33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379

Analysis

max time kernel
27s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 10:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe
Size

601KB
MD5

0c98fc03999b343d1601c6feac6e6376
SHA1

59c6859b150f774a2b2134ca9e8c64d84b6662ff
SHA256

33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379
SHA512

c0ca12b11e36d04c5dfab7c4a9fdc89b212c0aceeb2988debe604b2f3370ca982b747f4143ecfd69b820508cdf5dee4ab83b0142fd8ae1a975b7cc5a247e3dc2
SSDEEP

12288:tIny5DYTEuwCsxdhJ2laBhrDTe1XFCxGUfzDPJoUYBBm04hxX:5UTEuBsxdhJmuhXT6F4fvxUBm0s

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

Processes:

33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe

description ioc process

File created C:\Windows\system32\drivers\nethfdrv.sys 33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe
Executes dropped EXE 5 IoCs

Processes:

installd.exenethtsrv.exenetupdsrv.exenethtsrv.exenetupdsrv.exe

pid process

1724 installd.exe
1116 nethtsrv.exe
300 netupdsrv.exe
1196 nethtsrv.exe
1500 netupdsrv.exe

description	ioc	process
File created	C:\Windows\system32\drivers\nethfdrv.sys	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe

pid	process
1724	installd.exe
1116	nethtsrv.exe
300	netupdsrv.exe
1196	nethtsrv.exe
1500	netupdsrv.exe

Loads dropped DLL 13 IoCs

Processes:

33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exeinstalld.exenethtsrv.exenethtsrv.exe

pid	process
1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe
1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe
1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe
1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe
1724	installd.exe
1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe
1116	nethtsrv.exe
1116	nethtsrv.exe
1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe
1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe
1196	nethtsrv.exe
1196	nethtsrv.exe
1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 5 IoCs

Processes:

33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe

description	ioc	process
File created	C:\Windows\SysWOW64\hfpapi.dll	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe
File created	C:\Windows\SysWOW64\installd.exe	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe
File created	C:\Windows\SysWOW64\nethtsrv.exe	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe
File created	C:\Windows\SysWOW64\netupdsrv.exe	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe
File created	C:\Windows\SysWOW64\hfnapi.dll	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe

Drops file in Program Files directory 3 IoCs

Processes:

33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe

description	ioc	process
File created	C:\Program Files (x86)\Common Files\Config\data.xml	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe
File created	C:\Program Files (x86)\Common Files\Config\ver.xml	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe
File created	C:\Program Files (x86)\Common Files\config\uninstinethnfd.exe	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Runs net.exe
Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

460
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

nethtsrv.exe

description pid process

Token: SeDebugPrivilege 1196 nethtsrv.exe

pid	process
460

description	pid	process
Token: SeDebugPrivilege	1196	nethtsrv.exe

Suspicious use of WriteProcessMemory 50 IoCs

Processes:

33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exenet.exenet.exenet.exenet.exe

