a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf

Analysis

max time kernel
143s
max time network
148s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 23:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
Size

655KB
MD5

1ad67e5c025f29804d2ce46bf80702eb
SHA1

01938a1cebf56623970c142fd268f0ae4b7d4751
SHA256

a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf
SHA512

6567abb236231cf88b50790afccd85a7c253902048f9c73a4038c450d1a4a0360c0b1208ed9e65da32c71e39cef7d21404d643b33b6c8c8619a56fca57aee80e
SSDEEP

12288:g1wOZa/0i050xeaNz2OJbE7zDWqBg+Jj2YxzzTI7cAoDPFOWlA2:uwEZ50bNzBFE6qBj2YxfgoFOQA2

Score

8^/10

discovery upx

Malware Config

Signatures

Drops file in Drivers directory 43 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\regedit	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\servers.txt	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	C:\windows\SysWOW64\drivers\nVIDIA\dll\regedit	rundll.exe
File created	C:\windows\SysWOW64\drivers\nVIDIA\dll\TMP2.$$$	rundll.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\mirc.GID	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\mirc.ini	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\rundll.exe	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\download	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File created	C:\windows\SysWOW64\drivers\nVIDIA\dll\TMP3.$$$	rundll.exe
File created	C:\windows\SysWOW64\drivers\nVIDIA\dll\TMP4.$$$	rundll.exe
File created	C:\windows\SysWOW64\drivers\nVIDIA\dll\TMP6.$$$	rundll.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\Ai gasit progrmu`.txt	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\hex.exe	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\regedit	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\fullname.txt	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	C:\windows\SysWOW64\drivers\nVIDIA\dll\script.ini	rundll.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\control.ini	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\sounds	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\servers.txt	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\Ai gasit progrmu`.txt	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\mirc.GID	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\nicks.txt	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	C:\windows\SysWOW64\drivers\nVIDIA\dll\mirc.ini	rundll.exe
File opened for modification	C:\windows\SysWOW64\drivers\nVIDIA\dll\control.ini	rundll.exe
File created	C:\windows\SysWOW64\drivers\nVIDIA\dll\TMP1.$$$	rundll.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\hex.exe	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\mirc.ini	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\script.ini	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\ident.ini	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\logs	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File created	C:\windows\SysWOW64\drivers\nVIDIA\dll\TMP5.$$$	rundll.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\control.ini	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\rundll.exe	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\nicks.txt	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\ident.ini	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\fullname.txt	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\script.ini	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	C:\windows\SysWOW64\drivers\nVIDIA\dll\remote.ini	rundll.exe
File opened for modification	C:\windows\SysWOW64\drivers\nVIDIA\dll\ident.ini	rundll.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\remote.ini	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\remote.ini	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe

Executes dropped EXE 2 IoCs

pid	Process
1628	rundll.exe
1616	hex.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/560-55-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/560-61-0x0000000000400000-0x0000000000423000-memory.dmp	upx

