7c124fff8438a7ec767f8647c2ab7b3c76de513aa7248566432f14ffc3348a22

Analysis

max time kernel
65s
max time network
73s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
21/03/2023, 11:27 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

driverguide.exe
Size

4.9MB
MD5

78c6ff84ae3e02023285e06d6e44ebb1
SHA1

9c0002276fdc2704d9133066b6969d1d52f87e05
SHA256

7c124fff8438a7ec767f8647c2ab7b3c76de513aa7248566432f14ffc3348a22
SHA512

7874283965739be32344f6024000e6680008051c1656d145d6c2158df1e506bd755bfa5fdb9c4b6b6d300f545e975dd405562c4ba2d7acac7a10d1bdfc9cc00d
SSDEEP

98304:yKpS9BZpykFRYXDA5aKOZJ61Pm87BlnxYqoeut0fF/YxFfFXG329GdFwCOt:yKpS9Byk40joEMeBlxit8F+W32Id+L

Score

7^/10

discovery

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	drvgdtk2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	drvgdtk2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	drvgdtk2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	drvgdtk2.exe

Executes dropped EXE 4 IoCs

pid	Process
708	drvgdtk2.exe
424	drvgdtk2.exe
2360	drvgdtk2.exe
1620	drvgdtk2.exe

Loads dropped DLL 8 IoCs

pid	Process
2148	driverguide.exe
2148	driverguide.exe
2148	driverguide.exe
2148	driverguide.exe
2148	driverguide.exe
2148	driverguide.exe
2148	driverguide.exe
2148	driverguide.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 7 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\wbem\wbemdisp.tlb	driverguide.exe
File created	C:\Windows\SysWOW64\MSCOMCTL.OCX	driverguide.exe
File created	C:\Windows\SysWOW64\SHELLLNK.TLB	driverguide.exe
File created	C:\Windows\SysWOW64\msvbvm60.dll	driverguide.exe
File created	C:\Windows\SysWOW64\scrrun.dll	driverguide.exe
File created	C:\Windows\SysWOW64\shfolder.dll	driverguide.exe
File created	C:\Windows\SysWOW64\stdole2.tlb	driverguide.exe

