1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 10:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe
Size

558KB
MD5

40f391b2b0941df98ed4878cd092bfc5
SHA1

a2806ba6df98c2e07f5351a4ce95ca3e6031ccb5
SHA256

1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2
SHA512

d158e50dc9fdb9aaffff6544122cf4647e45f6475589e4f701994cdb1cfdcb7556ce238978a644ab53e94f87c3fcb9efba87fa2ccd6ab8cf0f289e55563fd8ef
SSDEEP

12288:U2hB6DybfHwyS00VCfvmUulVN+IoVZutqpF1hLTL7DMhn90TgeRQ7CuR5PRK:MDufQ+q+vmxldeZutKhX8n95eRS7

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

Processes:

1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe

description ioc process

File created C:\Windows\system32\drivers\nethfdrv.sys 1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe
Executes dropped EXE 5 IoCs

Processes:

installd.exenethtsrv.exenetupdsrv.exenethtsrv.exenetupdsrv.exe

pid process

688 installd.exe
1744 nethtsrv.exe
1156 netupdsrv.exe
1876 nethtsrv.exe
764 netupdsrv.exe

description	ioc	process
File created	C:\Windows\system32\drivers\nethfdrv.sys	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe

pid	process
688	installd.exe
1744	nethtsrv.exe
1156	netupdsrv.exe
1876	nethtsrv.exe
764	netupdsrv.exe

Loads dropped DLL 13 IoCs

Processes:

1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exeinstalld.exenethtsrv.exenethtsrv.exe

pid	process
1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe
1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe
1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe
1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe
688	installd.exe
1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe
1744	nethtsrv.exe
1744	nethtsrv.exe
1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe
1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe
1876	nethtsrv.exe
1876	nethtsrv.exe
1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 5 IoCs

Processes:

1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe

description	ioc	process
File created	C:\Windows\SysWOW64\hfnapi.dll	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe
File created	C:\Windows\SysWOW64\hfpapi.dll	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe
File created	C:\Windows\SysWOW64\installd.exe	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe
File created	C:\Windows\SysWOW64\nethtsrv.exe	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe
File created	C:\Windows\SysWOW64\netupdsrv.exe	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe

Drops file in Program Files directory 3 IoCs

Processes:

1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe

description	ioc	process
File created	C:\Program Files (x86)\Common Files\Config\data.xml	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe
File created	C:\Program Files (x86)\Common Files\Config\ver.xml	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe
File created	C:\Program Files (x86)\Common Files\config\uninstinethnfd.exe	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Runs net.exe
Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

468
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

nethtsrv.exe

description pid process

Token: SeDebugPrivilege 1876 nethtsrv.exe

pid	process
468

description	pid	process
Token: SeDebugPrivilege	1876	nethtsrv.exe

Suspicious use of WriteProcessMemory 50 IoCs

Processes:

1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exenet.exenet.exenet.exenet.exe