Loads dropped DLL 11 IoCs

pid	Process
560	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
560	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
1628	rundll.exe
1628	rundll.exe
1628	rundll.exe
1628	rundll.exe
1628	rundll.exe
1628	rundll.exe
1616	hex.exe
1616	hex.exe
1616	hex.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 40 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\ = "Chat File"	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\command	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec\Application	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cha\ = "ChatFile"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\command\ = "\"C:\\windows\\SysWOW64\\drivers\\nVIDIA\\dll\\rundll.exe\" -noconnect"	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec\ifexec	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\command\ = "\"C:\\windows\\SysWOW64\\drivers\\nVIDIA\\dll\\rundll.exe\" -noconnect"	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Topic	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\DefaultIcon	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\command	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\ifexec\ = "%1"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Application\ = "mIRC"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\ = "%1"	rundll.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\EditFlags = 02000000	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\DefaultIcon\ = "\"C:\\windows\\SysWOW64\\drivers\\nVIDIA\\dll\\rundll.exe\""	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Application	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\command	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cha	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\DefaultIcon	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\URL Protocol	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec\Topic	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\Topic\ = "Connect"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.chat\ = "ChatFile"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\ifexec\ = "%1"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Topic\ = "Connect"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\ = "URL:IRC Protocol"	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\ifexec	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\DefaultIcon\ = "\"C:\\windows\\SysWOW64\\drivers\\nVIDIA\\dll\\rundll.exe\""	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\ = "%1"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\Application\ = "mIRC"	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.chat	rundll.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	560	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
Token: SeBackupPrivilege	560	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1628	rundll.exe
1628	rundll.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 560 wrote to memory of 1628	560	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe	28
PID 560 wrote to memory of 1628	560	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe	28
PID 560 wrote to memory of 1628	560	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe	28
PID 560 wrote to memory of 1628	560	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe	28
PID 560 wrote to memory of 1628	560	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe	28
PID 560 wrote to memory of 1628	560	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe	28
PID 560 wrote to memory of 1628	560	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe	28
PID 1628 wrote to memory of 1616	1628	rundll.exe	29
PID 1628 wrote to memory of 1616	1628	rundll.exe	29
PID 1628 wrote to memory of 1616	1628	rundll.exe	29
PID 1628 wrote to memory of 1616	1628	rundll.exe	29
PID 1628 wrote to memory of 1616	1628	rundll.exe	29
PID 1628 wrote to memory of 1616	1628	rundll.exe	29
PID 1628 wrote to memory of 1616	1628	rundll.exe	29

C:\Users\Admin\AppData\Local\Temp\a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
"C:\Users\Admin\AppData\Local\Temp\a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:560
- C:\windows\SysWOW64\drivers\nVIDIA\dll\rundll.exe
  "C:\windows\system32\drivers\nVIDIA\dll\rundll.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1628
- - C:\Windows\SysWOW64\drivers\nVIDIA\DLL\hex.exe
    "C:\Windows\SysWOW64\drivers\nVIDIA\DLL\hex.exe" "mIRC DB" /hide
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1616

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\drivers\nVIDIA\DLL\hex.exe

Filesize
33KB

MD5
00b41a87e536de8908af134692ceadf6

SHA1
0fca1c072a39e3c9b8b7e0efd1a18528fa52671f

SHA256
825d347f3f6d71131764a4700755a51a304ae4bcd1474488d2d85019d3ba8434

SHA512
a0440a146d269ba078ddb1cb64722b4536d299408d636dc1ad309c01e8474017e423e082e25716c5bc1f50e4bfc6e8fb3c71d922e39b6a19fd703e93129eb9fb

Download Submit
C:\Windows\SysWOW64\drivers\nVIDIA\DLL\hex.exe

Filesize
33KB

MD5
00b41a87e536de8908af134692ceadf6

SHA1
0fca1c072a39e3c9b8b7e0efd1a18528fa52671f

SHA256
825d347f3f6d71131764a4700755a51a304ae4bcd1474488d2d85019d3ba8434

SHA512
a0440a146d269ba078ddb1cb64722b4536d299408d636dc1ad309c01e8474017e423e082e25716c5bc1f50e4bfc6e8fb3c71d922e39b6a19fd703e93129eb9fb

Download Submit
C:\Windows\SysWOW64\drivers\nVIDIA\DLL\rundll.exe

Filesize
1.6MB

MD5
ab9a199958394051099922b000abafb3

SHA1
9431a53c49a29dd037c4d3d4c04108a05d45d2e2

SHA256
5ee44253114a45d4c659412c94559ff1ddf4c8112102440667a82da3b38fa0ec

SHA512
0cdf5a372a4b3dca2a79384add559e53c0146d8484c16a79af978f1b4ede25ad7de1227e7c20486b90d83a6321337e4350d41030541a2b8bba7e811f86d4f0ba

Download Submit
C:\windows\SysWOW64\drivers\nVIDIA\dll\control.ini

Filesize
42B

MD5
405d882eed0cab5b915aa470a265dcc5

SHA1
7adfa3476bfc1c248619f0f78da6791faa7aa360

SHA256
32680a610219e4de3cdfb104e71a9b3b1c86d3fb6c3f18328e6e161d2e3dff8b

SHA512
03a5ce9a968196c605330e8e41a8df57ff86b1b60b60b38a453c13f469bd372679ff55f325cb336cb9c43db6d15b7554c7474fcc1f7515d8e4ef748d278ee723