Drops file in Program Files directory 22 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\DriverGuide Toolkit\header_left.jpg	driverguide.exe
File created	C:\Program Files (x86)\DriverGuide Toolkit\license.txt	driverguide.exe
File created	C:\Program Files (x86)\DriverGuide Toolkit\unknown.dat	driverguide.exe
File created	C:\Program Files (x86)\DriverGuide Toolkit\bin\Codejock.DockingPane.v10.4.0.ocx	driverguide.exe
File created	C:\Program Files (x86)\DriverGuide Toolkit\bin\Codejock.PropertyGrid.v10.4.0.ocx	driverguide.exe
File created	C:\Program Files (x86)\DriverGuide Toolkit\bin\Codejock.TaskPanel.v10.4.0.ocx	driverguide.exe
File created	C:\Program Files (x86)\DriverGuide Toolkit\drvgdtk2.exe	driverguide.exe
File created	C:\Program Files (x86)\DriverGuide Toolkit\in_toolkit.gif	driverguide.exe
File created	C:\Program Files (x86)\DriverGuide Toolkit\index.html	driverguide.exe
File created	C:\Program Files (x86)\DriverGuide Toolkit\Uninstall.exe	driverguide.exe
File created	C:\Program Files (x86)\DriverGuide Toolkit\MyUpdates_Windowless.exe	driverguide.exe
File created	C:\Program Files (x86)\DriverGuide Toolkit\bin\Codejock.ReportControl.v10.4.0.ocx	driverguide.exe
File created	C:\Program Files (x86)\DriverGuide Toolkit\bin\Codejock.CommandBars.v10.4.0.ocx	driverguide.exe
File created	C:\Program Files (x86)\DriverGuide Toolkit\common.dat	driverguide.exe
File created	C:\Program Files (x86)\DriverGuide Toolkit\footer_left.gif	driverguide.exe
File created	C:\Program Files (x86)\DriverGuide Toolkit\footer_middle.gif	driverguide.exe
File created	C:\Program Files (x86)\DriverGuide Toolkit\footer_right.gif	driverguide.exe
File created	C:\Program Files (x86)\DriverGuide Toolkit\header_middle.jpg	driverguide.exe
File created	C:\Program Files (x86)\DriverGuide Toolkit\header_right.jpg	driverguide.exe
File created	C:\Program Files (x86)\DriverGuide Toolkit\msxml3sp2cab.exe	driverguide.exe
File created	C:\Program Files (x86)\DriverGuide Toolkit\drvgdtk2.chm	driverguide.exe
File created	C:\Program Files (x86)\DriverGuide Toolkit\toolkit_widget.gif	driverguide.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E35E103-97D0-43D4-BEE8-9E2511D89F64}	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5B44EC52-B95B-45CF-98FF-A49DFEED5A92}\a.4\FLAGS\ = "2"	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{52B52C01-DF37-4943-A1F5-C25E673E385C}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Codejock.DockingPane.10.4	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32\ = "C:\\Windows\\SysWow64\\MSCOMCTL.OCX"	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D0D757C4-2BEC-4345-9B2B-D4E5CA2041ED}	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD9DA664-8594-11D1-B16A-00C0F0283628}\ProxyStubClsid32	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ADD113E7-46A4-4F99-83D8-C6D3C2B390FC}\ = "IRibbonBar"	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F9D51394-EC72-4E46-B453-A01E00457BFA}	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1DB2EAA7-60D3-4529-9973-3DEFE0F4ECC6}\ = "ITaskPanelItem"	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FBA49F02-30A2-44EC-80AB-2ED11DD3D998}\TypeLib	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\MiscStatus	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Scripting.Encoder\CLSID	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD9DA664-8594-11D1-B16A-00C0F0283628}\TypeLib	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{04DD39EA-6750-4257-A80A-A33F44022395}\TypeLib\Version = "a.4"	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5989CE5-E015-4F87-885D-DE3326A63BEA}\TypeLib\Version = "a.4"	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD4E1BEC-279F-453A-8384-B9A2624BDA42}	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}\TypeLib	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E3867AA-8586-11D1-B16A-00C0F0283628}\ProxyStubClsid32	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ABBB9842-AE6D-46A8-BC77-CEE7D5CE9ED7}\TypeLib\Version = "a.4"	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Codejock.TaskPanel.10.4	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A56F6C0F-BCC7-48A0-B69E-6DD726B9B309}\ = "PropExchange"	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ABC0C93B-61BC-4172-893C-CD3463CF2E01}\ProxyStubClsid32	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.Slider\ = "Microsoft Slider Control 6.0 (SP6)"	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C74190B7-8589-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\ToolboxBitmap32	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{766D57B8-F13D-483A-9BC8-356EB27078D2}\InprocServer32\ = "C:\\PROGRA~2\\DRIVER~1\\bin\\CODEJO~1.OCX"	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FFD64203-6A02-4F8B-878B-9E4B145D18A4}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E7A26CF2-EA27-4F14-ACF4-BB21467612F7}\TypeLib\Version = "a.4"	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4CB4E8F5-431E-4205-8436-144ACEEB0689}\Control	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8AE06900-0154-4A7F-BE36-82F6453CAE51}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD9DA662-8594-11D1-B16A-00C0F0283628}	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1935891D-B4E9-45C7-AAF6-EF340E785590}\TypeLib\ = "{555E8FCC-830E-45CC-AF00-A012D5AE7451}"	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DEDD39EA-6750-4257-A80A-A33F44022395}\ProxyStubClsid32	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A87BCC77-27BF-4CB1-9ABF-1788D9835223}\TypeLib\Version = "a.4"	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B4568A35-789A-40D9-B564-7577DA549319}\TypeLib\ = "{555E8FCC-830E-45CC-AF00-A012D5AE7451}"	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2B69783D-A5D8-4569-8690-592295C5583A}\ = "StatusBarPane"	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6599-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E7A26CF2-EA27-4F14-ACF4-BB21467612F7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A56F6C0F-BCC7-48A0-B69E-6DD726B9B309}\TypeLib\ = "{7CAC59E5-B703-4CCF-B326-8B956D962F27}"	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E17BCC77-27BF-4CB1-9ABF-1788D9835223}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\ToolboxBitmap32\ = "C:\\Windows\\SysWow64\\MSCOMCTL.OCX, 10"	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE9-8583-11D1-B16A-00C0F0283628}	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{844F2F9C-32FE-4CB3-AC1A-61C73E69D69C}	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C74190B5-8589-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD9DA664-8594-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DEC5479A-9E07-4079-924A-4CB1C11FC700}\ = "ICommandBarAction"	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4568A35-789A-40D9-B564-7577DA549319}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BEBCFF31-D2EF-4119-BBBB-8314B5794E11}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7CAC59E5-B703-4CCF-B326-8B956D962F27}\a.4\FLAGS\ = "2"	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE7-8583-11D1-B16A-00C0F0283628}	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8AE06900-0154-4A7F-BE36-82F6453CAE51}\ToolboxBitmap32	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DEC5479A-9E07-4079-924A-4CB1C11FC700}\TypeLib\ = "{555E8FCC-830E-45CC-AF00-A012D5AE7451}"	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E17BCC77-27BF-4CB1-9ABF-1788D9835223}	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4BA5027-B4A5-492F-ADA0-56E1B0772A53}\ = "IReportColumn"	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.SBarCtrl\ = "Microsoft StatusBar Control 6.0 (SP6)"	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C3B3E592-E0F3-48CF-BD1D-5305A4F46C99}\TypeLib	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C74190B8-8589-11D1-B16A-00C0F0283628}\ = "INode"	driverguide.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04E-858B-11D1-B16A-00C0F0283628}\ = "IListItem"	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B5989CE5-E015-4F87-885D-DE3326A63BEA}\ProxyStubClsid32	driverguide.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	driverguide.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: 33	424	drvgdtk2.exe
Token: SeIncBasePriorityPrivilege	424	drvgdtk2.exe
Token: 33	424	drvgdtk2.exe
Token: SeIncBasePriorityPrivilege	424	drvgdtk2.exe
Token: 33	1620	drvgdtk2.exe
Token: SeIncBasePriorityPrivilege	1620	drvgdtk2.exe
Token: 33	1620	drvgdtk2.exe
Token: SeIncBasePriorityPrivilege	1620	drvgdtk2.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 708	2148	driverguide.exe	66
PID 2148 wrote to memory of 708	2148	driverguide.exe	66
PID 2148 wrote to memory of 708	2148	driverguide.exe	66
PID 708 wrote to memory of 424	708	drvgdtk2.exe	67
PID 708 wrote to memory of 424	708	drvgdtk2.exe	67
PID 708 wrote to memory of 424	708	drvgdtk2.exe	67
PID 708 wrote to memory of 424	708	drvgdtk2.exe	67
PID 708 wrote to memory of 424	708	drvgdtk2.exe	67
PID 2360 wrote to memory of 1620	2360	drvgdtk2.exe	72
PID 2360 wrote to memory of 1620	2360	drvgdtk2.exe	72
PID 2360 wrote to memory of 1620	2360	drvgdtk2.exe	72
PID 2360 wrote to memory of 1620	2360	drvgdtk2.exe	72
PID 2360 wrote to memory of 1620	2360	drvgdtk2.exe	72

