036

C:\Windows\SysWOW64\net.exe
net start serviceupdater
2⤵
- Suspicious use of WriteProcessMemory
PID:1812

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start serviceupdater
3⤵
PID:2028

C:\Windows\SysWOW64\nethtsrv.exe
C:\Windows\SysWOW64\nethtsrv.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:548

C:\Windows\SysWOW64\netupdsrv.exe
C:\Windows\SysWOW64\netupdsrv.exe
1⤵
- Executes dropped EXE
PID:1520

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
fcd533cae497a77ddb3f551239fc5ad4

SHA1
ab33efbafe2bc9ce26786b96f407f7e471dcf586

SHA256
db9616aac812d781cfa9f17f6e74e68b2a837c8c98e3a6d20112378cfc3db9e7

SHA512
661ffa39054a13c1a78f97d34234767739afc99097555effec1c51b3b7ce83695648a50fbcf3f246a0d3b3c4df9016318714044a048bbbfddbd11fd28437dc69

Download Submit
C:\Windows\SysWOW64\hfpapi.dll

Filesize
241KB

MD5
88eadeef348c028c7b591c284b09ff0c

SHA1
d80681471ac909376fccc4bdfddf083f86f7287b

SHA256
916bad8bdc877bf5b8b7a964ffb9b5c551a1d9d09888e9cd6c4310938af6fba3

SHA512
8806ed5780bdeed9cce2a0b6ac28680d6e169e77c662ece3a9ada7206753cfae825eccb7651e43cb06fdbca2b520b765b76a629f88f5b7f217a093f581116d90

Download Submit
C:\Windows\SysWOW64\installd.exe

Filesize
108KB

MD5
1a417136a32c6cc31e90e722f9f47977

SHA1
22f65c3b2a61785eb42903faeb6862e789cdc837

SHA256
c88e79bd8896546229b8cd92aec76dc7feb866def7fbad09679adff3e02da307

SHA512
9900269f053cb1b371538c641fd5d383658824ee119dcce006cfa6222829ac0018b06dd8bcaa137ca82db7e05d54b581efd8f1f891115b57f64920c1450da12a

Download Submit
C:\Windows\SysWOW64\nethtsrv.exe

Filesize
176KB

MD5
0da1c577788784775507a0308980ac8b

SHA1
f8e07f1d1365c86e0471291e6156798873cbd9a2

SHA256
3c147b15e5bdef69d5c43cf77b7800a5f078efb08a6227272bffa5650ee16fea

SHA512
01becbf66dbd66d8fd0b6c5b5c5643b850ef174e26ac521c1ee71f7fbb94c85d2bc5803a36b9c5062f37f8744a680e36045b588ae37cefa3b4b950d45bfc9417

Download Submit
C:\Windows\SysWOW64\nethtsrv.exe

Filesize
176KB

MD5
0da1c577788784775507a0308980ac8b

SHA1
f8e07f1d1365c86e0471291e6156798873cbd9a2

SHA256
3c147b15e5bdef69d5c43cf77b7800a5f078efb08a6227272bffa5650ee16fea

SHA512
01becbf66dbd66d8fd0b6c5b5c5643b850ef174e26ac521c1ee71f7fbb94c85d2bc5803a36b9c5062f37f8744a680e36045b588ae37cefa3b4b950d45bfc9417

Download Submit
C:\Windows\SysWOW64\netupdsrv.exe

Filesize
158KB

MD5
c820ea62fbbe89f9f23c06d145a8c7bf

SHA1
66ff0adc3c449cd490e13224538af618149d3d0d

SHA256
9c74241b2c5ba8f99cb7ff6e98493e48cb82afd0ce360ed8cb889429cbaf2e6d

SHA512
9dcc117e4a4be0416d8dbe28ccd499644fb6b789bee01f8807c83221a06b64ff507291591f10633ba656da42834b30968394c916349de1b0bf2bb64b37603395

Download Submit
C:\Windows\SysWOW64\netupdsrv.exe

Filesize
158KB

MD5
c820ea62fbbe89f9f23c06d145a8c7bf

SHA1
66ff0adc3c449cd490e13224538af618149d3d0d

SHA256
9c74241b2c5ba8f99cb7ff6e98493e48cb82afd0ce360ed8cb889429cbaf2e6d

SHA512
9dcc117e4a4be0416d8dbe28ccd499644fb6b789bee01f8807c83221a06b64ff507291591f10633ba656da42834b30968394c916349de1b0bf2bb64b37603395

Download Submit
\Users\Admin\AppData\Local\Temp\nsoDC9C.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsoDC9C.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nsoDC9C.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nsoDC9C.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nsoDC9C.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
fcd533cae497a77ddb3f551239fc5ad4

SHA1
ab33efbafe2bc9ce26786b96f407f7e471dcf586

SHA256
db9616aac812d781cfa9f17f6e74e68b2a837c8c98e3a6d20112378cfc3db9e7

SHA512
661ffa39054a13c1a78f97d34234767739afc99097555effec1c51b3b7ce83695648a50fbcf3f246a0d3b3c4df9016318714044a048bbbfddbd11fd28437dc69