Download Submit
C:\windows\SysWOW64\drivers\nVIDIA\dll\fullname.txt

Filesize
32B

MD5
6a046eec9915052c59fe9b2381028819

SHA1
929c7037db931b37c427f6c64626d268a173d653

SHA256
9f35112c251b0fe958dc7a7ec25ed784fd94534025c90a4e0565cabd6470b9e3

SHA512
3a99102ece91f9af6a45a364648fbf36aac028d8c5554d8403fd2080967c758c8d6e328d7e908cb1fff5c7c87b26b78e35c9c4594ecc9589b4e88af23118d106

Download Submit
C:\windows\SysWOW64\drivers\nVIDIA\dll\ident.ini

Filesize
960B

MD5
f1adedc660661c35aa43d211a5c15252

SHA1
20938582ee10f0e257ce127b3fc53f5d00b47e89

SHA256
ae7244bf927e42501d1286f6533d558ba198f6803dd70ad9dd8904c9ab057a57

SHA512
76f6788ca71adc6b2957359c8f4bfc438ca5531d31dc99514b95bac998d012cfb616d366f22dafc67093797e3e8226e1e34387741bf5d5a258f5e36b9d435767

Download Submit
C:\windows\SysWOW64\drivers\nVIDIA\dll\mirc.ini

Filesize
2KB

MD5
6353a6f5f11f6d016a615b106b514c0d

SHA1
86926ad9e754ded3e1769d7a102d83a650e52024

SHA256
e17abf84c563ee7f2d0f4f9a7129afc6b20a2f34c9796e88140ee6df6d35e914

SHA512
b44d520fc841123943c4d173cc2b03234611f5563ba8ba07033c742d7840ec4fba3f6e6a54eea25ab76a0ee9db475858beb46fa93870808f5e7a979d201cc877

Download Submit
C:\windows\SysWOW64\drivers\nVIDIA\dll\nicks.txt

Filesize
310B

MD5
77c21627fac0d6b679dbaf341d3b06a3

SHA1
f30b66d0c0d24b9c2e5372040f73c923280e516a

SHA256
818c3b0729028d7708ae824f8e23709f7aaf545c1320d2097c14e4369b9446fe

SHA512
e9c28cf65d08cbd2a34b983ed6683cad98f1fa46871701d808badc419b8f1abaa8fe4bbace363bd85bbbc9d371936c027ad3e090b5445958fb5d62c6bf9e6d58

Download Submit
C:\windows\SysWOW64\drivers\nVIDIA\dll\regedit

Filesize
3KB

MD5
46e34bd5750a83257ea3124c76ab3553

SHA1
d92f3953a001cd9e708b79e92774942747de25b7

SHA256
0e94b60a45062a567f1155583c7738b140323b1501089654b616b9334507ff35

SHA512
fa2ca96f1c89df3d82e83bfa152d3b957ea0e24c374871ba8d26ae0dced1bfd2e92905420d7c7b2f63a6bcfd2c241b004f035e5fb96d60067efab0f9f54205ba

Download Submit
C:\windows\SysWOW64\drivers\nVIDIA\dll\remote.ini

Filesize
3KB

MD5
cb8e346b1b2241401b05707b3c268a90

SHA1
ccbb761c135f116a38c18afe75367b1dd2191ab0

SHA256
030c6a54aefdc1aab0c8f43b7ffa7c1a2f4a39bd45beb3a65f89ea34f0ca44ab

SHA512
4e5143ab433d1e988a103177380f28298a558a5a9af8f20d4b44b7ffd8109730b8ca432a1368395fd447b8033ae98c8501ad3c6cb8947bbdb3b4f018a917bad0

Download Submit
C:\windows\SysWOW64\drivers\nVIDIA\dll\rundll.exe

Filesize
1.6MB

MD5
ab9a199958394051099922b000abafb3

SHA1
9431a53c49a29dd037c4d3d4c04108a05d45d2e2

SHA256
5ee44253114a45d4c659412c94559ff1ddf4c8112102440667a82da3b38fa0ec

SHA512
0cdf5a372a4b3dca2a79384add559e53c0146d8484c16a79af978f1b4ede25ad7de1227e7c20486b90d83a6321337e4350d41030541a2b8bba7e811f86d4f0ba

