Analysis
-
max time kernel
300s -
max time network
301s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
07-02-2024 20:57
Static task
static1
Behavioral task
behavioral1
Sample
NvSmartMax.rar
Resource
win7-20231215-en
General
-
Target
NvSmartMax.rar
-
Size
146KB
-
MD5
c56cac95726fd10b5a85be1c87336354
-
SHA1
b29b5a35c3ecd559047e8477e949ac72e9bdc52d
-
SHA256
e49e2826c4d9fae960ca6baecd6754400e5da74446c5b511beb15831b42f2b1d
-
SHA512
d6dd8283320330199e9235e4e8bb2ed7995f5c6cb51a08e2118502660bc8ce29d7490198e1dcba9641b199b8d7f80c1708948230b69392cfd8391c5a7d505ab5
-
SSDEEP
3072:MljIdulYQyNl7bAT+JbjClf00YM8SzR1hv0iuzFWC9FnbfztQf:Mj+uqXAT6jClkao5WCrbCf
Malware Config
Signatures
-
Detects PlugX payload 25 IoCs
Processes:
resource yara_rule behavioral1/memory/300-37-0x0000000000280000-0x00000000002B0000-memory.dmp family_plugx behavioral1/memory/300-36-0x0000000000280000-0x00000000002B0000-memory.dmp family_plugx behavioral1/memory/868-57-0x0000000000280000-0x00000000002B0000-memory.dmp family_plugx behavioral1/memory/868-56-0x0000000000280000-0x00000000002B0000-memory.dmp family_plugx behavioral1/memory/1400-71-0x0000000000180000-0x00000000001B0000-memory.dmp family_plugx behavioral1/memory/1400-93-0x0000000000180000-0x00000000001B0000-memory.dmp family_plugx behavioral1/memory/1400-97-0x0000000000180000-0x00000000001B0000-memory.dmp family_plugx behavioral1/memory/1400-96-0x0000000000180000-0x00000000001B0000-memory.dmp family_plugx behavioral1/memory/1400-94-0x0000000000180000-0x00000000001B0000-memory.dmp family_plugx behavioral1/memory/1400-95-0x0000000000180000-0x00000000001B0000-memory.dmp family_plugx behavioral1/memory/1400-92-0x0000000000180000-0x00000000001B0000-memory.dmp family_plugx behavioral1/memory/1400-88-0x0000000000180000-0x00000000001B0000-memory.dmp family_plugx behavioral1/memory/1400-87-0x0000000000180000-0x00000000001B0000-memory.dmp family_plugx behavioral1/memory/1400-86-0x0000000000180000-0x00000000001B0000-memory.dmp family_plugx behavioral1/memory/300-76-0x0000000000280000-0x00000000002B0000-memory.dmp family_plugx behavioral1/memory/1400-69-0x0000000000180000-0x00000000001B0000-memory.dmp family_plugx behavioral1/memory/1332-62-0x0000000000410000-0x0000000000440000-memory.dmp family_plugx behavioral1/memory/1332-61-0x0000000000410000-0x0000000000440000-memory.dmp family_plugx behavioral1/memory/868-98-0x0000000000280000-0x00000000002B0000-memory.dmp family_plugx behavioral1/memory/1400-100-0x0000000000180000-0x00000000001B0000-memory.dmp family_plugx behavioral1/memory/432-108-0x0000000000260000-0x0000000000290000-memory.dmp family_plugx behavioral1/memory/432-113-0x0000000000260000-0x0000000000290000-memory.dmp family_plugx behavioral1/memory/432-112-0x0000000000260000-0x0000000000290000-memory.dmp family_plugx behavioral1/memory/1400-115-0x0000000000180000-0x00000000001B0000-memory.dmp family_plugx behavioral1/memory/432-116-0x0000000000260000-0x0000000000290000-memory.dmp family_plugx -
Executes dropped EXE 3 IoCs
Processes:
Nv.exeNv.exeNv.exepid process 300 Nv.exe 868 Nv.exe 1332 Nv.exe -
Loads dropped DLL 3 IoCs
Processes:
Nv.exeNv.exeNv.exepid process 300 Nv.exe 868 Nv.exe 1332 Nv.exe -
Drops file in System32 directory 1 IoCs
Processes:
svchost.exedescription ioc process File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat svchost.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies data under HKEY_USERS 37 IoCs
Processes:
