a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf

Analysis

max time kernel
177s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 23:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
Size

655KB
MD5

1ad67e5c025f29804d2ce46bf80702eb
SHA1

01938a1cebf56623970c142fd268f0ae4b7d4751
SHA256

a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf
SHA512

6567abb236231cf88b50790afccd85a7c253902048f9c73a4038c450d1a4a0360c0b1208ed9e65da32c71e39cef7d21404d643b33b6c8c8619a56fca57aee80e
SSDEEP

12288:g1wOZa/0i050xeaNz2OJbE7zDWqBg+Jj2YxzzTI7cAoDPFOWlA2:uwEZ50bNzBFE6qBj2YxfgoFOQA2

Score

8^/10

discovery upx

Malware Config

Signatures

Drops file in Drivers directory 43 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\regedit	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\logs	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	C:\windows\SysWOW64\drivers\nVIDIA\dll\regedit	rundll.exe
File created	C:\windows\SysWOW64\drivers\nVIDIA\dll\TMP1.$$$	rundll.exe
File created	C:\windows\SysWOW64\drivers\nVIDIA\dll\TMP5.$$$	rundll.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\mirc.GID	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\control.ini	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\mirc.GID	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\regedit	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\ident.ini	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\fullname.txt	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\servers.txt	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\servers.txt	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\mirc.ini	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	C:\windows\SysWOW64\drivers\nVIDIA\dll\mirc.ini	rundll.exe
File created	C:\windows\SysWOW64\drivers\nVIDIA\dll\TMP3.$$$	rundll.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\hex.exe	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\Ai gasit progrmu`.txt	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\script.ini	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\ident.ini	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	C:\windows\SysWOW64\drivers\nVIDIA\dll\remote.ini	rundll.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\Ai gasit progrmu`.txt	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File created	C:\windows\SysWOW64\drivers\nVIDIA\dll\TMP4.$$$	rundll.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\remote.ini	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\rundll.exe	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\nicks.txt	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\download	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	C:\windows\SysWOW64\drivers\nVIDIA\dll\control.ini	rundll.exe
File created	C:\windows\SysWOW64\drivers\nVIDIA\dll\TMP6.$$$	rundll.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\remote.ini	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\rundll.exe	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\script.ini	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\fullname.txt	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File created	C:\windows\SysWOW64\drivers\nVIDIA\dll\TMP2.$$$	rundll.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\hex.exe	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\mirc.ini	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\nicks.txt	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\sounds	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
File opened for modification	C:\windows\SysWOW64\drivers\nVIDIA\dll\script.ini	rundll.exe
File opened for modification	C:\windows\SysWOW64\drivers\nVIDIA\dll\ident.ini	rundll.exe
File created	\??\c:\windows\SysWOW64\drivers\nVIDIA\DLL\control.ini	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe

Executes dropped EXE 2 IoCs

pid	Process
3208	rundll.exe
2824	hex.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4536-132-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/4536-136-0x0000000000400000-0x0000000000423000-memory.dmp	upx

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\Control Panel\International\Geo\Nation	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\Control Panel\International\Geo\Nation	rundll.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 40 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Topic\ = "Connect"	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Topic	rundll.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\EditFlags = 02000000	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\Application\ = "mIRC"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\ = "Chat File"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\command\ = "\"C:\\windows\\SysWOW64\\drivers\\nVIDIA\\dll\\rundll.exe\" -noconnect"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\command\ = "\"C:\\windows\\SysWOW64\\drivers\\nVIDIA\\dll\\rundll.exe\" -noconnect"	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\DefaultIcon	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Application	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec\Application	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec\ifexec	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\ifexec\ = "%1"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cha\ = "ChatFile"	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\command	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\DefaultIcon\ = "\"C:\\windows\\SysWOW64\\drivers\\nVIDIA\\dll\\rundll.exe\""	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\DefaultIcon	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\command	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\command	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\ = "%1"	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.chat	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Application\ = "mIRC"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\DefaultIcon\ = "\"C:\\windows\\SysWOW64\\drivers\\nVIDIA\\dll\\rundll.exe\""	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec\Topic	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\Topic\ = "Connect"	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cha	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.chat\ = "ChatFile"	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\ifexec	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\ifexec\ = "%1"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\ = "URL:IRC Protocol"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\URL Protocol	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec	rundll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\ = "%1"	rundll.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3208	rundll.exe
3208	rundll.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4536 wrote to memory of 3208	4536	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe	83
PID 4536 wrote to memory of 3208	4536	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe	83
PID 4536 wrote to memory of 3208	4536	a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe	83
PID 3208 wrote to memory of 2824	3208	rundll.exe	84
PID 3208 wrote to memory of 2824	3208	rundll.exe	84
PID 3208 wrote to memory of 2824	3208	rundll.exe	84