C:\Users\Admin\AppData\Local\Temp\driverguide.exe
"C:\Users\Admin\AppData\Local\Temp\driverguide.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Program Files (x86)\DriverGuide Toolkit\drvgdtk2.exe
  "C:\Program Files (x86)\DriverGuide Toolkit\drvgdtk2.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:708
- - C:\Program Files (x86)\DriverGuide Toolkit\drvgdtk2.exe
    "C:\Program Files (x86)\DriverGuide Toolkit\drvgdtk2.exe"
    3⤵
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:424

C:\Program Files (x86)\DriverGuide Toolkit\drvgdtk2.exe
"C:\Program Files (x86)\DriverGuide Toolkit\drvgdtk2.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Program Files (x86)\DriverGuide Toolkit\drvgdtk2.exe
  "C:\Program Files (x86)\DriverGuide Toolkit\drvgdtk2.exe"
  2⤵
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:1620

Network

DNS

86.8.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.8.109.52.in-addr.arpa

IN PTR

Response

51.132.193.104:443

322 B
7
209.197.3.8:80

322 B
7

8.8.8.8:53

86.8.109.52.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.8.109.52.in-addr.arpa

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\DriverGuide Toolkit\drvgdtk2.exe

Filesize
901KB

MD5
0c6171a8347ea92f0012fdb397332608

SHA1
37a2de124f1ceeb6cb884dcfbefe05167e99b385

SHA256
aaf282eb9deb547b5f4954d047cd5ed1ae51685276c182853b1f19a1ea4e48fe

SHA512
e9cc53b49e2f560f105425d683432c6e4fd25fb09aab91ccb5a97ed6dd6ef6ee7f178fb93f533238ed7b94043bc6d8f1f5bb078fa2859d8baad009a652f7a50b