Download Submit
\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
fcd533cae497a77ddb3f551239fc5ad4

SHA1
ab33efbafe2bc9ce26786b96f407f7e471dcf586

SHA256
db9616aac812d781cfa9f17f6e74e68b2a837c8c98e3a6d20112378cfc3db9e7

SHA512
661ffa39054a13c1a78f97d34234767739afc99097555effec1c51b3b7ce83695648a50fbcf3f246a0d3b3c4df9016318714044a048bbbfddbd11fd28437dc69

Download Submit
\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
fcd533cae497a77ddb3f551239fc5ad4

SHA1
ab33efbafe2bc9ce26786b96f407f7e471dcf586

SHA256
db9616aac812d781cfa9f17f6e74e68b2a837c8c98e3a6d20112378cfc3db9e7

SHA512
661ffa39054a13c1a78f97d34234767739afc99097555effec1c51b3b7ce83695648a50fbcf3f246a0d3b3c4df9016318714044a048bbbfddbd11fd28437dc69

Download Submit
\Windows\SysWOW64\hfpapi.dll

Filesize
241KB

MD5
88eadeef348c028c7b591c284b09ff0c

SHA1
d80681471ac909376fccc4bdfddf083f86f7287b

SHA256
916bad8bdc877bf5b8b7a964ffb9b5c551a1d9d09888e9cd6c4310938af6fba3

SHA512
8806ed5780bdeed9cce2a0b6ac28680d6e169e77c662ece3a9ada7206753cfae825eccb7651e43cb06fdbca2b520b765b76a629f88f5b7f217a093f581116d90

Download Submit
\Windows\SysWOW64\hfpapi.dll

Filesize
241KB

MD5
88eadeef348c028c7b591c284b09ff0c

SHA1
d80681471ac909376fccc4bdfddf083f86f7287b

SHA256
916bad8bdc877bf5b8b7a964ffb9b5c551a1d9d09888e9cd6c4310938af6fba3

SHA512
8806ed5780bdeed9cce2a0b6ac28680d6e169e77c662ece3a9ada7206753cfae825eccb7651e43cb06fdbca2b520b765b76a629f88f5b7f217a093f581116d90

Download Submit
\Windows\SysWOW64\installd.exe

Filesize
108KB

MD5
1a417136a32c6cc31e90e722f9f47977

SHA1
22f65c3b2a61785eb42903faeb6862e789cdc837

SHA256
c88e79bd8896546229b8cd92aec76dc7feb866def7fbad09679adff3e02da307

SHA512
9900269f053cb1b371538c641fd5d383658824ee119dcce006cfa6222829ac0018b06dd8bcaa137ca82db7e05d54b581efd8f1f891115b57f64920c1450da12a

Download Submit
\Windows\SysWOW64\nethtsrv.exe

Filesize
176KB

MD5
0da1c577788784775507a0308980ac8b

SHA1
f8e07f1d1365c86e0471291e6156798873cbd9a2

SHA256
3c147b15e5bdef69d5c43cf77b7800a5f078efb08a6227272bffa5650ee16fea

SHA512
01becbf66dbd66d8fd0b6c5b5c5643b850ef174e26ac521c1ee71f7fbb94c85d2bc5803a36b9c5062f37f8744a680e36045b588ae37cefa3b4b950d45bfc9417

Download Submit
\Windows\SysWOW64\netupdsrv.exe

Filesize
158KB

MD5
c820ea62fbbe89f9f23c06d145a8c7bf

SHA1
66ff0adc3c449cd490e13224538af618149d3d0d

SHA256
9c74241b2c5ba8f99cb7ff6e98493e48cb82afd0ce360ed8cb889429cbaf2e6d

SHA512
9dcc117e4a4be0416d8dbe28ccd499644fb6b789bee01f8807c83221a06b64ff507291591f10633ba656da42834b30968394c916349de1b0bf2bb64b37603395

Download Submit
memory/556-69-0x0000000000000000-mapping.dmp

Download
memory/676-75-0x0000000000000000-mapping.dmp

Download
memory/720-60-0x0000000000000000-mapping.dmp

Download
memory/796-57-0x0000000000000000-mapping.dmp

Download
memory/856-61-0x0000000000000000-mapping.dmp

Download
memory/1180-58-0x0000000000000000-mapping.dmp

Download
memory/1628-54-0x0000000074F01000-0x0000000074F03000-memory.dmp

Filesize
8KB

Download
memory/1812-85-0x0000000000000000-mapping.dmp

Download
memory/1820-63-0x0000000000000000-mapping.dmp

Download
memory/1964-79-0x0000000000000000-mapping.dmp

Download
memory/2028-86-0x0000000000000000-mapping.dmp

Download
memory/2036-80-0x0000000000000000-mapping.dmp

Download