description	pid	process	target process
PID 1368 wrote to memory of 984	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	net.exe
PID 1368 wrote to memory of 984	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	net.exe
PID 1368 wrote to memory of 984	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	net.exe
PID 1368 wrote to memory of 984	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	net.exe
PID 984 wrote to memory of 1964	984	net.exe	net1.exe
PID 984 wrote to memory of 1964	984	net.exe	net1.exe
PID 984 wrote to memory of 1964	984	net.exe	net1.exe
PID 984 wrote to memory of 1964	984	net.exe	net1.exe
PID 1368 wrote to memory of 392	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	net.exe
PID 1368 wrote to memory of 392	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	net.exe
PID 1368 wrote to memory of 392	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	net.exe
PID 1368 wrote to memory of 392	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	net.exe
PID 392 wrote to memory of 664	392	net.exe	net1.exe
PID 392 wrote to memory of 664	392	net.exe	net1.exe
PID 392 wrote to memory of 664	392	net.exe	net1.exe
PID 392 wrote to memory of 664	392	net.exe	net1.exe
PID 1368 wrote to memory of 688	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	installd.exe
PID 1368 wrote to memory of 688	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	installd.exe
PID 1368 wrote to memory of 688	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	installd.exe
PID 1368 wrote to memory of 688	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	installd.exe
PID 1368 wrote to memory of 688	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	installd.exe
PID 1368 wrote to memory of 688	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	installd.exe
PID 1368 wrote to memory of 688	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	installd.exe
PID 1368 wrote to memory of 1744	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	nethtsrv.exe
PID 1368 wrote to memory of 1744	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	nethtsrv.exe
PID 1368 wrote to memory of 1744	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	nethtsrv.exe
PID 1368 wrote to memory of 1744	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	nethtsrv.exe
PID 1368 wrote to memory of 1156	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	netupdsrv.exe
PID 1368 wrote to memory of 1156	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	netupdsrv.exe
PID 1368 wrote to memory of 1156	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	netupdsrv.exe
PID 1368 wrote to memory of 1156	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	netupdsrv.exe
PID 1368 wrote to memory of 1156	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	netupdsrv.exe
PID 1368 wrote to memory of 1156	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	netupdsrv.exe
PID 1368 wrote to memory of 1156	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	netupdsrv.exe
PID 1368 wrote to memory of 1944	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	net.exe
PID 1368 wrote to memory of 1944	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	net.exe
PID 1368 wrote to memory of 1944	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	net.exe
PID 1368 wrote to memory of 1944	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	net.exe
PID 1944 wrote to memory of 1476	1944	net.exe	net1.exe
PID 1944 wrote to memory of 1476	1944	net.exe	net1.exe
PID 1944 wrote to memory of 1476	1944	net.exe	net1.exe
PID 1944 wrote to memory of 1476	1944	net.exe	net1.exe
PID 1368 wrote to memory of 1824	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	net.exe
PID 1368 wrote to memory of 1824	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	net.exe
PID 1368 wrote to memory of 1824	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	net.exe
PID 1368 wrote to memory of 1824	1368	1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe	net.exe
PID 1824 wrote to memory of 1012	1824	net.exe	net1.exe
PID 1824 wrote to memory of 1012	1824	net.exe	net1.exe
PID 1824 wrote to memory of 1012	1824	net.exe	net1.exe
PID 1824 wrote to memory of 1012	1824	net.exe	net1.exe

C:\Users\Admin\AppData\Local\Temp\1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe
"C:\Users\Admin\AppData\Local\Temp\1dfaf779c27c149e44360d7da6b6946f07b9790799911aafedfbed60eb19abc2.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1368

C:\Windows\SysWOW64\net.exe
net stop nethttpservice
2⤵
- Suspicious use of WriteProcessMemory
PID:984

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop nethttpservice
3⤵
PID:1964

C:\Windows\SysWOW64\net.exe
net stop serviceupdater
2⤵
- Suspicious use of WriteProcessMemory
PID:392

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop serviceupdater
3⤵
PID:664

C:\Windows\SysWOW64\installd.exe
"C:\Windows\system32\installd.exe" nethfdrv
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:688

C:\Windows\SysWOW64\nethtsrv.exe
"C:\Windows\system32\nethtsrv.exe" -nfdi
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1744

C:\Windows\SysWOW64\netupdsrv.exe
"C:\Windows\system32\netupdsrv.exe" -nfdi
2⤵
- Executes dropped EXE
PID:1156

C:\Windows\SysWOW64\net.exe
net start nethttpservice
2⤵
- Suspicious use of WriteProcessMemory
PID:1944

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start nethttpservice
3⤵
PID:1476

C:\Windows\SysWOW64\net.exe
net start serviceupdater
2⤵
- Suspicious use of WriteProcessMemory
PID:1824

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start serviceupdater
3⤵
PID:1012

C:\Windows\SysWOW64\nethtsrv.exe
C:\Windows\SysWOW64\nethtsrv.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1876

C:\Windows\SysWOW64\netupdsrv.exe
C:\Windows\SysWOW64\netupdsrv.exe
1⤵
- Executes dropped EXE
PID:764

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
6f1bbeaaa62cf158d8009e33b0cdc885

SHA1
3d68c631308484107ed001d76a48439cd2f98de4

SHA256
88dcd939d9a33ae0edf263fd9329a8d17ff3a397704f74a68f052e8f5a07ab9d

SHA512
89abad8f2d21b41ee2ea70bb2ae6f981ba4913e11cca52c5a142b5f8dc67b9538025b53625b740af04f26b4e9dc462fc3bcac9e1c36d813ed5e107ab4cc22285

Download Submit
C:\Windows\SysWOW64\hfpapi.dll

Filesize
241KB

MD5
27cff0b8edc3b8351f895f653986c15f

SHA1
bfcdab9bfaaa4e9478307997eaa21f68356dec84

SHA256
1f7f00ec062b92c3017661159a31d277edb450d35f788341d8affa0f5d572978

SHA512
849874d8dd3aea6e670855adc84e727aa10d675b78eddbea14be9bdd247d781cbf8067d42c4875775a6609425aff70acc7e6f9a27b29e044dbffcbb1ba64b577

