Malware Analysis Report

2025-04-13 09:53

Sample ID 230717-bgb8wshf49
Target 1497ee62ae8d86dfd030267cf3d29f91.bin
SHA256 73b01fe7662a9d2fdb23b47afb9da661cac7cc0779bb6a5665cd4201aed607c9
Tags
netsupport rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

73b01fe7662a9d2fdb23b47afb9da661cac7cc0779bb6a5665cd4201aed607c9

Threat Level: Known bad

The file 1497ee62ae8d86dfd030267cf3d29f91.bin was found to be: Known bad.

Malicious Activity Summary

netsupport rat

NetSupport

Checks computer location settings

Drops startup file

Loads dropped DLL

Executes dropped EXE

Unsigned PE

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-07-17 01:06

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-07-17 01:06

Reported

2023-07-17 01:09

Platform

win7-20230712-en

Max time kernel

136s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\93682aac34f1d48553ff05d088f225210bad9e69ea3efb75da3371d096aa2fed.exe"

Signatures

NetSupport

rat netsupport

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autorunns12.ini.lnk C:\Users\Admin\AppData\Local\Temp\93682aac34f1d48553ff05d088f225210bad9e69ea3efb75da3371d096aa2fed.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe N/A

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\93682aac34f1d48553ff05d088f225210bad9e69ea3efb75da3371d096aa2fed.exe

"C:\Users\Admin\AppData\Local\Temp\93682aac34f1d48553ff05d088f225210bad9e69ea3efb75da3371d096aa2fed.exe"

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe

"C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 Dfaiernewa21.com udp
US 8.8.8.8:53 geo.netsupportsoftware.com udp
GB 51.142.119.24:80 geo.netsupportsoftware.com tcp
US 8.8.8.8:53 Dfaiernewa23.com udp
US 8.8.8.8:53 Dfaiernewa21.com udp
US 8.8.8.8:53 Dfaiernewa21.com udp

Files

\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe

MD5 c4f1b50e3111d29774f7525039ff7086
SHA1 57539c95cba0986ec8df0fcdea433e7c71b724c6
SHA256 18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d
SHA512 005db65cedaaccc85525fb3cdab090054bb0bb9cc8c37f8210ec060f490c64945a682b5dd5d00a68ac2b8c58894b6e7d938acaa1130c1cc5667e206d38b942c5

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe

MD5 c4f1b50e3111d29774f7525039ff7086
SHA1 57539c95cba0986ec8df0fcdea433e7c71b724c6
SHA256 18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d
SHA512 005db65cedaaccc85525fb3cdab090054bb0bb9cc8c37f8210ec060f490c64945a682b5dd5d00a68ac2b8c58894b6e7d938acaa1130c1cc5667e206d38b942c5

\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe

MD5 c4f1b50e3111d29774f7525039ff7086
SHA1 57539c95cba0986ec8df0fcdea433e7c71b724c6
SHA256 18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d
SHA512 005db65cedaaccc85525fb3cdab090054bb0bb9cc8c37f8210ec060f490c64945a682b5dd5d00a68ac2b8c58894b6e7d938acaa1130c1cc5667e206d38b942c5

\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe

MD5 c4f1b50e3111d29774f7525039ff7086
SHA1 57539c95cba0986ec8df0fcdea433e7c71b724c6
SHA256 18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d
SHA512 005db65cedaaccc85525fb3cdab090054bb0bb9cc8c37f8210ec060f490c64945a682b5dd5d00a68ac2b8c58894b6e7d938acaa1130c1cc5667e206d38b942c5

\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe

MD5 c4f1b50e3111d29774f7525039ff7086
SHA1 57539c95cba0986ec8df0fcdea433e7c71b724c6
SHA256 18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d
SHA512 005db65cedaaccc85525fb3cdab090054bb0bb9cc8c37f8210ec060f490c64945a682b5dd5d00a68ac2b8c58894b6e7d938acaa1130c1cc5667e206d38b942c5

\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe

MD5 c4f1b50e3111d29774f7525039ff7086
SHA1 57539c95cba0986ec8df0fcdea433e7c71b724c6
SHA256 18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d
SHA512 005db65cedaaccc85525fb3cdab090054bb0bb9cc8c37f8210ec060f490c64945a682b5dd5d00a68ac2b8c58894b6e7d938acaa1130c1cc5667e206d38b942c5

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\PCICL32.dll

MD5 1274cca13cc5e37ca94d35e5b0673e89
SHA1 a8754c94f88273c304bc45a5afd61a383bb52117
SHA256 cd5510c8bc7ea60be77ad4aab502ee02d871bf4e917aeeb6921c20eebd9693dd
SHA512 52eafa31ee942dc92d0b8f52c12206f6abc1d5fae799b37b371e97c38ce66bd0693263de86b4880748ba1405054701288caf2cd00cd327edc164e1390cf9191c