Download Submit
C:\Program Files (x86)\DriverGuide Toolkit\drvgdtk2.exe

Filesize
901KB

MD5
0c6171a8347ea92f0012fdb397332608

SHA1
37a2de124f1ceeb6cb884dcfbefe05167e99b385

SHA256
aaf282eb9deb547b5f4954d047cd5ed1ae51685276c182853b1f19a1ea4e48fe

SHA512
e9cc53b49e2f560f105425d683432c6e4fd25fb09aab91ccb5a97ed6dd6ef6ee7f178fb93f533238ed7b94043bc6d8f1f5bb078fa2859d8baad009a652f7a50b

Download Submit
C:\Program Files (x86)\DriverGuide Toolkit\drvgdtk2.exe

Filesize
901KB

MD5
0c6171a8347ea92f0012fdb397332608

SHA1
37a2de124f1ceeb6cb884dcfbefe05167e99b385

SHA256
aaf282eb9deb547b5f4954d047cd5ed1ae51685276c182853b1f19a1ea4e48fe

SHA512
e9cc53b49e2f560f105425d683432c6e4fd25fb09aab91ccb5a97ed6dd6ef6ee7f178fb93f533238ed7b94043bc6d8f1f5bb078fa2859d8baad009a652f7a50b

Download Submit
C:\Program Files (x86)\DriverGuide Toolkit\drvgdtk2.exe

Filesize
901KB

MD5
0c6171a8347ea92f0012fdb397332608

SHA1
37a2de124f1ceeb6cb884dcfbefe05167e99b385

SHA256
aaf282eb9deb547b5f4954d047cd5ed1ae51685276c182853b1f19a1ea4e48fe

SHA512
e9cc53b49e2f560f105425d683432c6e4fd25fb09aab91ccb5a97ed6dd6ef6ee7f178fb93f533238ed7b94043bc6d8f1f5bb078fa2859d8baad009a652f7a50b

Download Submit
C:\Program Files (x86)\DriverGuide Toolkit\drvgdtk2.exe

Filesize
901KB

MD5
0c6171a8347ea92f0012fdb397332608

SHA1
37a2de124f1ceeb6cb884dcfbefe05167e99b385

SHA256
aaf282eb9deb547b5f4954d047cd5ed1ae51685276c182853b1f19a1ea4e48fe

SHA512
e9cc53b49e2f560f105425d683432c6e4fd25fb09aab91ccb5a97ed6dd6ef6ee7f178fb93f533238ed7b94043bc6d8f1f5bb078fa2859d8baad009a652f7a50b

Download Submit
C:\Program Files (x86)\DriverGuide Toolkit\drvgdtk2.exe

Filesize
901KB

MD5
0c6171a8347ea92f0012fdb397332608

SHA1
37a2de124f1ceeb6cb884dcfbefe05167e99b385

SHA256
aaf282eb9deb547b5f4954d047cd5ed1ae51685276c182853b1f19a1ea4e48fe

SHA512
e9cc53b49e2f560f105425d683432c6e4fd25fb09aab91ccb5a97ed6dd6ef6ee7f178fb93f533238ed7b94043bc6d8f1f5bb078fa2859d8baad009a652f7a50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc675B.tmp\InstallOptions.dll

Filesize
14KB

MD5
79be350c8381293abb045bbd2a7b5f0a

SHA1
0b4e6d482cae461e36c2b47661ef586545162e23

SHA256
3091623495d6e81bc0aa9182a55b0f93d3b2238102a44fd66943e46ed7eeaf51

SHA512
1d39bc13f2825bb4aee5832bc5c60603b62b3475e0075028a146981764e6796e68fdd752627f37f8bb198dcfce5a62efb6a6283366fc4874a8915008aa0a4c28

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc675B.tmp\ioSpecial.ini

Filesize
706B

MD5
1f5e77fbfbeee542459b5b17f1e34117

SHA1
06cdcb1e7696c39fb9c000742357b8357dbf0240

SHA256
8fe4ceeb2e53da012bf84e4678bb04605b5008c1a13f3fd71c0cf72bfed604ba

SHA512
9888ee61b12875ca300d90772d9be87ed1e4d754ddbc05997454c23100b7bcd84aa1a381ee899813dc92657844f0852fcc0252eb129e04ea8233e75b565c4afa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc675B.tmp\ioSpecial.ini