Download Submit
C:\windows\SysWOW64\drivers\nVIDIA\dll\script.ini

Filesize
9KB

MD5
63afa8ee0d880e83a15b85f0dd0dc06e

SHA1
b459309319cfa96bf1ee222c560696dad9c06f85

SHA256
068ec010765d9ececb51f5cdb0d705c5bfa3f03536f12f084f4e24b5c1ac669a

SHA512
eb99ca8722a5a7ff7c4428b55568a6776d716d35fa98270423a037b9fd96106d062250416809f90a29e2b82ec220cf51e550105ddffa9adb98dbd0e3d2c618fa

Download Submit
C:\windows\SysWOW64\drivers\nVIDIA\dll\servers.txt

Filesize
73B

MD5
62f1f41b3833e453cd34c1b5b683b8f2

SHA1
44a03c519b26f84231eddfa2a69f04a3d9d46d77

SHA256
3940ce3dbdad904671a25e4d413422a0c8455f3c29f82980ebf3e1cb912b7731

SHA512
557aae0df618edbe787872c2f603cdcedb1e4987a6ce0fdfdaaa1f319879d013beb47959db2f7cea5bc51c884db8e3dd47ed9214cf454824f7479e498be98d3a

Download Submit
\Windows\SysWOW64\drivers\nVIDIA\DLL\hex.exe

Filesize
33KB

MD5
00b41a87e536de8908af134692ceadf6

SHA1
0fca1c072a39e3c9b8b7e0efd1a18528fa52671f

SHA256
825d347f3f6d71131764a4700755a51a304ae4bcd1474488d2d85019d3ba8434

SHA512
a0440a146d269ba078ddb1cb64722b4536d299408d636dc1ad309c01e8474017e423e082e25716c5bc1f50e4bfc6e8fb3c71d922e39b6a19fd703e93129eb9fb

Download Submit
\Windows\SysWOW64\drivers\nVIDIA\DLL\hex.exe

Filesize
33KB

MD5
00b41a87e536de8908af134692ceadf6

SHA1
0fca1c072a39e3c9b8b7e0efd1a18528fa52671f

SHA256
825d347f3f6d71131764a4700755a51a304ae4bcd1474488d2d85019d3ba8434

SHA512
a0440a146d269ba078ddb1cb64722b4536d299408d636dc1ad309c01e8474017e423e082e25716c5bc1f50e4bfc6e8fb3c71d922e39b6a19fd703e93129eb9fb

Download Submit
\Windows\SysWOW64\drivers\nVIDIA\DLL\hex.exe

Filesize
33KB

MD5
00b41a87e536de8908af134692ceadf6

SHA1
0fca1c072a39e3c9b8b7e0efd1a18528fa52671f

SHA256
825d347f3f6d71131764a4700755a51a304ae4bcd1474488d2d85019d3ba8434

SHA512
a0440a146d269ba078ddb1cb64722b4536d299408d636dc1ad309c01e8474017e423e082e25716c5bc1f50e4bfc6e8fb3c71d922e39b6a19fd703e93129eb9fb

Download Submit
\Windows\SysWOW64\drivers\nVIDIA\DLL\hex.exe

Filesize
33KB

MD5
00b41a87e536de8908af134692ceadf6

SHA1
0fca1c072a39e3c9b8b7e0efd1a18528fa52671f

SHA256
825d347f3f6d71131764a4700755a51a304ae4bcd1474488d2d85019d3ba8434

SHA512
a0440a146d269ba078ddb1cb64722b4536d299408d636dc1ad309c01e8474017e423e082e25716c5bc1f50e4bfc6e8fb3c71d922e39b6a19fd703e93129eb9fb

Download Submit
\Windows\SysWOW64\drivers\nVIDIA\DLL\hex.exe

Filesize
33KB

MD5
00b41a87e536de8908af134692ceadf6

SHA1
0fca1c072a39e3c9b8b7e0efd1a18528fa52671f

SHA256
825d347f3f6d71131764a4700755a51a304ae4bcd1474488d2d85019d3ba8434

SHA512
a0440a146d269ba078ddb1cb64722b4536d299408d636dc1ad309c01e8474017e423e082e25716c5bc1f50e4bfc6e8fb3c71d922e39b6a19fd703e93129eb9fb