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe

MD5 c4f1b50e3111d29774f7525039ff7086
SHA1 57539c95cba0986ec8df0fcdea433e7c71b724c6
SHA256 18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d
SHA512 005db65cedaaccc85525fb3cdab090054bb0bb9cc8c37f8210ec060f490c64945a682b5dd5d00a68ac2b8c58894b6e7d938acaa1130c1cc5667e206d38b942c5

\Users\Admin\AppData\Roaming\UpdatwinSupp4354\PCICL32.DLL

MD5 1274cca13cc5e37ca94d35e5b0673e89
SHA1 a8754c94f88273c304bc45a5afd61a383bb52117
SHA256 cd5510c8bc7ea60be77ad4aab502ee02d871bf4e917aeeb6921c20eebd9693dd
SHA512 52eafa31ee942dc92d0b8f52c12206f6abc1d5fae799b37b371e97c38ce66bd0693263de86b4880748ba1405054701288caf2cd00cd327edc164e1390cf9191c

\Users\Admin\AppData\Roaming\UpdatwinSupp4354\PCICHEK.DLL

MD5 07b474ab5c503f35873b94cd48d01592
SHA1 e6f699d6c021d9d434cc6a4e68516c4c2ac80ddc
SHA256 c8911c298f860de85037f8634e8539627f5a1c13b1fffe5568d63612e29b9cd4
SHA512 a995b0d1fba6e99dd89afbf5161efc18b0268c001c27155876e642abc8639f79c2c320530039cfa5ec9f6ca10e1d716060b0fb86414245f578f920f11c9bbbc8

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\pcichek.dll

MD5 07b474ab5c503f35873b94cd48d01592
SHA1 e6f699d6c021d9d434cc6a4e68516c4c2ac80ddc
SHA256 c8911c298f860de85037f8634e8539627f5a1c13b1fffe5568d63612e29b9cd4
SHA512 a995b0d1fba6e99dd89afbf5161efc18b0268c001c27155876e642abc8639f79c2c320530039cfa5ec9f6ca10e1d716060b0fb86414245f578f920f11c9bbbc8

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\MSVCR100.dll

MD5 0e37fbfa79d349d672456923ec5fbbe3
SHA1 4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
SHA256 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
SHA512 2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

\Users\Admin\AppData\Roaming\UpdatwinSupp4354\msvcr100.dll

MD5 0e37fbfa79d349d672456923ec5fbbe3
SHA1 4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
SHA256 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
SHA512 2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\PCICAPI.dll

MD5 f0d7d2a77eee2b3146405d3ad0d56230
SHA1 37c323faf58584606ee5847cb9a25346c588f78f
SHA256 f043653ab1b8fbe5a33922df5b4fb46797e9694e5fcee807b97cc6aaef650131
SHA512 861258b5b97665f649437fd25aadc5dc66e5bc5a87d7482300f9931810f0d89d0ed9c01890cd038daa7c6d2f1850a3208fc20b3c1dc2e588c7688e228a4baade

\Users\Admin\AppData\Roaming\UpdatwinSupp4354\pcicapi.dll

MD5 f0d7d2a77eee2b3146405d3ad0d56230
SHA1 37c323faf58584606ee5847cb9a25346c588f78f
SHA256 f043653ab1b8fbe5a33922df5b4fb46797e9694e5fcee807b97cc6aaef650131
SHA512 861258b5b97665f649437fd25aadc5dc66e5bc5a87d7482300f9931810f0d89d0ed9c01890cd038daa7c6d2f1850a3208fc20b3c1dc2e588c7688e228a4baade

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.ini

MD5 3f4686b1c2e6d44110bee11e61ee4533
SHA1 ca7d0e453c3ed22235b2d9137ac595c1318bffbe
SHA256 7092327e20574cf9a3c3e90022adee5184b84b8478c8e7cd3f391f76cb4526f2
SHA512 6d3f032d2a286b7505c8777f9efc3feaec293ff8b7ef6ba66c65e368a7843cee2cc0aa29d8efb49fa858fa71ee902d71bdfd3e0218b2fa2c2524d38776ef3ce6

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\NSM.LIC

MD5 1dc87146379e5e3f85fd23b25889ae2a
SHA1 b750c56c757ad430c9421803649acf9acd15a860
SHA256 f7d80e323e7d0ed1e3ddd9b5df08af23dcecb47a3e289314134d4b76b3adcaf2
SHA512 7861abe50eefdf4452e4baacc4b788895610196b387b70ddeab7bc70735391ed0a015f47eada94a368b82f8e5cedb5a2096e624f4a881ff067937ad159e3562c

