304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c

Analysis

max time kernel
65s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 10:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe
Size

445KB
MD5

fb2fe3c582b42729a84d5005d426b50b
SHA1

22059d75dcc208d895dd50f7cd928d3f222bc6bd
SHA256

304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c
SHA512

29fd2f9f1b73ad9667761c9d0f31a244bc7c335949a1ee41f57e2ced11441f586c839f373fc5c9069fdc4c687d8036cfa6039e878241f82685a00ba1b9f79d24
SSDEEP

6144:Xzf52LZeHCEZJ2y7l7djgkwoFZrM8X4z/fVeOwuPgeDs9yf0olc3kVHa0VwMitle:FQUC0JzriAZrEDkFJAsolchMjJp

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

Processes:

304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe

description ioc process

File created C:\Windows\system32\drivers\nethfdrv.sys 304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe
Executes dropped EXE 5 IoCs

Processes:

installd.exenethtsrv.exenetupdsrv.exenethtsrv.exenetupdsrv.exe

pid process

1788 installd.exe
1160 nethtsrv.exe
1912 netupdsrv.exe
296 nethtsrv.exe
2036 netupdsrv.exe

description	ioc	process
File created	C:\Windows\system32\drivers\nethfdrv.sys	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe

pid	process
1788	installd.exe
1160	nethtsrv.exe
1912	netupdsrv.exe
296	nethtsrv.exe
2036	netupdsrv.exe

Loads dropped DLL 13 IoCs

Processes:

304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exeinstalld.exenethtsrv.exenethtsrv.exe

pid	process
884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe
884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe
884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe
884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe
1788	installd.exe
884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe
1160	nethtsrv.exe
1160	nethtsrv.exe
884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe
884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe
296	nethtsrv.exe
296	nethtsrv.exe
884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 5 IoCs

Processes:

304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe

description	ioc	process
File created	C:\Windows\SysWOW64\netupdsrv.exe	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe
File created	C:\Windows\SysWOW64\hfnapi.dll	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe
File created	C:\Windows\SysWOW64\hfpapi.dll	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe
File created	C:\Windows\SysWOW64\installd.exe	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe
File created	C:\Windows\SysWOW64\nethtsrv.exe	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe

Drops file in Program Files directory 3 IoCs

Processes:

304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe

description	ioc	process
File created	C:\Program Files (x86)\Common Files\config\uninstinethnfd.exe	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe
File created	C:\Program Files (x86)\Common Files\Config\data.xml	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe
File created	C:\Program Files (x86)\Common Files\Config\ver.xml	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Runs net.exe
Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

464
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

nethtsrv.exe

description pid process

Token: SeDebugPrivilege 296 nethtsrv.exe

pid	process
464

description	pid	process
Token: SeDebugPrivilege	296	nethtsrv.exe

Suspicious use of WriteProcessMemory 50 IoCs

Processes:

304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exenet.exenet.exenet.exenet.exe

