40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133

Analysis

max time kernel
48s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 10:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe
Size

601KB
MD5

2d4b5c1f9295636bb2c26f5cd2ac55cc
SHA1

20d47386650f6209ac8a1d1219c91eaf0415c6fe
SHA256

40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133
SHA512

a10a6f4958050fe059006c60a94e0340f5edc0738fdcc1946ab5caef8f30247e43c413b39ac096657a4dece5c8cffb2b2b9baea9607d75e41ae7eecf757e7434
SSDEEP

12288:0Iny5DYTqIyUVDiDhefMpqu7ID6ppdxVVKY2do5yNvcrW1ATF:yUTqNUVAh0Mj7TptTN22rgAp

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

Processes:

40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe

description ioc process

File created C:\Windows\system32\drivers\nethfdrv.sys 40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe
Executes dropped EXE 5 IoCs

Processes:

installd.exenethtsrv.exenetupdsrv.exenethtsrv.exenetupdsrv.exe

pid process

1884 installd.exe
1452 nethtsrv.exe
688 netupdsrv.exe
1920 nethtsrv.exe
1104 netupdsrv.exe

description	ioc	process
File created	C:\Windows\system32\drivers\nethfdrv.sys	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe

pid	process
1884	installd.exe
1452	nethtsrv.exe
688	netupdsrv.exe
1920	nethtsrv.exe
1104	netupdsrv.exe

Loads dropped DLL 13 IoCs

Processes:

40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exeinstalld.exenethtsrv.exenethtsrv.exe

pid	process
2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe
2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe
2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe
2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe
1884	installd.exe
2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe
1452	nethtsrv.exe
1452	nethtsrv.exe
2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe
2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe
1920	nethtsrv.exe
1920	nethtsrv.exe
2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 5 IoCs

Processes:

40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe

description	ioc	process
File created	C:\Windows\SysWOW64\hfnapi.dll	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe
File created	C:\Windows\SysWOW64\hfpapi.dll	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe
File created	C:\Windows\SysWOW64\installd.exe	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe
File created	C:\Windows\SysWOW64\nethtsrv.exe	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe
File created	C:\Windows\SysWOW64\netupdsrv.exe	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe

Drops file in Program Files directory 3 IoCs

Processes:

40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe

description	ioc	process
File created	C:\Program Files (x86)\Common Files\Config\ver.xml	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe
File created	C:\Program Files (x86)\Common Files\config\uninstinethnfd.exe	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe
File created	C:\Program Files (x86)\Common Files\Config\data.xml	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Runs net.exe
Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

468
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

nethtsrv.exe

description pid process

Token: SeDebugPrivilege 1920 nethtsrv.exe

pid	process
468

description	pid	process
Token: SeDebugPrivilege	1920	nethtsrv.exe

Suspicious use of WriteProcessMemory 50 IoCs

Processes:

40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exenet.exenet.exenet.exenet.exe