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\HTCTL32.DLL

MD5 369388ac78ca4ca8a64219cf9aafad4c
SHA1 dfa6c01c55ac799f041c65df9a35aba8cf0d8c2d
SHA256 c76ee648639406c81469772311c39b46042bf1b91e47d9201908f3cf70407f30
SHA512 7d090f033ffc48b870d692877f3804a69dcb1ff61b96936f1ab77bf42b156839bfd787c387bc7d642c732868e3dcd8c0ff3b319f057c0157b5afc6843b302bc5

\Users\Admin\AppData\Roaming\UpdatwinSupp4354\HTCTL32.DLL

MD5 369388ac78ca4ca8a64219cf9aafad4c
SHA1 dfa6c01c55ac799f041c65df9a35aba8cf0d8c2d
SHA256 c76ee648639406c81469772311c39b46042bf1b91e47d9201908f3cf70407f30
SHA512 7d090f033ffc48b870d692877f3804a69dcb1ff61b96936f1ab77bf42b156839bfd787c387bc7d642c732868e3dcd8c0ff3b319f057c0157b5afc6843b302bc5

Analysis: behavioral2

Detonation Overview

Submitted

2023-07-17 01:06

Reported

2023-07-17 01:09

Platform

win10v2004-20230703-en

Max time kernel

142s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\93682aac34f1d48553ff05d088f225210bad9e69ea3efb75da3371d096aa2fed.exe"

Signatures

NetSupport

rat netsupport

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\93682aac34f1d48553ff05d088f225210bad9e69ea3efb75da3371d096aa2fed.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autorunns12.ini.lnk C:\Users\Admin\AppData\Local\Temp\93682aac34f1d48553ff05d088f225210bad9e69ea3efb75da3371d096aa2fed.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe N/A

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\93682aac34f1d48553ff05d088f225210bad9e69ea3efb75da3371d096aa2fed.exe

"C:\Users\Admin\AppData\Local\Temp\93682aac34f1d48553ff05d088f225210bad9e69ea3efb75da3371d096aa2fed.exe"

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe

"C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 Dfaiernewa21.com udp
DE 185.212.44.49:1237 Dfaiernewa21.com tcp
US 8.8.8.8:53 geo.netsupportsoftware.com udp
GB 62.172.138.8:80 geo.netsupportsoftware.com tcp
GB 62.172.138.8:80 geo.netsupportsoftware.com tcp
GB 62.172.138.8:80 geo.netsupportsoftware.com tcp
US 8.8.8.8:53 49.44.212.185.in-addr.arpa udp
US 8.8.8.8:53 8.138.172.62.in-addr.arpa udp
US 8.8.8.8:53 76.143.109.104.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe

MD5 c4f1b50e3111d29774f7525039ff7086
SHA1 57539c95cba0986ec8df0fcdea433e7c71b724c6
SHA256 18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d
SHA512 005db65cedaaccc85525fb3cdab090054bb0bb9cc8c37f8210ec060f490c64945a682b5dd5d00a68ac2b8c58894b6e7d938acaa1130c1cc5667e206d38b942c5

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe

MD5 c4f1b50e3111d29774f7525039ff7086
SHA1 57539c95cba0986ec8df0fcdea433e7c71b724c6
SHA256 18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d
SHA512 005db65cedaaccc85525fb3cdab090054bb0bb9cc8c37f8210ec060f490c64945a682b5dd5d00a68ac2b8c58894b6e7d938acaa1130c1cc5667e206d38b942c5

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe

MD5 c4f1b50e3111d29774f7525039ff7086
SHA1 57539c95cba0986ec8df0fcdea433e7c71b724c6
SHA256 18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d
SHA512 005db65cedaaccc85525fb3cdab090054bb0bb9cc8c37f8210ec060f490c64945a682b5dd5d00a68ac2b8c58894b6e7d938acaa1130c1cc5667e206d38b942c5

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\PCICL32.dll

MD5 1274cca13cc5e37ca94d35e5b0673e89
SHA1 a8754c94f88273c304bc45a5afd61a383bb52117
SHA256 cd5510c8bc7ea60be77ad4aab502ee02d871bf4e917aeeb6921c20eebd9693dd
SHA512 52eafa31ee942dc92d0b8f52c12206f6abc1d5fae799b37b371e97c38ce66bd0693263de86b4880748ba1405054701288caf2cd00cd327edc164e1390cf9191c

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\pcichek.dll

MD5 07b474ab5c503f35873b94cd48d01592
SHA1 e6f699d6c021d9d434cc6a4e68516c4c2ac80ddc
SHA256 c8911c298f860de85037f8634e8539627f5a1c13b1fffe5568d63612e29b9cd4
SHA512 a995b0d1fba6e99dd89afbf5161efc18b0268c001c27155876e642abc8639f79c2c320530039cfa5ec9f6ca10e1d716060b0fb86414245f578f920f11c9bbbc8