Filesize
673B

MD5
03272cf0701091c675059e4eacdaa9da

SHA1
1b1755eef1ec92f3590c283ee6d408eb0f22fb13

SHA256
bbfc370438d8323acf4de4980cfd630a764541f795628d16c506c33595cf89a4

SHA512
19a3529222769106c6e14085d25162b2b66c4774d011d3b74f284d5ae52bd61b946b571da8b14de59869b4923c7eb8de6e8716119f720b5607f6da892d2dd095

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc675B.tmp\ioSpecial.ini

Filesize
896B

MD5
3fce943edeb9ccb43a429a6c67d00e84

SHA1
53f0826192e13a6229dfdb43a4980aa92bbf7592

SHA256
a1226e060eed2afd21e784c790072859446c4557199bbcf0b0e3646d7f5ce706

SHA512
250bd2cd1a3db4df3056beb739ef6ee48f17273a9dce4fcbf755c355da19d49df68f485b6f0d757265d8fdcfdc219d889bb90a792ecbf8aa15adfbbea9e93efd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc675B.tmp\ioSpecial.ini

Filesize
896B

MD5
3fce943edeb9ccb43a429a6c67d00e84

SHA1
53f0826192e13a6229dfdb43a4980aa92bbf7592

SHA256
a1226e060eed2afd21e784c790072859446c4557199bbcf0b0e3646d7f5ce706

SHA512
250bd2cd1a3db4df3056beb739ef6ee48f17273a9dce4fcbf755c355da19d49df68f485b6f0d757265d8fdcfdc219d889bb90a792ecbf8aa15adfbbea9e93efd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc675B.tmp\ioSpecial.ini

Filesize
935B

MD5
00102e0e9b6bb50d1165a0da75fa17f6

SHA1
0f3a29a874a37f605363387efbd39149735dbb4b

SHA256
c9672fc4f1f526a6ceec626b7046b6bb289df316eca322b3276ea1ac7929f35e

SHA512
a2e80c01cf796555b35c82fef2ce1ec1508646fa17e00faefcf5eaf6dbb09012e45cb8e40be3a9b756bc332c372f324fc2b34904c39f474f9926935952812c6a

Download Submit
\Program Files (x86)\DriverGuide Toolkit\bin\Codejock.CommandBars.v10.4.0.ocx

Filesize
1.6MB

MD5
74e6b7174148e9e84105e5275507bdf8

SHA1
165eae4a613b90c4f7d3625377d11b03ce174111

SHA256
af9f2ba84d0fbf9a9079279168c6e3158d3ad8e10409735fae79721ebb1e5fee

SHA512
434b54b2e38190945ba8d09283344858994b37a7ec25eaf458eccccd917fe68a50c27d15104c81ff65322c3221fc37bd7310202acfc410087bae41b0428ab404

Download Submit
\Program Files (x86)\DriverGuide Toolkit\bin\Codejock.DockingPane.v10.4.0.ocx

Filesize
698KB

MD5
55263a9ae7fbde2cec0a2d01c3e26434

SHA1
bee46b9b49fc1c032ddd98565ead57d2195d33f1

SHA256
77af212d2d70ab1ccd6bd0b53ea89a76c9233b16ebc606da950d3de7f4a50a1a

SHA512
9df65d2911ba479238865ba783308417f432d6d286dd5c7e06ddbe069d42ca05e4231708b09ad0ad013c27222a5aeffd835b61762e2c00183a0dbdb3e8988415

Download Submit
\Program Files (x86)\DriverGuide Toolkit\bin\Codejock.PropertyGrid.v10.4.0.ocx

Filesize
502KB

MD5
9482b5292adad78299ed19d41bf0838b

SHA1
700badf1445171c46a03933b232df2443764bdb9

SHA256
2b97e4f315f810feb19affb30b2c6442afcfe877f8460c53af4de501b1dbbe98

SHA512
3ff798caec04bc02d8811f9696576747e9fe135be6083e9ce5d2af84fbfe632f6b7f792b4ae6970f28b8417b12a35ac3093a3c495d22499c5142e3accf60c4ca

Download Submit
\Program Files (x86)\DriverGuide Toolkit\bin\Codejock.ReportControl.v10.4.0.ocx