description	pid	process	target process
PID 2044 wrote to memory of 1988	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	net.exe
PID 2044 wrote to memory of 1988	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	net.exe
PID 2044 wrote to memory of 1988	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	net.exe
PID 2044 wrote to memory of 1988	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	net.exe
PID 1988 wrote to memory of 564	1988	net.exe	net1.exe
PID 1988 wrote to memory of 564	1988	net.exe	net1.exe
PID 1988 wrote to memory of 564	1988	net.exe	net1.exe
PID 1988 wrote to memory of 564	1988	net.exe	net1.exe
PID 2044 wrote to memory of 1492	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	net.exe
PID 2044 wrote to memory of 1492	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	net.exe
PID 2044 wrote to memory of 1492	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	net.exe
PID 2044 wrote to memory of 1492	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	net.exe
PID 1492 wrote to memory of 1028	1492	net.exe	net1.exe
PID 1492 wrote to memory of 1028	1492	net.exe	net1.exe
PID 1492 wrote to memory of 1028	1492	net.exe	net1.exe
PID 1492 wrote to memory of 1028	1492	net.exe	net1.exe
PID 2044 wrote to memory of 1884	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	installd.exe
PID 2044 wrote to memory of 1884	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	installd.exe
PID 2044 wrote to memory of 1884	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	installd.exe
PID 2044 wrote to memory of 1884	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	installd.exe
PID 2044 wrote to memory of 1884	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	installd.exe
PID 2044 wrote to memory of 1884	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	installd.exe
PID 2044 wrote to memory of 1884	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	installd.exe
PID 2044 wrote to memory of 1452	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	nethtsrv.exe
PID 2044 wrote to memory of 1452	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	nethtsrv.exe
PID 2044 wrote to memory of 1452	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	nethtsrv.exe
PID 2044 wrote to memory of 1452	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	nethtsrv.exe
PID 2044 wrote to memory of 688	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	netupdsrv.exe
PID 2044 wrote to memory of 688	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	netupdsrv.exe
PID 2044 wrote to memory of 688	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	netupdsrv.exe
PID 2044 wrote to memory of 688	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	netupdsrv.exe
PID 2044 wrote to memory of 688	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	netupdsrv.exe
PID 2044 wrote to memory of 688	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	netupdsrv.exe
PID 2044 wrote to memory of 688	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	netupdsrv.exe
PID 2044 wrote to memory of 1296	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	net.exe
PID 2044 wrote to memory of 1296	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	net.exe
PID 2044 wrote to memory of 1296	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	net.exe
PID 2044 wrote to memory of 1296	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	net.exe
PID 1296 wrote to memory of 1328	1296	net.exe	net1.exe
PID 1296 wrote to memory of 1328	1296	net.exe	net1.exe
PID 1296 wrote to memory of 1328	1296	net.exe	net1.exe
PID 1296 wrote to memory of 1328	1296	net.exe	net1.exe
PID 2044 wrote to memory of 1084	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	net.exe
PID 2044 wrote to memory of 1084	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	net.exe
PID 2044 wrote to memory of 1084	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	net.exe
PID 2044 wrote to memory of 1084	2044	40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe	net.exe
PID 1084 wrote to memory of 1652	1084	net.exe	net1.exe
PID 1084 wrote to memory of 1652	1084	net.exe	net1.exe
PID 1084 wrote to memory of 1652	1084	net.exe	net1.exe
PID 1084 wrote to memory of 1652	1084	net.exe	net1.exe

C:\Users\Admin\AppData\Local\Temp\40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe
"C:\Users\Admin\AppData\Local\Temp\40a32fb895d630f5a3455b157f751bd491dd04b486623df4ac6e211f764a0133.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2044

C:\Windows\SysWOW64\net.exe
net stop nethttpservice
2⤵
- Suspicious use of WriteProcessMemory
PID:1988

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop nethttpservice
3⤵
PID:564

C:\Windows\SysWOW64\net.exe
net stop serviceupdater
2⤵
- Suspicious use of WriteProcessMemory
PID:1492

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop serviceupdater
3⤵
PID:1028

C:\Windows\SysWOW64\installd.exe
"C:\Windows\system32\installd.exe" nethfdrv
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1884

C:\Windows\SysWOW64\nethtsrv.exe
"C:\Windows\system32\nethtsrv.exe" -nfdi
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1452

C:\Windows\SysWOW64\netupdsrv.exe
"C:\Windows\system32\netupdsrv.exe" -nfdi
2⤵
- Executes dropped EXE
PID:688

C:\Windows\SysWOW64\net.exe
net start nethttpservice
2⤵
- Suspicious use of WriteProcessMemory
PID:1296

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start nethttpservice
3⤵
PID:1328

C:\Windows\SysWOW64\net.exe
net start serviceupdater
2⤵
- Suspicious use of WriteProcessMemory
PID:1084

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start serviceupdater
3⤵
PID:1652

C:\Windows\SysWOW64\nethtsrv.exe
C:\Windows\SysWOW64\nethtsrv.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1920

C:\Windows\SysWOW64\netupdsrv.exe
C:\Windows\SysWOW64\netupdsrv.exe
1⤵
- Executes dropped EXE
PID:1104

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
16c961fb3fff4eddc4387e3f4c8f5eb4

SHA1
11c86138168d73284c3a53ff0db28f91da1f57c9

SHA256
44bcd90f16497f002bc90d1819d80c738fe7c895e9b3c7d94a17445c0e6726a4

SHA512
17c1af193043b7998df9289a30193f9a1b1313d8b6fa59273f8c9628d3a134e6d5f7169a0b6efbf541ac26ca1954549019c355b804ac42d329d6d656500e1b89

Download Submit
C:\Windows\SysWOW64\hfpapi.dll

Filesize
241KB

MD5
1e544ffd4eaf52aeaccd79f31bac8131

SHA1
438f4a0896ef97dac1e0e9f39a55ff04dcc2f72b

SHA256
a57c5b0ce18cf86a22c78d7b94f37793108c9e6686e38e26146b3d7b2168f294

SHA512
633c893089ca22e16f2ddf0cea0c9e1a00efd622cd61d3bb5fa3dc58bf0ae7f459066d72a478a42c10cccdbf82eac49c4f0c5c7c0681a5d25470d1fc89f75801