Download Submit
C:\Windows\SysWOW64\installd.exe

Filesize
108KB

MD5
6118951131881a6d4b9bbbe981bc02a9

SHA1
d91d6503c3baf50823de2a4c65c425ad9bfaf18f

SHA256
c11faabae8f1480efff8fc29773e30b77ae0b828d2618ddea1c479a1c6e48263

SHA512
1536bd6f7749c8768d3397d1144a46543eab59b800cb22c0d965284939fe9a0853080be5c1d7d0271475d12ddf93e67bb5d11ba3a7ef89c69cc02bf9ba4b1d5a

Download Submit
C:\Windows\SysWOW64\nethtsrv.exe

Filesize
176KB

MD5
a482d4f4fd6909ee9045ff3f86273f3c

SHA1
253cdaddef439922e999c80d0377d9d30807ae08

SHA256
c634df1453894c4a751f0cf98c5349b34f512add82237888935708436d4eec1d

SHA512
8ca08125062888c9211e7eeb61d392763704f6ee14687f52c93dcd8d879f073b00ee1c98d73c881bbe63b510cdfcee360c9e099c7ce74d6d4e93ed63042b5997

Download Submit
C:\Windows\SysWOW64\nethtsrv.exe

Filesize
176KB

MD5
a482d4f4fd6909ee9045ff3f86273f3c

SHA1
253cdaddef439922e999c80d0377d9d30807ae08

SHA256
c634df1453894c4a751f0cf98c5349b34f512add82237888935708436d4eec1d

SHA512
8ca08125062888c9211e7eeb61d392763704f6ee14687f52c93dcd8d879f073b00ee1c98d73c881bbe63b510cdfcee360c9e099c7ce74d6d4e93ed63042b5997

Download Submit
C:\Windows\SysWOW64\netupdsrv.exe

Filesize
158KB

MD5
d67ba907be37dc61914891af00a29443

SHA1
e886508918665f927134a66ca97921ce781ed9eb

SHA256
3d8f2cb8fc3b1743fdfb0a7e5ee9ecbd144dc205d125fada595e456a439e79d9

SHA512
a9cbfb8fef32631444efe99b7153b39ad3f6150e97ed3817b4c472e0ce719bb15712f9fc02b47e0b0c4a096602fedd0bc9fc3e0c1e354e6804fc02c59aa7ebbd

Download Submit
C:\Windows\SysWOW64\netupdsrv.exe

Filesize
158KB

MD5
d67ba907be37dc61914891af00a29443

SHA1
e886508918665f927134a66ca97921ce781ed9eb

SHA256
3d8f2cb8fc3b1743fdfb0a7e5ee9ecbd144dc205d125fada595e456a439e79d9

SHA512
a9cbfb8fef32631444efe99b7153b39ad3f6150e97ed3817b4c472e0ce719bb15712f9fc02b47e0b0c4a096602fedd0bc9fc3e0c1e354e6804fc02c59aa7ebbd

Download Submit
\Users\Admin\AppData\Local\Temp\nso2C32.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nso2C32.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nso2C32.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nso2C32.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nso2C32.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
6f1bbeaaa62cf158d8009e33b0cdc885

SHA1
3d68c631308484107ed001d76a48439cd2f98de4

SHA256
88dcd939d9a33ae0edf263fd9329a8d17ff3a397704f74a68f052e8f5a07ab9d

SHA512
89abad8f2d21b41ee2ea70bb2ae6f981ba4913e11cca52c5a142b5f8dc67b9538025b53625b740af04f26b4e9dc462fc3bcac9e1c36d813ed5e107ab4cc22285

Download Submit
\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
6f1bbeaaa62cf158d8009e33b0cdc885

SHA1
3d68c631308484107ed001d76a48439cd2f98de4

SHA256
88dcd939d9a33ae0edf263fd9329a8d17ff3a397704f74a68f052e8f5a07ab9d

SHA512
89abad8f2d21b41ee2ea70bb2ae6f981ba4913e11cca52c5a142b5f8dc67b9538025b53625b740af04f26b4e9dc462fc3bcac9e1c36d813ed5e107ab4cc22285