C:\Users\Admin\AppData\Local\Temp\a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe
"C:\Users\Admin\AppData\Local\Temp\a4829fa00d9d406e512ee270dc95281ad42144a043e4039f0230e076c0f09dbf.exe"
1⤵
- Drops file in Drivers directory
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4536
- C:\windows\SysWOW64\drivers\nVIDIA\dll\rundll.exe
  "C:\windows\system32\drivers\nVIDIA\dll\rundll.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Checks computer location settings
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3208
- - C:\Windows\SysWOW64\drivers\nVIDIA\DLL\hex.exe
    "C:\Windows\SysWOW64\drivers\nVIDIA\DLL\hex.exe" "mIRC DB" /hide
    3⤵
    - Executes dropped EXE
    PID:2824

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\drivers\nVIDIA\DLL\hex.exe

Filesize
33KB

MD5
00b41a87e536de8908af134692ceadf6

SHA1
0fca1c072a39e3c9b8b7e0efd1a18528fa52671f

SHA256
825d347f3f6d71131764a4700755a51a304ae4bcd1474488d2d85019d3ba8434

SHA512
a0440a146d269ba078ddb1cb64722b4536d299408d636dc1ad309c01e8474017e423e082e25716c5bc1f50e4bfc6e8fb3c71d922e39b6a19fd703e93129eb9fb

Download Submit
C:\Windows\SysWOW64\drivers\nVIDIA\DLL\hex.exe

Filesize
33KB

MD5
00b41a87e536de8908af134692ceadf6

SHA1
0fca1c072a39e3c9b8b7e0efd1a18528fa52671f

SHA256
825d347f3f6d71131764a4700755a51a304ae4bcd1474488d2d85019d3ba8434

SHA512
a0440a146d269ba078ddb1cb64722b4536d299408d636dc1ad309c01e8474017e423e082e25716c5bc1f50e4bfc6e8fb3c71d922e39b6a19fd703e93129eb9fb

Download Submit
C:\Windows\SysWOW64\drivers\nVIDIA\DLL\rundll.exe

Filesize
1.6MB

MD5
ab9a199958394051099922b000abafb3

SHA1
9431a53c49a29dd037c4d3d4c04108a05d45d2e2

SHA256
5ee44253114a45d4c659412c94559ff1ddf4c8112102440667a82da3b38fa0ec

SHA512
0cdf5a372a4b3dca2a79384add559e53c0146d8484c16a79af978f1b4ede25ad7de1227e7c20486b90d83a6321337e4350d41030541a2b8bba7e811f86d4f0ba

Download Submit
C:\windows\SysWOW64\drivers\nVIDIA\dll\control.ini

Filesize
42B

MD5
405d882eed0cab5b915aa470a265dcc5

SHA1
7adfa3476bfc1c248619f0f78da6791faa7aa360

SHA256
32680a610219e4de3cdfb104e71a9b3b1c86d3fb6c3f18328e6e161d2e3dff8b

SHA512
03a5ce9a968196c605330e8e41a8df57ff86b1b60b60b38a453c13f469bd372679ff55f325cb336cb9c43db6d15b7554c7474fcc1f7515d8e4ef748d278ee723

Download Submit
C:\windows\SysWOW64\drivers\nVIDIA\dll\fullname.txt

Filesize
32B

MD5
6a046eec9915052c59fe9b2381028819

SHA1
929c7037db931b37c427f6c64626d268a173d653

SHA256
9f35112c251b0fe958dc7a7ec25ed784fd94534025c90a4e0565cabd6470b9e3

SHA512
3a99102ece91f9af6a45a364648fbf36aac028d8c5554d8403fd2080967c758c8d6e328d7e908cb1fff5c7c87b26b78e35c9c4594ecc9589b4e88af23118d106

Download Submit
C:\windows\SysWOW64\drivers\nVIDIA\dll\ident.ini

Filesize
960B

MD5
f1adedc660661c35aa43d211a5c15252

SHA1
20938582ee10f0e257ce127b3fc53f5d00b47e89

SHA256
ae7244bf927e42501d1286f6533d558ba198f6803dd70ad9dd8904c9ab057a57

SHA512
76f6788ca71adc6b2957359c8f4bfc438ca5531d31dc99514b95bac998d012cfb616d366f22dafc67093797e3e8226e1e34387741bf5d5a258f5e36b9d435767