svchost.exedescription ioc process Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\be-23-f0-4f-e6-3d\WpadDecisionReason = "1" svchost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform svchost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad svchost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F9CFB05F-5D2C-4498-8341-80F1C9A9D229} svchost.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\be-23-f0-4f-e6-3d\WpadDecisionTime = 50c3f4cc085ada01 svchost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings svchost.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000003000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f002d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 svchost.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F9CFB05F-5D2C-4498-8341-80F1C9A9D229}\WpadNetworkName = "Network 3" svchost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F9CFB05F-5D2C-4498-8341-80F1C9A9D229}\be-23-f0-4f-e6-3d svchost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0 svchost.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" svchost.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F9CFB05F-5D2C-4498-8341-80F1C9A9D229}\WpadDecisionReason = "1" svchost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections svchost.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0" svchost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\be-23-f0-4f-e6-3d svchost.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\be-23-f0-4f-e6-3d\WpadDecision = "0" svchost.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F9CFB05F-5D2C-4498-8341-80F1C9A9D229}\WpadDecisionTime = 50c3f4cc085ada01 svchost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft svchost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion svchost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent svchost.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0" svchost.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F9CFB05F-5D2C-4498-8341-80F1C9A9D229}\WpadDecision = "0" svchost.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\be-23-f0-4f-e6-3d\WpadDetectedUrl svchost.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000004000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f002d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 svchost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings svchost.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 svchost.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix svchost.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F9CFB05F-5D2C-4498-8341-80F1C9A9D229}\WpadDecisionTime = f0deeb65085ada01 svchost.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\be-23-f0-4f-e6-3d\WpadDecisionTime = f0deeb65085ada01 svchost.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" svchost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform svchost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows svchost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent svchost.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1" svchost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE svchost.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 svchost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ svchost.exe -
Modifies registry class 2 IoCs
Processes:
svchost.exedescription ioc process Key created \REGISTRY\MACHINE\Software\CLASSES\FAST svchost.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\FAST\CLSID = 44003700350035003200370035004200340030003300300041003200300031000000 svchost.exe -
Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
Processes:
Nv.exepid process 300 Nv.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
Nv.exesvchost.exemsiexec.exepid process 300 Nv.exe 1400 svchost.exe 1400 svchost.exe 1400 svchost.exe 1400 svchost.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 1400 svchost.exe 1400 svchost.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 1400 svchost.exe 1400 svchost.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 1400 svchost.exe 1400 svchost.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 1400 svchost.exe 1400 svchost.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 432 msiexec.exe 1400 svchost.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
Processes:
svchost.exemsiexec.exepid process 1400 svchost.exe 432 msiexec.exe -
Suspicious use of AdjustPrivilegeToken 16 IoCs
Processes:
7zFM.exe7zG.exeNv.exeNv.exeNv.exesvchost.exemsiexec.exedescription pid process Token: SeRestorePrivilege 2800 7zFM.exe Token: 35 2800 7zFM.exe Token: SeRestorePrivilege 2940 7zG.exe Token: 35 2940 7zG.exe Token: SeSecurityPrivilege 2940 7zG.exe Token: SeSecurityPrivilege 2940 7zG.exe Token: SeDebugPrivilege 300 Nv.exe Token: SeTcbPrivilege 300 Nv.exe Token: SeDebugPrivilege 868 Nv.exe Token: SeTcbPrivilege 868 Nv.exe Token: SeDebugPrivilege 1332 Nv.exe Token: SeTcbPrivilege 1332 Nv.exe Token: SeDebugPrivilege 1400 svchost.exe Token: SeTcbPrivilege 1400 svchost.exe Token: SeDebugPrivilege 432 msiexec.exe Token: SeTcbPrivilege 432 msiexec.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
7zFM.exe7zG.exepid process 2800 7zFM.exe 2940 7zG.exe -
Suspicious use of WriteProcessMemory 28 IoCs
Processes:
cmd.execmd.exeNv.exesvchost.exedescription pid process target process PID 2772 wrote to memory of 2800 2772 cmd.exe 7zFM.exe PID 2772 wrote to memory of 2800 2772 cmd.exe 7zFM.exe PID 2772 wrote to memory of 2800 2772 cmd.exe 7zFM.exe PID 2160 wrote to memory of 300 2160 cmd.exe Nv.exe PID 2160 wrote to memory of 300 2160 cmd.exe Nv.exe PID 2160 wrote to memory of 300 2160 cmd.exe Nv.exe PID 2160 wrote to memory of 300 2160 cmd.exe Nv.exe PID 1332 wrote to memory of 1400 1332 Nv.exe svchost.exe PID 1332 wrote to memory of 1400 1332 Nv.exe svchost.exe PID 1332 wrote to memory of 1400 1332 Nv.exe svchost.exe PID 1332 wrote to memory of 1400 1332 Nv.exe svchost.exe PID 1332 wrote to memory of 1400 1332 Nv.exe svchost.exe PID 1332 wrote to memory of 1400 1332 Nv.exe svchost.exe PID 1332 wrote to memory of 1400 1332 Nv.exe svchost.exe PID 1332 wrote to memory of 1400 1332 Nv.exe svchost.exe PID 1332 wrote to memory of 1400 1332 Nv.exe svchost.exe PID 1400 wrote to memory of 432 1400 svchost.exe msiexec.exe PID 1400 wrote to memory of 432 1400 svchost.exe msiexec.exe PID 1400 wrote to memory of 432 1400 svchost.exe msiexec.exe PID 1400 wrote to memory of 432 1400 svchost.exe msiexec.exe PID 1400 wrote to memory of 432 1400 svchost.exe msiexec.exe PID 1400 wrote to memory of 432 1400 svchost.exe msiexec.exe PID 1400 wrote to memory of 432 1400 svchost.exe msiexec.exe PID 1400 wrote to memory of 432 1400 svchost.exe msiexec.exe PID 1400 wrote to memory of 432 1400 svchost.exe msiexec.exe PID 1400 wrote to memory of 432 1400 svchost.exe msiexec.exe PID 1400 wrote to memory of 432 1400 svchost.exe msiexec.exe PID 1400 wrote to memory of 432 1400 svchost.exe msiexec.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\NvSmartMax.rar1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\NvSmartMax.rar"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\" -an -ai#7zMap19207:100:7zEvent69801⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Nv.exenv2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: CmdExeWriteProcessMemorySpam