description	pid	process	target process
PID 1572 wrote to memory of 1820	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	net.exe
PID 1572 wrote to memory of 1820	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	net.exe
PID 1572 wrote to memory of 1820	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	net.exe
PID 1572 wrote to memory of 1820	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	net.exe
PID 1820 wrote to memory of 944	1820	net.exe	net1.exe
PID 1820 wrote to memory of 944	1820	net.exe	net1.exe
PID 1820 wrote to memory of 944	1820	net.exe	net1.exe
PID 1820 wrote to memory of 944	1820	net.exe	net1.exe
PID 1572 wrote to memory of 1644	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	net.exe
PID 1572 wrote to memory of 1644	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	net.exe
PID 1572 wrote to memory of 1644	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	net.exe
PID 1572 wrote to memory of 1644	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	net.exe
PID 1644 wrote to memory of 1548	1644	net.exe	net1.exe
PID 1644 wrote to memory of 1548	1644	net.exe	net1.exe
PID 1644 wrote to memory of 1548	1644	net.exe	net1.exe
PID 1644 wrote to memory of 1548	1644	net.exe	net1.exe
PID 1572 wrote to memory of 1724	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	installd.exe
PID 1572 wrote to memory of 1724	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	installd.exe
PID 1572 wrote to memory of 1724	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	installd.exe
PID 1572 wrote to memory of 1724	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	installd.exe
PID 1572 wrote to memory of 1724	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	installd.exe
PID 1572 wrote to memory of 1724	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	installd.exe
PID 1572 wrote to memory of 1724	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	installd.exe
PID 1572 wrote to memory of 1116	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	nethtsrv.exe
PID 1572 wrote to memory of 1116	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	nethtsrv.exe
PID 1572 wrote to memory of 1116	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	nethtsrv.exe
PID 1572 wrote to memory of 1116	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	nethtsrv.exe
PID 1572 wrote to memory of 300	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	netupdsrv.exe
PID 1572 wrote to memory of 300	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	netupdsrv.exe
PID 1572 wrote to memory of 300	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	netupdsrv.exe
PID 1572 wrote to memory of 300	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	netupdsrv.exe
PID 1572 wrote to memory of 300	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	netupdsrv.exe
PID 1572 wrote to memory of 300	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	netupdsrv.exe
PID 1572 wrote to memory of 300	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	netupdsrv.exe
PID 1572 wrote to memory of 268	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	net.exe
PID 1572 wrote to memory of 268	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	net.exe
PID 1572 wrote to memory of 268	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	net.exe
PID 1572 wrote to memory of 268	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	net.exe
PID 268 wrote to memory of 1400	268	net.exe	net1.exe
PID 268 wrote to memory of 1400	268	net.exe	net1.exe
PID 268 wrote to memory of 1400	268	net.exe	net1.exe
PID 268 wrote to memory of 1400	268	net.exe	net1.exe
PID 1572 wrote to memory of 576	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	net.exe
PID 1572 wrote to memory of 576	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	net.exe
PID 1572 wrote to memory of 576	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	net.exe
PID 1572 wrote to memory of 576	1572	33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe	net.exe
PID 576 wrote to memory of 896	576	net.exe	net1.exe
PID 576 wrote to memory of 896	576	net.exe	net1.exe
PID 576 wrote to memory of 896	576	net.exe	net1.exe
PID 576 wrote to memory of 896	576	net.exe	net1.exe

C:\Users\Admin\AppData\Local\Temp\33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe
"C:\Users\Admin\AppData\Local\Temp\33b2ef111d07ebdde2327e58d1a9a7857f363eb0e58febdf1883b7747def0379.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1572

C:\Windows\SysWOW64\net.exe
net stop nethttpservice
2⤵
- Suspicious use of WriteProcessMemory
PID:1820

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop nethttpservice
3⤵
PID:944

C:\Windows\SysWOW64\net.exe
net stop serviceupdater
2⤵
- Suspicious use of WriteProcessMemory
PID:1644

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop serviceupdater
3⤵
PID:1548

C:\Windows\SysWOW64\installd.exe
"C:\Windows\system32\installd.exe" nethfdrv
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1724

C:\Windows\SysWOW64\nethtsrv.exe
"C:\Windows\system32\nethtsrv.exe" -nfdi
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1116

C:\Windows\SysWOW64\netupdsrv.exe
"C:\Windows\system32\netupdsrv.exe" -nfdi
2⤵
- Executes dropped EXE
PID:300

C:\Windows\SysWOW64\net.exe
net start nethttpservice
2⤵
- Suspicious use of WriteProcessMemory
PID:268

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start nethttpservice
3⤵
PID:1400

C:\Windows\SysWOW64\net.exe
net start serviceupdater
2⤵
- Suspicious use of WriteProcessMemory
PID:576

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start serviceupdater
3⤵
PID:896

C:\Windows\SysWOW64\nethtsrv.exe
C:\Windows\SysWOW64\nethtsrv.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1196

C:\Windows\SysWOW64\netupdsrv.exe
C:\Windows\SysWOW64\netupdsrv.exe
1⤵
- Executes dropped EXE
PID:1500

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
4ab172714360f99110a573e4da2cec8e

SHA1
7b072627e3b6d8a459cf6642cc9c31737cf11575

SHA256
e67f2ac2fb3f10e570c3b6c74f093b3a359a27fccabf6c0a11b68e6b120e1154

SHA512
bb40ce84348c415149e327b7cacbf7bcda6d2929c0d0dffd2116acc0e4064b932611778a692655e8555cbb8c18ea9614ab0d415629c1259e31cf74a1f6786c07

Download Submit
C:\Windows\SysWOW64\hfpapi.dll

Filesize
241KB

MD5
8cd41f3343e6842fbd0ca67849f486f5

SHA1
8a817ea184b76fe92a7b9f89b99658f794b72600

SHA256
3b522ee357d970777b4fef32c4c09b5caf1139006151f84dc561856ec3199278

SHA512
a2d4ded3b1c9706c62eed1f98457c35d6d04abfc0e9dea06f8fdd3fa07f576669baf296804c711854735020cd6e20f2a6b11c1e679280c9d2b7c6a6f22e2d223