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\PCICL32.DLL

MD5 1274cca13cc5e37ca94d35e5b0673e89
SHA1 a8754c94f88273c304bc45a5afd61a383bb52117
SHA256 cd5510c8bc7ea60be77ad4aab502ee02d871bf4e917aeeb6921c20eebd9693dd
SHA512 52eafa31ee942dc92d0b8f52c12206f6abc1d5fae799b37b371e97c38ce66bd0693263de86b4880748ba1405054701288caf2cd00cd327edc164e1390cf9191c

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\pcicapi.dll

MD5 f0d7d2a77eee2b3146405d3ad0d56230
SHA1 37c323faf58584606ee5847cb9a25346c588f78f
SHA256 f043653ab1b8fbe5a33922df5b4fb46797e9694e5fcee807b97cc6aaef650131
SHA512 861258b5b97665f649437fd25aadc5dc66e5bc5a87d7482300f9931810f0d89d0ed9c01890cd038daa7c6d2f1850a3208fc20b3c1dc2e588c7688e228a4baade

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\MSVCR100.dll

MD5 0e37fbfa79d349d672456923ec5fbbe3
SHA1 4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
SHA256 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
SHA512 2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\msvcr100.dll

MD5 0e37fbfa79d349d672456923ec5fbbe3
SHA1 4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
SHA256 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
SHA512 2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\PCICHEK.DLL

MD5 07b474ab5c503f35873b94cd48d01592
SHA1 e6f699d6c021d9d434cc6a4e68516c4c2ac80ddc
SHA256 c8911c298f860de85037f8634e8539627f5a1c13b1fffe5568d63612e29b9cd4
SHA512 a995b0d1fba6e99dd89afbf5161efc18b0268c001c27155876e642abc8639f79c2c320530039cfa5ec9f6ca10e1d716060b0fb86414245f578f920f11c9bbbc8

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\PCICAPI.dll

MD5 f0d7d2a77eee2b3146405d3ad0d56230
SHA1 37c323faf58584606ee5847cb9a25346c588f78f
SHA256 f043653ab1b8fbe5a33922df5b4fb46797e9694e5fcee807b97cc6aaef650131
SHA512 861258b5b97665f649437fd25aadc5dc66e5bc5a87d7482300f9931810f0d89d0ed9c01890cd038daa7c6d2f1850a3208fc20b3c1dc2e588c7688e228a4baade

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\NSM.LIC

MD5 1dc87146379e5e3f85fd23b25889ae2a
SHA1 b750c56c757ad430c9421803649acf9acd15a860
SHA256 f7d80e323e7d0ed1e3ddd9b5df08af23dcecb47a3e289314134d4b76b3adcaf2
SHA512 7861abe50eefdf4452e4baacc4b788895610196b387b70ddeab7bc70735391ed0a015f47eada94a368b82f8e5cedb5a2096e624f4a881ff067937ad159e3562c

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.ini

MD5 3f4686b1c2e6d44110bee11e61ee4533
SHA1 ca7d0e453c3ed22235b2d9137ac595c1318bffbe
SHA256 7092327e20574cf9a3c3e90022adee5184b84b8478c8e7cd3f391f76cb4526f2
SHA512 6d3f032d2a286b7505c8777f9efc3feaec293ff8b7ef6ba66c65e368a7843cee2cc0aa29d8efb49fa858fa71ee902d71bdfd3e0218b2fa2c2524d38776ef3ce6

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\HTCTL32.DLL

MD5 369388ac78ca4ca8a64219cf9aafad4c
SHA1 dfa6c01c55ac799f041c65df9a35aba8cf0d8c2d
SHA256 c76ee648639406c81469772311c39b46042bf1b91e47d9201908f3cf70407f30
SHA512 7d090f033ffc48b870d692877f3804a69dcb1ff61b96936f1ab77bf42b156839bfd787c387bc7d642c732868e3dcd8c0ff3b319f057c0157b5afc6843b302bc5

C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\HTCTL32.DLL

MD5 369388ac78ca4ca8a64219cf9aafad4c
SHA1 dfa6c01c55ac799f041c65df9a35aba8cf0d8c2d
SHA256 c76ee648639406c81469772311c39b46042bf1b91e47d9201908f3cf70407f30
SHA512 7d090f033ffc48b870d692877f3804a69dcb1ff61b96936f1ab77bf42b156839bfd787c387bc7d642c732868e3dcd8c0ff3b319f057c0157b5afc6843b302bc5