Download Submit
C:\Windows\SysWOW64\installd.exe

Filesize
108KB

MD5
bb5376588f4a4a129fc1ef3d3e9f655a

SHA1
dba19b8067cbd310fa17bbef123b5de797e33e13

SHA256
90788fa79512a8980b1cc2364fd278ae15782a28d4dcc8dc8523760882308ea2

SHA512
feafe064712df9dea3305d59fbc1a2ca6c45dd85f6bf6378f6ef16d58afb0db47f5272328de5579a5f7545d05cbb47645aca559813987e95628726faddd58a0f

Download Submit
C:\Windows\SysWOW64\nethtsrv.exe

Filesize
176KB

MD5
6a5e65e1369246a62e8a408d10d435de

SHA1
56d1f488a4ad34ed7ae8c16bf719363e9d3e0288

SHA256
0e59762a47fff3a6c90d18f4293474ec901f6e18ee4b9a3ed73b4aa31434a631

SHA512
e635cd86d8d8af32ceda3c03753739c37289048efb9ea4985455f01dc8f6f341eb477270f6600d8fc49270a5335c00e2b9bf5a4a3e1cdcf6e1fb7aea111ddbe7

Download Submit
C:\Windows\SysWOW64\nethtsrv.exe

Filesize
176KB

MD5
6a5e65e1369246a62e8a408d10d435de

SHA1
56d1f488a4ad34ed7ae8c16bf719363e9d3e0288

SHA256
0e59762a47fff3a6c90d18f4293474ec901f6e18ee4b9a3ed73b4aa31434a631

SHA512
e635cd86d8d8af32ceda3c03753739c37289048efb9ea4985455f01dc8f6f341eb477270f6600d8fc49270a5335c00e2b9bf5a4a3e1cdcf6e1fb7aea111ddbe7

Download Submit
C:\Windows\SysWOW64\netupdsrv.exe

Filesize
158KB

MD5
9bedf0de40ee80dd7d5f02e551cf1c58

SHA1
152b6233dbe9282bb37774a692611ed575bb0f03

SHA256
41fe8b523184ac5415254d80d6f8673edf6a26bf3b9201734d1e40109ce5e1f6

SHA512
4a745d8b4a7316200b33211077cfbb135262756127fe1197b3aac31f6e20856acac5c2fed49fb59b8a0ec070be4f382126e6a883f4b07a2078e985374ca81402

Download Submit
C:\Windows\SysWOW64\netupdsrv.exe

Filesize
158KB

MD5
9bedf0de40ee80dd7d5f02e551cf1c58

SHA1
152b6233dbe9282bb37774a692611ed575bb0f03

SHA256
41fe8b523184ac5415254d80d6f8673edf6a26bf3b9201734d1e40109ce5e1f6

SHA512
4a745d8b4a7316200b33211077cfbb135262756127fe1197b3aac31f6e20856acac5c2fed49fb59b8a0ec070be4f382126e6a883f4b07a2078e985374ca81402

Download Submit
\Users\Admin\AppData\Local\Temp\nsd7A41.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsd7A41.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nsd7A41.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nsd7A41.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nsd7A41.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
16c961fb3fff4eddc4387e3f4c8f5eb4

SHA1
11c86138168d73284c3a53ff0db28f91da1f57c9

SHA256
44bcd90f16497f002bc90d1819d80c738fe7c895e9b3c7d94a17445c0e6726a4

SHA512
17c1af193043b7998df9289a30193f9a1b1313d8b6fa59273f8c9628d3a134e6d5f7169a0b6efbf541ac26ca1954549019c355b804ac42d329d6d656500e1b89

Download Submit
\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
16c961fb3fff4eddc4387e3f4c8f5eb4

SHA1
11c86138168d73284c3a53ff0db28f91da1f57c9

SHA256
44bcd90f16497f002bc90d1819d80c738fe7c895e9b3c7d94a17445c0e6726a4

SHA512
17c1af193043b7998df9289a30193f9a1b1313d8b6fa59273f8c9628d3a134e6d5f7169a0b6efbf541ac26ca1954549019c355b804ac42d329d6d656500e1b89

Download Submit
\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
16c961fb3fff4eddc4387e3f4c8f5eb4