Download Submit
C:\Windows\SysWOW64\installd.exe

Filesize
108KB

MD5
340654e440b02f456666f362152a4236

SHA1
a7d6e6393bae992f2095cf4158b46feab8180527

SHA256
55dad25d6fc07812427758d611b496726e9dccfac55f0115ab39685caa597d1e

SHA512
4b98247a43eab383aea82fca48ae6317cfc7d59ec0d54946cb7e1204d3deab7637d4742a8b1bcbc0c10c6f091c22d3e7fae74517470377938a8ec691200c9abf

Download Submit
C:\Windows\SysWOW64\nethtsrv.exe

Filesize
176KB

MD5
9ae8c28a051faa09dfd8c144bff7694b

SHA1
4663ba62b7c21ab540c6046531bab1d601147583

SHA256
245fc9a6a5c19c70e4000defad07960857b3d611bacb7e3b09cc47900c528390

SHA512
4d7ec99845770a52b124798d1996e82c84955c16e3de6332aebbe556ee72cbb27767c9cad13d5d07a81f0cddead81c615d4e92baca67024ff0cdbb64c5d0faa3

Download Submit
C:\Windows\SysWOW64\nethtsrv.exe

Filesize
176KB

MD5
9ae8c28a051faa09dfd8c144bff7694b

SHA1
4663ba62b7c21ab540c6046531bab1d601147583

SHA256
245fc9a6a5c19c70e4000defad07960857b3d611bacb7e3b09cc47900c528390

SHA512
4d7ec99845770a52b124798d1996e82c84955c16e3de6332aebbe556ee72cbb27767c9cad13d5d07a81f0cddead81c615d4e92baca67024ff0cdbb64c5d0faa3

Download Submit
C:\Windows\SysWOW64\netupdsrv.exe

Filesize
158KB

MD5
0b7c13ae2d349760c6b751c0dd3612f6

SHA1
1e1f714c76d4b121e2c2fc1d27ebf9beffa45a78

SHA256
27ccc8e5353a5078b7ccff0087a03a733b3cbc939a0e926d2d46cebdd72973db

SHA512
0fef525a3cb80ebae7d5b9b9a479875091a234a7d3745fb2012e0c4ddf03ddd39e57a4a756857d5af78aff0d03c5fcf49279309cc4c14557f5303eaca7f3d260

Download Submit
C:\Windows\SysWOW64\netupdsrv.exe

Filesize
158KB

MD5
0b7c13ae2d349760c6b751c0dd3612f6

SHA1
1e1f714c76d4b121e2c2fc1d27ebf9beffa45a78

SHA256
27ccc8e5353a5078b7ccff0087a03a733b3cbc939a0e926d2d46cebdd72973db

SHA512
0fef525a3cb80ebae7d5b9b9a479875091a234a7d3745fb2012e0c4ddf03ddd39e57a4a756857d5af78aff0d03c5fcf49279309cc4c14557f5303eaca7f3d260

Download Submit
\Users\Admin\AppData\Local\Temp\nsj70EF.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsj70EF.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nsj70EF.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nsj70EF.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nsj70EF.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
4ab172714360f99110a573e4da2cec8e

SHA1
7b072627e3b6d8a459cf6642cc9c31737cf11575

SHA256
e67f2ac2fb3f10e570c3b6c74f093b3a359a27fccabf6c0a11b68e6b120e1154

SHA512
bb40ce84348c415149e327b7cacbf7bcda6d2929c0d0dffd2116acc0e4064b932611778a692655e8555cbb8c18ea9614ab0d415629c1259e31cf74a1f6786c07

Download Submit
\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
4ab172714360f99110a573e4da2cec8e

SHA1
7b072627e3b6d8a459cf6642cc9c31737cf11575

SHA256
e67f2ac2fb3f10e570c3b6c74f093b3a359a27fccabf6c0a11b68e6b120e1154

SHA512
bb40ce84348c415149e327b7cacbf7bcda6d2929c0d0dffd2116acc0e4064b932611778a692655e8555cbb8c18ea9614ab0d415629c1259e31cf74a1f6786c07

Download Submit
\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
4ab172714360f99110a573e4da2cec8e