Download Submit
\Windows\SysWOW64\hfnapi.dll

Filesize
106KB

MD5
6f1bbeaaa62cf158d8009e33b0cdc885

SHA1
3d68c631308484107ed001d76a48439cd2f98de4

SHA256
88dcd939d9a33ae0edf263fd9329a8d17ff3a397704f74a68f052e8f5a07ab9d

SHA512
89abad8f2d21b41ee2ea70bb2ae6f981ba4913e11cca52c5a142b5f8dc67b9538025b53625b740af04f26b4e9dc462fc3bcac9e1c36d813ed5e107ab4cc22285

Download Submit
\Windows\SysWOW64\hfpapi.dll

Filesize
241KB

MD5
27cff0b8edc3b8351f895f653986c15f

SHA1
bfcdab9bfaaa4e9478307997eaa21f68356dec84

SHA256
1f7f00ec062b92c3017661159a31d277edb450d35f788341d8affa0f5d572978

SHA512
849874d8dd3aea6e670855adc84e727aa10d675b78eddbea14be9bdd247d781cbf8067d42c4875775a6609425aff70acc7e6f9a27b29e044dbffcbb1ba64b577

Download Submit
\Windows\SysWOW64\hfpapi.dll

Filesize
241KB

MD5
27cff0b8edc3b8351f895f653986c15f

SHA1
bfcdab9bfaaa4e9478307997eaa21f68356dec84

SHA256
1f7f00ec062b92c3017661159a31d277edb450d35f788341d8affa0f5d572978

SHA512
849874d8dd3aea6e670855adc84e727aa10d675b78eddbea14be9bdd247d781cbf8067d42c4875775a6609425aff70acc7e6f9a27b29e044dbffcbb1ba64b577

Download Submit
\Windows\SysWOW64\installd.exe

Filesize
108KB

MD5
6118951131881a6d4b9bbbe981bc02a9

SHA1
d91d6503c3baf50823de2a4c65c425ad9bfaf18f

SHA256
c11faabae8f1480efff8fc29773e30b77ae0b828d2618ddea1c479a1c6e48263

SHA512
1536bd6f7749c8768d3397d1144a46543eab59b800cb22c0d965284939fe9a0853080be5c1d7d0271475d12ddf93e67bb5d11ba3a7ef89c69cc02bf9ba4b1d5a

Download Submit
\Windows\SysWOW64\nethtsrv.exe

Filesize
176KB

MD5
a482d4f4fd6909ee9045ff3f86273f3c

SHA1
253cdaddef439922e999c80d0377d9d30807ae08

SHA256
c634df1453894c4a751f0cf98c5349b34f512add82237888935708436d4eec1d

SHA512
8ca08125062888c9211e7eeb61d392763704f6ee14687f52c93dcd8d879f073b00ee1c98d73c881bbe63b510cdfcee360c9e099c7ce74d6d4e93ed63042b5997

Download Submit
\Windows\SysWOW64\netupdsrv.exe

Filesize
158KB

MD5
d67ba907be37dc61914891af00a29443

SHA1
e886508918665f927134a66ca97921ce781ed9eb

SHA256
3d8f2cb8fc3b1743fdfb0a7e5ee9ecbd144dc205d125fada595e456a439e79d9

SHA512
a9cbfb8fef32631444efe99b7153b39ad3f6150e97ed3817b4c472e0ce719bb15712f9fc02b47e0b0c4a096602fedd0bc9fc3e0c1e354e6804fc02c59aa7ebbd

Download Submit
memory/392-61-0x0000000000000000-mapping.dmp

Download
memory/664-62-0x0000000000000000-mapping.dmp

Download
memory/688-64-0x0000000000000000-mapping.dmp

Download
memory/984-57-0x0000000000000000-mapping.dmp

Download
memory/1012-87-0x0000000000000000-mapping.dmp

Download
memory/1156-76-0x0000000000000000-mapping.dmp

Download
memory/1368-54-0x0000000074E41000-0x0000000074E43000-memory.dmp

Filesize
8KB

Download
memory/1368-59-0x0000000000370000-0x00000000007BE000-memory.dmp

Filesize
4.3MB

Download
memory/1368-90-0x0000000000370000-0x00000000007BE000-memory.dmp

Filesize
4.3MB

Download
memory/1476-81-0x0000000000000000-mapping.dmp

Download
memory/1744-70-0x0000000000000000-mapping.dmp

Download
memory/1824-86-0x0000000000000000-mapping.dmp

Download
memory/1944-80-0x0000000000000000-mapping.dmp

Download
memory/1964-58-0x0000000000000000-mapping.dmp

Download