description	pid	process	target process
PID 884 wrote to memory of 1464	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	net.exe
PID 884 wrote to memory of 1464	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	net.exe
PID 884 wrote to memory of 1464	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	net.exe
PID 884 wrote to memory of 1464	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	net.exe
PID 1464 wrote to memory of 472	1464	net.exe	net1.exe
PID 1464 wrote to memory of 472	1464	net.exe	net1.exe
PID 1464 wrote to memory of 472	1464	net.exe	net1.exe
PID 1464 wrote to memory of 472	1464	net.exe	net1.exe
PID 884 wrote to memory of 944	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	net.exe
PID 884 wrote to memory of 944	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	net.exe
PID 884 wrote to memory of 944	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	net.exe
PID 884 wrote to memory of 944	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	net.exe
PID 944 wrote to memory of 1924	944	net.exe	net1.exe
PID 944 wrote to memory of 1924	944	net.exe	net1.exe
PID 944 wrote to memory of 1924	944	net.exe	net1.exe
PID 944 wrote to memory of 1924	944	net.exe	net1.exe
PID 884 wrote to memory of 1788	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	installd.exe
PID 884 wrote to memory of 1788	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	installd.exe
PID 884 wrote to memory of 1788	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	installd.exe
PID 884 wrote to memory of 1788	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	installd.exe
PID 884 wrote to memory of 1788	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	installd.exe
PID 884 wrote to memory of 1788	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	installd.exe
PID 884 wrote to memory of 1788	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	installd.exe
PID 884 wrote to memory of 1160	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	nethtsrv.exe
PID 884 wrote to memory of 1160	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	nethtsrv.exe
PID 884 wrote to memory of 1160	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	nethtsrv.exe
PID 884 wrote to memory of 1160	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	nethtsrv.exe
PID 884 wrote to memory of 1912	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	netupdsrv.exe
PID 884 wrote to memory of 1912	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	netupdsrv.exe
PID 884 wrote to memory of 1912	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	netupdsrv.exe
PID 884 wrote to memory of 1912	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	netupdsrv.exe
PID 884 wrote to memory of 1912	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	netupdsrv.exe
PID 884 wrote to memory of 1912	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	netupdsrv.exe
PID 884 wrote to memory of 1912	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	netupdsrv.exe
PID 884 wrote to memory of 1844	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	net.exe
PID 884 wrote to memory of 1844	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	net.exe
PID 884 wrote to memory of 1844	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	net.exe
PID 884 wrote to memory of 1844	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	net.exe
PID 1844 wrote to memory of 1428	1844	net.exe	net1.exe
PID 1844 wrote to memory of 1428	1844	net.exe	net1.exe
PID 1844 wrote to memory of 1428	1844	net.exe	net1.exe
PID 1844 wrote to memory of 1428	1844	net.exe	net1.exe
PID 884 wrote to memory of 1672	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	net.exe
PID 884 wrote to memory of 1672	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	net.exe
PID 884 wrote to memory of 1672	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	net.exe
PID 884 wrote to memory of 1672	884	304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe	net.exe
PID 1672 wrote to memory of 1896	1672	net.exe	net1.exe
PID 1672 wrote to memory of 1896	1672	net.exe	net1.exe
PID 1672 wrote to memory of 1896	1672	net.exe	net1.exe
PID 1672 wrote to memory of 1896	1672	net.exe	net1.exe

C:\Users\Admin\AppData\Local\Temp\304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe
"C:\Users\Admin\AppData\Local\Temp\304c6040bef264188218ba3d4fd27f22848b0b1be4a1036f4b707b56c334513c.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:884

C:\Windows\SysWOW64\net.exe
net stop nethttpservice
2⤵
- Suspicious use of WriteProcessMemory
PID:1464

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop nethttpservice
3⤵
PID:472

C:\Windows\SysWOW64\net.exe
net stop serviceupdater
2⤵
- Suspicious use of WriteProcessMemory
PID:944

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop serviceupdater
3⤵
PID:1924

C:\Windows\SysWOW64\installd.exe
"C:\Windows\system32\installd.exe" nethfdrv
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1788

C:\Windows\SysWOW64\nethtsrv.exe
"C:\Windows\system32\nethtsrv.exe" -nfdi
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1160

C:\Windows\SysWOW64\netupdsrv.exe
"C:\Windows\system32\netupdsrv.exe" -nfdi
2⤵
- Executes dropped EXE
PID:1912

C:\Windows\SysWOW64\net.exe
net start nethttpservice
2⤵
- Suspicious use of WriteProcessMemory
PID:1844

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start nethttpservice
3⤵
PID:1428

C:\Windows\SysWOW64\net.exe
net start serviceupdater
2⤵
- Suspicious use of WriteProcessMemory
PID:1672

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start serviceupdater
3⤵
PID:1896

C:\Windows\SysWOW64\nethtsrv.exe
C:\Windows\SysWOW64\nethtsrv.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:296

C:\Windows\SysWOW64\netupdsrv.exe
C:\Windows\SysWOW64\netupdsrv.exe
1⤵
- Executes dropped EXE
PID:2036

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
c5952c7f720b0021b797d942cf39182e

SHA1
19d04edf17c451c1db6ffc24afe295819bde19bf

SHA256
34a141e3c098e6efd611adf12b28c38a4f5ac7b31ea55954229f2e7957455597

SHA512
b0424e12a91bb28157d380959b89c09d2deff733ca1d6a76c735c18279b1f2e20a856bdf581c1b2ce603efd4521bca6d8b4d79cbcf355c91f452c3bcd1d9793b