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\ProgramData\SxS\Nv.exe"C:\ProgramData\SxS\Nv.exe" 100 3001⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe 201 01⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msiexec.exeC:\Windows\system32\msiexec.exe 209 14002⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\ProgramData\SxS\Nv.exe"C:\ProgramData\SxS\Nv.exe" 200 01⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\SxS\Nv.exeFilesize
35KB
MD5567454f23114827bb6394cb2a39b7558
SHA1348df1cf1896359afb60e377844e42e6b6cecbd5
SHA25612cc8beee16c16ab409971054335a73bec15e94210e5d388660ab6b1a69faeb1
SHA512132faf68816aef41c369b1b20de453e7a83522eeab3d03b3608b972ec1393403e67195c72d1a65ac9d8e4037d535cafe75db4bce77ec7b9525eee73101e60b82
-
C:\ProgramData\SxS\Nv.exeFilesize
16KB
MD56fb42249972ff72e4394978cada4b151
SHA1a1fdd01e6ba9f6a003ff1e9db35e1ab2975a67ec
SHA256aaf8f9a8be670616731a5f5b41ad3e9d20e601c9dd46d1acb3908483d2cce7c3
SHA512ce47cf4b800ab0db9c6785716611c58ded64e421f3290dc44b8a615f2d35738e6a728981c5844eea735a7edf1b6e519a1fd50c44679f8048d6b4384c1af51e41
-
C:\ProgramData\SxS\Nv.mp3Filesize
10KB
MD556e2d0804ef02eb06b67198316438ede
SHA144801d650f56beab5eaa1ba5527d8799adb4e727
SHA2568728bd42eed8b4c4b558992531d0c44697d47c7bfcf60c2aa1e54eb1743b535d
SHA51232c33413a93d5d0261b50be454fbf2d74f3b4d63b5585b50523fb4826aea454c23659d6d0c109aee5620d59771861b83e8ce910ed07abc3e693779e3db2783b3
-
C:\ProgramData\SxS\Nv.mp3Filesize
45KB
MD58181e25b82b809075936cd5871307499
SHA1d442f3e6367593cdb4d1b04857a3e2347860570e
SHA256aca64c47b8d224d84e1a30ed841fb67540629d6955710d19d466f6f778440101
SHA51270b8575ad3da85c8e180f91a8f62858ed48f8ef2c52e520172e43c43b514a6e73c86c7dcde47a8c09bc33355ea2dd33753bf621ce3f8dc908699d9b6d75eaa2f
-
C:\ProgramData\SxS\NvSmartMax.dllFilesize
1KB
MD5364aedd62318de58603f5cbe59be1f2b
SHA1929fd4750f7c9bc235477464c164a9034b5b0332
SHA256fa9a0fec3ed1c6a008ed862ca53559039183e4288b0e8bd2ceebef430d850d1a
SHA512261e85eb361e53d51996dcba71a7e761bc875ddaaf71f31a18d2ddb3d7c07af9f337584b7b7440e8f2368b5aa33ee9035540cae7ea3e52c4ee71bc6e4f854b3c
-
C:\ProgramData\SxS\bug.logFilesize
580B
MD5517274021f580090e3b05ffcf8049ffe
SHA1013bafab4586b02209594039e633c08139b2c517
SHA2560669976ab7464092d492ec079fb18c2c3c2b390cd1a5cdd581000255287095c5
SHA5128f4b4eaf1c25c0046d249d4009bfd00d752a7673f863f77cbc5030b157da4d3099d9a04474f729aa4542749379c96eab1512a6afa0f90880f180268effca9745
-
C:\ProgramData\SxS\bug.logFilesize
742B
MD55a9f634c4d5f649b9b8ab461c26af052
SHA1b4a10800ea5198e0d9dd7e3136ab06d96eab43bb
SHA2568484070442fbfcac840caeba03b383b4e82fa5bf7aba6e85728ff65043e3e933
SHA5124721f5d1f76d159d3d6537da7e75872ba5665094b14ffa313139c74eb6068b9e0170e0ae531938360be00a26ba0893cacbf285bfc5bff028b4e7ec17521e933c
-
C:\Users\Admin\AppData\Local\Temp\Nv.exeFilesize
46KB
MD509b8b54f78a10c435cd319070aa13c28
SHA16474d0369f97e72e01e4971128d1062f5c2b3656
SHA256523d28df917f9d265cd2c0d38df26277bc56a535145100ed82e6f5fdeaae7256
SHA512c1f2f5c4aa5eb55d255e22db032da954a38a0204fb4d9bc76042f140f1b1e171944aa09b0eb11159323a8b9f33974c73fd32a4f76d976aaa8a16cc9c60a34ca7
-
C:\Users\Admin\AppData\Local\Temp\Nv.mp3Filesize
120KB
MD55ef7c3bcbc11cd02c95e509b226eebe9