Download Submit
C:\windows\SysWOW64\drivers\nVIDIA\dll\mirc.ini

Filesize
2KB

MD5
162e21bcc1b6e30c78d16345f63f9d2e

SHA1
b5486ec2fd1cbe9d24197d4cc1f975a8cccafb13

SHA256
c544153e9b09b0a0fed728c44dde741338eb00c1b73f9ddcb70e391ae355e574

SHA512
79f9d5256266cc7d1d90a781bbe785b456d97eba1f1a4195601fbbb0f753aff410abf8b71031526accf9b559e7dba34e1361f278cc361dfb5a25757887ef3e1c

Download Submit
C:\windows\SysWOW64\drivers\nVIDIA\dll\nicks.txt

Filesize
310B

MD5
77c21627fac0d6b679dbaf341d3b06a3

SHA1
f30b66d0c0d24b9c2e5372040f73c923280e516a

SHA256
818c3b0729028d7708ae824f8e23709f7aaf545c1320d2097c14e4369b9446fe

SHA512
e9c28cf65d08cbd2a34b983ed6683cad98f1fa46871701d808badc419b8f1abaa8fe4bbace363bd85bbbc9d371936c027ad3e090b5445958fb5d62c6bf9e6d58

Download Submit
C:\windows\SysWOW64\drivers\nVIDIA\dll\regedit

Filesize
3KB

MD5
53c911eff0af72bfce31c508f79408ff

SHA1
337844bf4bd03a20a73cd4ff8e462500060e4170

SHA256
629909e0fbe0c0994cc3eb97a75e30e8d2f8f17de1b0dc5db183e559974e026e

SHA512
26893e45316f71aca1f81b6868fd75a19774025f94714fa3376b2fa1de3387bba022677f9986054cd5dcb87c5ac7c6c54dff80039c2b372e0a11fd4e34540ecd

Download Submit
C:\windows\SysWOW64\drivers\nVIDIA\dll\remote.ini

Filesize
3KB

MD5
cb8e346b1b2241401b05707b3c268a90

SHA1
ccbb761c135f116a38c18afe75367b1dd2191ab0

SHA256
030c6a54aefdc1aab0c8f43b7ffa7c1a2f4a39bd45beb3a65f89ea34f0ca44ab

SHA512
4e5143ab433d1e988a103177380f28298a558a5a9af8f20d4b44b7ffd8109730b8ca432a1368395fd447b8033ae98c8501ad3c6cb8947bbdb3b4f018a917bad0

Download Submit
C:\windows\SysWOW64\drivers\nVIDIA\dll\rundll.exe

Filesize
1.6MB

MD5
ab9a199958394051099922b000abafb3

SHA1
9431a53c49a29dd037c4d3d4c04108a05d45d2e2

SHA256
5ee44253114a45d4c659412c94559ff1ddf4c8112102440667a82da3b38fa0ec

SHA512
0cdf5a372a4b3dca2a79384add559e53c0146d8484c16a79af978f1b4ede25ad7de1227e7c20486b90d83a6321337e4350d41030541a2b8bba7e811f86d4f0ba

Download Submit
C:\windows\SysWOW64\drivers\nVIDIA\dll\script.ini

Filesize
9KB

MD5
63afa8ee0d880e83a15b85f0dd0dc06e

SHA1
b459309319cfa96bf1ee222c560696dad9c06f85

SHA256
068ec010765d9ececb51f5cdb0d705c5bfa3f03536f12f084f4e24b5c1ac669a

SHA512
eb99ca8722a5a7ff7c4428b55568a6776d716d35fa98270423a037b9fd96106d062250416809f90a29e2b82ec220cf51e550105ddffa9adb98dbd0e3d2c618fa

Download Submit
C:\windows\SysWOW64\drivers\nVIDIA\dll\servers.txt

Filesize
73B

MD5
62f1f41b3833e453cd34c1b5b683b8f2

SHA1
44a03c519b26f84231eddfa2a69f04a3d9d46d77

SHA256
3940ce3dbdad904671a25e4d413422a0c8455f3c29f82980ebf3e1cb912b7731

SHA512
557aae0df618edbe787872c2f603cdcedb1e4987a6ce0fdfdaaa1f319879d013beb47959db2f7cea5bc51c884db8e3dd47ed9214cf454824f7479e498be98d3a

Download Submit
memory/4536-132-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/4536-136-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download