Download Submit
C:\Windows\SysWOW64\hfpapi.dll

Filesize
241KB

MD5
5687ac0a2643c403bff7ed8a5dc901a1

SHA1
50fc90a47c578fa9797a6ea158d29e8ea9335402

SHA256
6520a6210e0470033383251c71eb62ac3d13021a47d154f359425f1c6c05e9ad

SHA512
9ca2e085f78f725f7c0e21dd4e82402de33c1223d72a592a6f5f27e38eec4d95b284ce867644dd446a90492624f33b6cb750cd931788a539a64cef849ca893b7

Download Submit
C:\Windows\SysWOW64\installd.exe

Filesize
108KB

MD5
4083f709f18c172ad23c664e0087e315

SHA1
967cac958b7cb800f2b50f62729a0fe2b485b05d

SHA256
e82d4336e7aa79123c36c8a08b1c296ed776841ad3e8888b2aac5c036f5d5456

SHA512
b9a39544b55e61c4af23afa4c596ffabcf8903618d27f4b146b8dc90cb9760b71baab40a2256b40bdcec5f8fc74b77aaa80a739246f3f8b3c1aef049025eb36d

Download Submit
C:\Windows\SysWOW64\nethtsrv.exe

Filesize
176KB

MD5
f7f037ab6f49d7bc063c20462dda5b39

SHA1
81763a1eeea983dfff45c8a4bb413c552a5e5975

SHA256
664a88567deb2afed435cb4004d818ce598e27d99a48dc4a15cf71c3dd32de01

SHA512
9d2d76eda85bc1446384b7b65bb645e0f1c51c0044a8741485abf668dab32a8c30cb5c50946e76bb6d1a36e6c4e83bce4af1d82a222996e586ccae3e9db6efb4

Download Submit
C:\Windows\SysWOW64\nethtsrv.exe

Filesize
176KB

MD5
f7f037ab6f49d7bc063c20462dda5b39

SHA1
81763a1eeea983dfff45c8a4bb413c552a5e5975

SHA256
664a88567deb2afed435cb4004d818ce598e27d99a48dc4a15cf71c3dd32de01

SHA512
9d2d76eda85bc1446384b7b65bb645e0f1c51c0044a8741485abf668dab32a8c30cb5c50946e76bb6d1a36e6c4e83bce4af1d82a222996e586ccae3e9db6efb4

Download Submit
C:\Windows\SysWOW64\netupdsrv.exe

Filesize
158KB

MD5
696a4f799465126adfc901c254d33aa3

SHA1
2183e4153151917f712f06573dd7ab9fcbc50f54

SHA256
ebebf49dde9aaeb63312627f619cab928a62c42e33898cfdb88436a0f7d33bb9

SHA512
db32e3b4fdecd48fc17cfbcea8d24a129c59e02abb6259b17d04d7398b5900d31ce294d26968340ea6845c59c30d7745e38fc9fcebd972f1000f0418fc4d4b54

Download Submit
C:\Windows\SysWOW64\netupdsrv.exe

Filesize
158KB

MD5
696a4f799465126adfc901c254d33aa3

SHA1
2183e4153151917f712f06573dd7ab9fcbc50f54

SHA256
ebebf49dde9aaeb63312627f619cab928a62c42e33898cfdb88436a0f7d33bb9

SHA512
db32e3b4fdecd48fc17cfbcea8d24a129c59e02abb6259b17d04d7398b5900d31ce294d26968340ea6845c59c30d7745e38fc9fcebd972f1000f0418fc4d4b54

Download Submit
\Users\Admin\AppData\Local\Temp\nsj2771.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsj2771.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nsj2771.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nsj2771.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nsj2771.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
c5952c7f720b0021b797d942cf39182e

SHA1
19d04edf17c451c1db6ffc24afe295819bde19bf

SHA256
34a141e3c098e6efd611adf12b28c38a4f5ac7b31ea55954229f2e7957455597

SHA512
b0424e12a91bb28157d380959b89c09d2deff733ca1d6a76c735c18279b1f2e20a856bdf581c1b2ce603efd4521bca6d8b4d79cbcf355c91f452c3bcd1d9793b

Download Submit
\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
c5952c7f720b0021b797d942cf39182e

SHA1
19d04edf17c451c1db6ffc24afe295819bde19bf

SHA256
34a141e3c098e6efd611adf12b28c38a4f5ac7b31ea55954229f2e7957455597

SHA512
b0424e12a91bb28157d380959b89c09d2deff733ca1d6a76c735c18279b1f2e20a856bdf581c1b2ce603efd4521bca6d8b4d79cbcf355c91f452c3bcd1d9793b