SHA1
7b072627e3b6d8a459cf6642cc9c31737cf11575

SHA256
e67f2ac2fb3f10e570c3b6c74f093b3a359a27fccabf6c0a11b68e6b120e1154

SHA512
bb40ce84348c415149e327b7cacbf7bcda6d2929c0d0dffd2116acc0e4064b932611778a692655e8555cbb8c18ea9614ab0d415629c1259e31cf74a1f6786c07

Download Submit
\Windows\SysWOW64\hfpapi.dll

Filesize
241KB

MD5
8cd41f3343e6842fbd0ca67849f486f5

SHA1
8a817ea184b76fe92a7b9f89b99658f794b72600

SHA256
3b522ee357d970777b4fef32c4c09b5caf1139006151f84dc561856ec3199278

SHA512
a2d4ded3b1c9706c62eed1f98457c35d6d04abfc0e9dea06f8fdd3fa07f576669baf296804c711854735020cd6e20f2a6b11c1e679280c9d2b7c6a6f22e2d223

Download Submit
\Windows\SysWOW64\hfpapi.dll

Filesize
241KB

MD5
8cd41f3343e6842fbd0ca67849f486f5

SHA1
8a817ea184b76fe92a7b9f89b99658f794b72600

SHA256
3b522ee357d970777b4fef32c4c09b5caf1139006151f84dc561856ec3199278

SHA512
a2d4ded3b1c9706c62eed1f98457c35d6d04abfc0e9dea06f8fdd3fa07f576669baf296804c711854735020cd6e20f2a6b11c1e679280c9d2b7c6a6f22e2d223

Download Submit
\Windows\SysWOW64\installd.exe

Filesize
108KB

MD5
340654e440b02f456666f362152a4236

SHA1
a7d6e6393bae992f2095cf4158b46feab8180527

SHA256
55dad25d6fc07812427758d611b496726e9dccfac55f0115ab39685caa597d1e

SHA512
4b98247a43eab383aea82fca48ae6317cfc7d59ec0d54946cb7e1204d3deab7637d4742a8b1bcbc0c10c6f091c22d3e7fae74517470377938a8ec691200c9abf

Download Submit
\Windows\SysWOW64\nethtsrv.exe

Filesize
176KB

MD5
9ae8c28a051faa09dfd8c144bff7694b

SHA1
4663ba62b7c21ab540c6046531bab1d601147583

SHA256
245fc9a6a5c19c70e4000defad07960857b3d611bacb7e3b09cc47900c528390

SHA512
4d7ec99845770a52b124798d1996e82c84955c16e3de6332aebbe556ee72cbb27767c9cad13d5d07a81f0cddead81c615d4e92baca67024ff0cdbb64c5d0faa3

Download Submit
\Windows\SysWOW64\netupdsrv.exe

Filesize
158KB

MD5
0b7c13ae2d349760c6b751c0dd3612f6

SHA1
1e1f714c76d4b121e2c2fc1d27ebf9beffa45a78

SHA256
27ccc8e5353a5078b7ccff0087a03a733b3cbc939a0e926d2d46cebdd72973db

SHA512
0fef525a3cb80ebae7d5b9b9a479875091a234a7d3745fb2012e0c4ddf03ddd39e57a4a756857d5af78aff0d03c5fcf49279309cc4c14557f5303eaca7f3d260

Download Submit
memory/268-80-0x0000000000000000-mapping.dmp

Download
memory/300-76-0x0000000000000000-mapping.dmp

Download
memory/576-86-0x0000000000000000-mapping.dmp

Download
memory/896-87-0x0000000000000000-mapping.dmp

Download
memory/944-58-0x0000000000000000-mapping.dmp

Download
memory/1116-70-0x0000000000000000-mapping.dmp

Download
memory/1400-81-0x0000000000000000-mapping.dmp

Download
memory/1548-61-0x0000000000000000-mapping.dmp

Download
memory/1572-54-0x00000000758C1000-0x00000000758C3000-memory.dmp

Filesize
8KB

Download
memory/1572-62-0x0000000000360000-0x00000000007BE000-memory.dmp

Filesize
4.4MB

Download
memory/1572-90-0x0000000000360000-0x00000000007BE000-memory.dmp

Filesize
4.4MB

Download
memory/1644-60-0x0000000000000000-mapping.dmp

Download
memory/1724-64-0x0000000000000000-mapping.dmp

Download
memory/1820-57-0x0000000000000000-mapping.dmp

Download