Download Submit
\Windows\SysWOW64\drivers\nVIDIA\DLL\rundll.exe

Filesize
1.6MB

MD5
ab9a199958394051099922b000abafb3

SHA1
9431a53c49a29dd037c4d3d4c04108a05d45d2e2

SHA256
5ee44253114a45d4c659412c94559ff1ddf4c8112102440667a82da3b38fa0ec

SHA512
0cdf5a372a4b3dca2a79384add559e53c0146d8484c16a79af978f1b4ede25ad7de1227e7c20486b90d83a6321337e4350d41030541a2b8bba7e811f86d4f0ba

Download Submit
\Windows\SysWOW64\drivers\nVIDIA\DLL\rundll.exe

Filesize
1.6MB

MD5
ab9a199958394051099922b000abafb3

SHA1
9431a53c49a29dd037c4d3d4c04108a05d45d2e2

SHA256
5ee44253114a45d4c659412c94559ff1ddf4c8112102440667a82da3b38fa0ec

SHA512
0cdf5a372a4b3dca2a79384add559e53c0146d8484c16a79af978f1b4ede25ad7de1227e7c20486b90d83a6321337e4350d41030541a2b8bba7e811f86d4f0ba

Download Submit
\Windows\SysWOW64\drivers\nVIDIA\DLL\rundll.exe

Filesize
1.6MB

MD5
ab9a199958394051099922b000abafb3

SHA1
9431a53c49a29dd037c4d3d4c04108a05d45d2e2

SHA256
5ee44253114a45d4c659412c94559ff1ddf4c8112102440667a82da3b38fa0ec

SHA512
0cdf5a372a4b3dca2a79384add559e53c0146d8484c16a79af978f1b4ede25ad7de1227e7c20486b90d83a6321337e4350d41030541a2b8bba7e811f86d4f0ba

Download Submit
\Windows\SysWOW64\drivers\nVIDIA\DLL\rundll.exe

Filesize
1.6MB

MD5
ab9a199958394051099922b000abafb3

SHA1
9431a53c49a29dd037c4d3d4c04108a05d45d2e2

SHA256
5ee44253114a45d4c659412c94559ff1ddf4c8112102440667a82da3b38fa0ec

SHA512
0cdf5a372a4b3dca2a79384add559e53c0146d8484c16a79af978f1b4ede25ad7de1227e7c20486b90d83a6321337e4350d41030541a2b8bba7e811f86d4f0ba

Download Submit
\Windows\SysWOW64\drivers\nVIDIA\DLL\rundll.exe

Filesize
1.6MB

MD5
ab9a199958394051099922b000abafb3

SHA1
9431a53c49a29dd037c4d3d4c04108a05d45d2e2

SHA256
5ee44253114a45d4c659412c94559ff1ddf4c8112102440667a82da3b38fa0ec

SHA512
0cdf5a372a4b3dca2a79384add559e53c0146d8484c16a79af978f1b4ede25ad7de1227e7c20486b90d83a6321337e4350d41030541a2b8bba7e811f86d4f0ba

Download Submit
\Windows\SysWOW64\drivers\nVIDIA\DLL\rundll.exe

Filesize
1.6MB

MD5
ab9a199958394051099922b000abafb3

SHA1
9431a53c49a29dd037c4d3d4c04108a05d45d2e2

SHA256
5ee44253114a45d4c659412c94559ff1ddf4c8112102440667a82da3b38fa0ec

SHA512
0cdf5a372a4b3dca2a79384add559e53c0146d8484c16a79af978f1b4ede25ad7de1227e7c20486b90d83a6321337e4350d41030541a2b8bba7e811f86d4f0ba

Download Submit
memory/560-61-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/560-62-0x00000000002C0000-0x00000000002CD000-memory.dmp

Filesize
52KB

Download
memory/560-54-0x0000000076041000-0x0000000076043000-memory.dmp

Filesize
8KB

Download
memory/560-56-0x00000000002C0000-0x00000000002E3000-memory.dmp

Filesize
140KB

Download
memory/560-55-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download