Download Submit
\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
c5952c7f720b0021b797d942cf39182e

SHA1
19d04edf17c451c1db6ffc24afe295819bde19bf

SHA256
34a141e3c098e6efd611adf12b28c38a4f5ac7b31ea55954229f2e7957455597

SHA512
b0424e12a91bb28157d380959b89c09d2deff733ca1d6a76c735c18279b1f2e20a856bdf581c1b2ce603efd4521bca6d8b4d79cbcf355c91f452c3bcd1d9793b

Download Submit
\Windows\SysWOW64\hfpapi.dll

Filesize
241KB

MD5
5687ac0a2643c403bff7ed8a5dc901a1

SHA1
50fc90a47c578fa9797a6ea158d29e8ea9335402

SHA256
6520a6210e0470033383251c71eb62ac3d13021a47d154f359425f1c6c05e9ad

SHA512
9ca2e085f78f725f7c0e21dd4e82402de33c1223d72a592a6f5f27e38eec4d95b284ce867644dd446a90492624f33b6cb750cd931788a539a64cef849ca893b7

Download Submit
\Windows\SysWOW64\hfpapi.dll

Filesize
241KB

MD5
5687ac0a2643c403bff7ed8a5dc901a1

SHA1
50fc90a47c578fa9797a6ea158d29e8ea9335402

SHA256
6520a6210e0470033383251c71eb62ac3d13021a47d154f359425f1c6c05e9ad

SHA512
9ca2e085f78f725f7c0e21dd4e82402de33c1223d72a592a6f5f27e38eec4d95b284ce867644dd446a90492624f33b6cb750cd931788a539a64cef849ca893b7

Download Submit
\Windows\SysWOW64\installd.exe

Filesize
108KB

MD5
4083f709f18c172ad23c664e0087e315

SHA1
967cac958b7cb800f2b50f62729a0fe2b485b05d

SHA256
e82d4336e7aa79123c36c8a08b1c296ed776841ad3e8888b2aac5c036f5d5456

SHA512
b9a39544b55e61c4af23afa4c596ffabcf8903618d27f4b146b8dc90cb9760b71baab40a2256b40bdcec5f8fc74b77aaa80a739246f3f8b3c1aef049025eb36d

Download Submit
\Windows\SysWOW64\nethtsrv.exe

Filesize
176KB

MD5
f7f037ab6f49d7bc063c20462dda5b39

SHA1
81763a1eeea983dfff45c8a4bb413c552a5e5975

SHA256
664a88567deb2afed435cb4004d818ce598e27d99a48dc4a15cf71c3dd32de01

SHA512
9d2d76eda85bc1446384b7b65bb645e0f1c51c0044a8741485abf668dab32a8c30cb5c50946e76bb6d1a36e6c4e83bce4af1d82a222996e586ccae3e9db6efb4

Download Submit
\Windows\SysWOW64\netupdsrv.exe

Filesize
158KB

MD5
696a4f799465126adfc901c254d33aa3

SHA1
2183e4153151917f712f06573dd7ab9fcbc50f54

SHA256
ebebf49dde9aaeb63312627f619cab928a62c42e33898cfdb88436a0f7d33bb9

SHA512
db32e3b4fdecd48fc17cfbcea8d24a129c59e02abb6259b17d04d7398b5900d31ce294d26968340ea6845c59c30d7745e38fc9fcebd972f1000f0418fc4d4b54

Download Submit
memory/472-58-0x0000000000000000-mapping.dmp

Download
memory/884-54-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

Filesize
8KB

Download
memory/944-60-0x0000000000000000-mapping.dmp

Download
memory/1160-69-0x0000000000000000-mapping.dmp

Download
memory/1428-80-0x0000000000000000-mapping.dmp

Download
memory/1464-57-0x0000000000000000-mapping.dmp

Download
memory/1672-85-0x0000000000000000-mapping.dmp

Download
memory/1788-63-0x0000000000000000-mapping.dmp

Download
memory/1844-79-0x0000000000000000-mapping.dmp

Download
memory/1896-86-0x0000000000000000-mapping.dmp

Download
memory/1912-75-0x0000000000000000-mapping.dmp

Download
memory/1924-61-0x0000000000000000-mapping.dmp

Download