SHA1794a90212d226628c8ce4441c3418c1ecca0e3b8
SHA2563d64e638f961b922398e2efaf75504da007e41ea979f213f8eb4f83e00efeebb
SHA512c86f464f736125d8fb499efe2555cae1aea5d67fbf15be816883e058ad9107eb399d3ade6c5afe811a2eb59ebdc1d52c992124359fa26085a650eb940fe2eae4
-
C:\Users\Admin\AppData\Local\Temp\NvSmartMax.dllFilesize
20KB
MD50b21678ed8e2b117344cfceba8f097dd
SHA1db53bb022cb6de016713f1570f2ae501f20f9c76
SHA256eaaa7899b37a3b04dcd02ad6d51e83e035be535f129773621ef0f399a2a98ee3
SHA512182268649b360f44f021570ddc9290f5051a8be556ffd66355bc325027ba48c5fe824e1bea925411bdaef4c17e0f3d81a1d3c710b59c4462540d567da625a41a
-
\ProgramData\SxS\NvSmartMax.dllFilesize
5KB
MD5efbc7e63b808809fb97023ff97d43e93
SHA1121f600b8e378d7c5f4f1b761b81f5b210c97f58
SHA256d6c84f55958192cd12715bb52b8ca130c2df4f93ea3c8adfcc929263ce29902e
SHA5127a36aa0cbb546e7b3425c109e241b4e8645d51175bb7d3525bd408d967d860455cc376e757c2ef00d4a99a3ba76c73727b6397876b88d267a04d27a82bf7d990
-
memory/300-36-0x0000000000280000-0x00000000002B0000-memory.dmpFilesize
192KB
-
memory/300-76-0x0000000000280000-0x00000000002B0000-memory.dmpFilesize
192KB
-
memory/300-35-0x0000000000410000-0x0000000000510000-memory.dmpFilesize
1024KB
-
memory/300-37-0x0000000000280000-0x00000000002B0000-memory.dmpFilesize
192KB
-
memory/432-110-0x0000000000090000-0x0000000000091000-memory.dmpFilesize
4KB
-
memory/432-113-0x0000000000260000-0x0000000000290000-memory.dmpFilesize
192KB
-
memory/432-108-0x0000000000260000-0x0000000000290000-memory.dmpFilesize
192KB
-
memory/432-112-0x0000000000260000-0x0000000000290000-memory.dmpFilesize
192KB
-
memory/432-116-0x0000000000260000-0x0000000000290000-memory.dmpFilesize
192KB
-
memory/868-98-0x0000000000280000-0x00000000002B0000-memory.dmpFilesize
192KB
-
memory/868-57-0x0000000000280000-0x00000000002B0000-memory.dmpFilesize
192KB
-
memory/868-56-0x0000000000280000-0x00000000002B0000-memory.dmpFilesize
192KB
-
memory/1332-61-0x0000000000410000-0x0000000000440000-memory.dmpFilesize
192KB
-
memory/1332-62-0x0000000000410000-0x0000000000440000-memory.dmpFilesize
192KB
-
memory/1400-92-0x0000000000180000-0x00000000001B0000-memory.dmpFilesize
192KB
-
memory/1400-85-0x0000000000020000-0x0000000000021000-memory.dmpFilesize
4KB
-
memory/1400-86-0x0000000000180000-0x00000000001B0000-memory.dmpFilesize
192KB
-
memory/1400-69-0x0000000000180000-0x00000000001B0000-memory.dmpFilesize
192KB
-
memory/1400-67-0x0000000000100000-0x0000000000101000-memory.dmpFilesize
4KB
-
memory/1400-65-0x0000000000120000-0x000000000013D000-memory.dmpFilesize
116KB
-
memory/1400-63-0x0000000000100000-0x0000000000101000-memory.dmpFilesize
4KB
-
memory/1400-87-0x0000000000180000-0x00000000001B0000-memory.dmpFilesize
192KB
-
memory/1400-88-0x0000000000180000-0x00000000001B0000-memory.dmpFilesize
192KB
-
memory/1400-95-0x0000000000180000-0x00000000001B0000-memory.dmpFilesize
192KB
-
memory/1400-94-0x0000000000180000-0x00000000001B0000-memory.dmpFilesize
192KB
-
memory/1400-100-0x0000000000180000-0x00000000001B0000-memory.dmpFilesize
192KB
-
memory/1400-96-0x0000000000180000-0x00000000001B0000-memory.dmpFilesize
192KB
-
memory/1400-97-0x0000000000180000-0x00000000001B0000-memory.dmpFilesize
192KB
-
memory/1400-93-0x0000000000180000-0x00000000001B0000-memory.dmpFilesize
192KB
-
memory/1400-71-0x0000000000180000-0x00000000001B0000-memory.dmpFilesize
192KB
-
memory/1400-115-0x0000000000180000-0x00000000001B0000-memory.dmpFilesize
192KB
-
memory/1400-66-0x0000000000140000-0x0000000000142000-memory.dmpFilesize
8KB