SHA1
11c86138168d73284c3a53ff0db28f91da1f57c9

SHA256
44bcd90f16497f002bc90d1819d80c738fe7c895e9b3c7d94a17445c0e6726a4

SHA512
17c1af193043b7998df9289a30193f9a1b1313d8b6fa59273f8c9628d3a134e6d5f7169a0b6efbf541ac26ca1954549019c355b804ac42d329d6d656500e1b89

Download Submit
\Windows\SysWOW64\hfpapi.dll

Filesize
241KB

MD5
1e544ffd4eaf52aeaccd79f31bac8131

SHA1
438f4a0896ef97dac1e0e9f39a55ff04dcc2f72b

SHA256
a57c5b0ce18cf86a22c78d7b94f37793108c9e6686e38e26146b3d7b2168f294

SHA512
633c893089ca22e16f2ddf0cea0c9e1a00efd622cd61d3bb5fa3dc58bf0ae7f459066d72a478a42c10cccdbf82eac49c4f0c5c7c0681a5d25470d1fc89f75801

Download Submit
\Windows\SysWOW64\hfpapi.dll

Filesize
241KB

MD5
1e544ffd4eaf52aeaccd79f31bac8131

SHA1
438f4a0896ef97dac1e0e9f39a55ff04dcc2f72b

SHA256
a57c5b0ce18cf86a22c78d7b94f37793108c9e6686e38e26146b3d7b2168f294

SHA512
633c893089ca22e16f2ddf0cea0c9e1a00efd622cd61d3bb5fa3dc58bf0ae7f459066d72a478a42c10cccdbf82eac49c4f0c5c7c0681a5d25470d1fc89f75801

Download Submit
\Windows\SysWOW64\installd.exe

Filesize
108KB

MD5
bb5376588f4a4a129fc1ef3d3e9f655a

SHA1
dba19b8067cbd310fa17bbef123b5de797e33e13

SHA256
90788fa79512a8980b1cc2364fd278ae15782a28d4dcc8dc8523760882308ea2

SHA512
feafe064712df9dea3305d59fbc1a2ca6c45dd85f6bf6378f6ef16d58afb0db47f5272328de5579a5f7545d05cbb47645aca559813987e95628726faddd58a0f

Download Submit
\Windows\SysWOW64\nethtsrv.exe

Filesize
176KB

MD5
6a5e65e1369246a62e8a408d10d435de

SHA1
56d1f488a4ad34ed7ae8c16bf719363e9d3e0288

SHA256
0e59762a47fff3a6c90d18f4293474ec901f6e18ee4b9a3ed73b4aa31434a631

SHA512
e635cd86d8d8af32ceda3c03753739c37289048efb9ea4985455f01dc8f6f341eb477270f6600d8fc49270a5335c00e2b9bf5a4a3e1cdcf6e1fb7aea111ddbe7

Download Submit
\Windows\SysWOW64\netupdsrv.exe

Filesize
158KB

MD5
9bedf0de40ee80dd7d5f02e551cf1c58

SHA1
152b6233dbe9282bb37774a692611ed575bb0f03

SHA256
41fe8b523184ac5415254d80d6f8673edf6a26bf3b9201734d1e40109ce5e1f6

SHA512
4a745d8b4a7316200b33211077cfbb135262756127fe1197b3aac31f6e20856acac5c2fed49fb59b8a0ec070be4f382126e6a883f4b07a2078e985374ca81402

Download Submit
memory/564-59-0x0000000000000000-mapping.dmp

Download
memory/688-77-0x0000000000000000-mapping.dmp

Download
memory/1028-62-0x0000000000000000-mapping.dmp

Download
memory/1084-87-0x0000000000000000-mapping.dmp

Download
memory/1296-81-0x0000000000000000-mapping.dmp

Download
memory/1328-82-0x0000000000000000-mapping.dmp

Download
memory/1452-71-0x0000000000000000-mapping.dmp

Download
memory/1492-61-0x0000000000000000-mapping.dmp

Download
memory/1652-88-0x0000000000000000-mapping.dmp

Download
memory/1884-64-0x0000000000000000-mapping.dmp

Download
memory/1988-57-0x0000000000000000-mapping.dmp

Download
memory/2044-54-0x0000000075511000-0x0000000075513000-memory.dmp

Filesize
8KB

Download
memory/2044-69-0x0000000000360000-0x00000000007BE000-memory.dmp

Filesize
4.4MB

Download
memory/2044-58-0x0000000000360000-0x00000000007BE000-memory.dmp

Filesize
4.4MB

Download
memory/2044-91-0x0000000000360000-0x00000000007BE000-memory.dmp

Filesize
4.4MB

Download