Filesize
602KB

MD5
5f7a2e34170f51c8df47301741611e82

SHA1
5de4622b58355c202d9f4f080b8818588491e628

SHA256
dfbdb9996d72b58ef6eec4a88e709ec0f8e66bb8e2477c0d04bad90faa79eb25

SHA512
4bd56e1e59ba49bb42e3ee4362919453381b1fe815311f2440f3988dbbb2a7e910b5f97e955733f8bf3c96a5665b39ffd4bf5eb1a9fc0341cae6046d2d53f2b1

Download Submit
\Program Files (x86)\DriverGuide Toolkit\bin\Codejock.TaskPanel.v10.4.0.ocx

Filesize
462KB

MD5
d2c08998cf5ab6217a0dabd7d85d7ac6

SHA1
6294060c38d583a9a647c41ccbf7da86045127d4

SHA256
4a2acf0e52bd74bfb71b3b7b3ceba9b7f0183c4c2024afab9155e98f5d74b634

SHA512
42596f53286a35064578b03b00b213af9dfb911b1e476596cedb0e893796a6ab12c8f20d27e3dc328d8e4f6202240a57b4d380366cfe0821880b3fa357397437

Download Submit
\Users\Admin\AppData\Local\Temp\nsc675B.tmp\InstallOptions.dll

Filesize
14KB

MD5
79be350c8381293abb045bbd2a7b5f0a

SHA1
0b4e6d482cae461e36c2b47661ef586545162e23

SHA256
3091623495d6e81bc0aa9182a55b0f93d3b2238102a44fd66943e46ed7eeaf51

SHA512
1d39bc13f2825bb4aee5832bc5c60603b62b3475e0075028a146981764e6796e68fdd752627f37f8bb198dcfce5a62efb6a6283366fc4874a8915008aa0a4c28

Download Submit
\Users\Admin\AppData\Local\Temp\nsc675B.tmp\InstallOptions.dll

Filesize
14KB

MD5
79be350c8381293abb045bbd2a7b5f0a

SHA1
0b4e6d482cae461e36c2b47661ef586545162e23

SHA256
3091623495d6e81bc0aa9182a55b0f93d3b2238102a44fd66943e46ed7eeaf51

SHA512
1d39bc13f2825bb4aee5832bc5c60603b62b3475e0075028a146981764e6796e68fdd752627f37f8bb198dcfce5a62efb6a6283366fc4874a8915008aa0a4c28

Download Submit
\Windows\SysWOW64\MSCOMCTL.OCX

Filesize
1.0MB

MD5
ecc7d7f0d3446de36045d1d9e964fafe

SHA1
da6b0ec081d628c33b150327f3bd16d3b7fa4729

SHA256
bc58d624ceea02ab086f1cce809c992bf5a7105e88931853317a2f5aa5afd6e4

SHA512
443de697be9886cd97235e6468f3a7f6bf11612711e54dba31431b0d9418672e1434e839ed50cacf28107f692f0c9d9d2f57d90e3a843d81015d459c180db632

Download Submit
memory/424-428-0x0000000000400000-0x00000000006E2000-memory.dmp

Filesize
2.9MB

Download
memory/424-426-0x0000000000400000-0x00000000006E2000-memory.dmp

Filesize
2.9MB

Download
memory/424-424-0x0000000000400000-0x00000000006E2000-memory.dmp

Filesize
2.9MB

Download
memory/424-418-0x00000000020C0000-0x0000000002109000-memory.dmp

Filesize
292KB

Download
memory/708-425-0x0000000000400000-0x00000000006E2000-memory.dmp

Filesize
2.9MB

Download
memory/708-427-0x0000000000400000-0x00000000006E2000-memory.dmp

Filesize
2.9MB

Download
memory/708-422-0x0000000000400000-0x00000000006E2000-memory.dmp

Filesize
2.9MB

Download
memory/1620-431-0x00000000007C0000-0x0000000000809000-memory.dmp

Filesize
292KB

Download
memory/1620-437-0x0000000000400000-0x00000000006E2000-memory.dmp

Filesize
2.9MB

Download
memory/1620-440-0x0000000000400000-0x00000000006E2000-memory.dmp

Filesize
2.9MB

Download
memory/2360-436-0x0000000000400000-0x00000000006E2000-memory.dmp

Filesize
2.9MB

Download
memory/2360-439-0x0000000000400000-0x00000000006E2000-memory.dmp

Filesize
2.9MB

Download