detection.wiki

Detection rules › Sigma

Vulnerable Driver Load By Name

Severity
low
Author
Nasreddine Bencherchali (Nextron Systems)
Source
upstream

Detects the load of known vulnerable drivers via the file name of the drivers.

MITRE ATT&CK coverage

TacticTechniques
PersistenceT1543.003 Create or Modify System Process: Windows Service
Privilege EscalationT1068 Exploitation for Privilege Escalation, T1543.003 Create or Modify System Process: Windows Service

Event coverage

ProviderEvent IDTitle
Sysmon6Driver loaded

Stages and Predicates

Stage 1: selection

or:
ImageLoaded|endswith: '\1.sys'
ImageLoaded|endswith: '\80.sys'
ImageLoaded|endswith: '\81.sys'
ImageLoaded|endswith: '\adv64drv.sys'
ImageLoaded|endswith: '\agent64.sys'
ImageLoaded|endswith: '\alsysio64.sys'
ImageLoaded|endswith: '\amdpowerprofiler.sys'
ImageLoaded|endswith: '\amdryzenmasterdriver.sys'
ImageLoaded|endswith: '\amifldrv64.sys'
ImageLoaded|endswith: '\amigendrv64.sys'
ImageLoaded|endswith: '\amp.sys'
ImageLoaded|endswith: '\amsdk.sys'
ImageLoaded|endswith: '\aoddriver.sys'
ImageLoaded|endswith: '\asio.sys'
ImageLoaded|endswith: '\asio32.sys'
ImageLoaded|endswith: '\asio64.sys'
ImageLoaded|endswith: '\asmio64.sys'
ImageLoaded|endswith: '\asmmap64.sys'
ImageLoaded|endswith: '\asrautochkupddrv.sys'
ImageLoaded|endswith: '\asrdrv10.sys'
ImageLoaded|endswith: '\asrdrv101.sys'
ImageLoaded|endswith: '\asrdrv102.sys'
ImageLoaded|endswith: '\asrdrv103.sys'
ImageLoaded|endswith: '\asrdrv104.sys'
ImageLoaded|endswith: '\asrdrv106.sys'
ImageLoaded|endswith: '\asribdrv.sys'
ImageLoaded|endswith: '\asromgdrv.sys'
ImageLoaded|endswith: '\asrrapidstartdrv.sys'
ImageLoaded|endswith: '\asrsetupdrv103.sys'
ImageLoaded|endswith: '\asrsmartconnectdrv.sys'
ImageLoaded|endswith: '\asupio.sys'
ImageLoaded|endswith: '\asupio64.sys'
ImageLoaded|endswith: '\aswarpot.sys'
ImageLoaded|endswith: '\aswvmm.sys'
ImageLoaded|endswith: '\atillk64.sys'
ImageLoaded|endswith: '\atlaccess.sys'
ImageLoaded|endswith: '\atszio.sys'
ImageLoaded|endswith: '\atszio64.sys'
ImageLoaded|endswith: '\avalueio.sys'
ImageLoaded|endswith: '\b.sys'
ImageLoaded|endswith: '\b1.sys'
ImageLoaded|endswith: '\b3.sys'
ImageLoaded|endswith: '\b4.sys'
ImageLoaded|endswith: '\bandai.sys'
ImageLoaded|endswith: '\bedaisy.sys'
ImageLoaded|endswith: '\black.sys'
ImageLoaded|endswith: '\blackbonedrv10.sys'
ImageLoaded|endswith: '\bs_def.sys'
ImageLoaded|endswith: '\bs_def64.sys'
ImageLoaded|endswith: '\bs_flash64.sys'
ImageLoaded|endswith: '\bs_hwmio64.sys'
ImageLoaded|endswith: '\bs_hwmio64_w10.sys'
ImageLoaded|endswith: '\bs_i2c64.sys'
ImageLoaded|endswith: '\bs_i2cio.sys'
ImageLoaded|endswith: '\bs_rcio.sys'
ImageLoaded|endswith: '\bs_rcio64.sys'
ImageLoaded|endswith: '\bs_rciow1064.sys'
ImageLoaded|endswith: '\bsmemx64.sys'
ImageLoaded|endswith: '\bsmi.sys'
ImageLoaded|endswith: '\bsmix64.sys'
ImageLoaded|endswith: '\bsmixp64.sys'
ImageLoaded|endswith: '\bw.sys'
ImageLoaded|endswith: '\bwrs.sys'
ImageLoaded|endswith: '\bwrsh.sys'
ImageLoaded|endswith: '\c.sys'
ImageLoaded|endswith: '\capcom.sys'
ImageLoaded|endswith: '\cg6kwin2k.sys'
ImageLoaded|endswith: '\chaos-rootkit.sys'
ImageLoaded|endswith: '\citmdrv_amd64.sys'
ImageLoaded|endswith: '\citmdrv_ia64.sys'
ImageLoaded|endswith: '\computerz.sys'
ImageLoaded|endswith: '\corsairllaccess64.sys'
ImageLoaded|endswith: '\cp2x72c.sys'
ImageLoaded|endswith: '\cpupress.sys'
ImageLoaded|endswith: '\cpuz.sys'
ImageLoaded|endswith: '\cpuz141.sys'
ImageLoaded|endswith: '\cpuz_x64.sys'
ImageLoaded|endswith: '\ctiio64.sys'
ImageLoaded|endswith: '\cupfixerx64.sys'
ImageLoaded|endswith: '\d.sys'
ImageLoaded|endswith: '\d2.sys'
ImageLoaded|endswith: '\d3.sys'
ImageLoaded|endswith: '\d4.sys'
ImageLoaded|endswith: '\dbk64.sys'
ImageLoaded|endswith: '\dbutil.sys'
ImageLoaded|endswith: '\dbutil_2_3.sys'
ImageLoaded|endswith: '\dbutildrv2.sys'
ImageLoaded|endswith: '\dcprotect.sys'
ImageLoaded|endswith: '\dcr.sys'
ImageLoaded|endswith: '\dellbios.sys'
ImageLoaded|endswith: '\dh_kernel.sys'
ImageLoaded|endswith: '\dh_kernel_10.sys'
ImageLoaded|endswith: '\directio.sys'
ImageLoaded|endswith: '\directio32.sys'
ImageLoaded|endswith: '\directio64.sys'
ImageLoaded|endswith: '\driver7-x64.sys'
ImageLoaded|endswith: '\driver7-x86-withoutdbg.sys'
ImageLoaded|endswith: '\driver7-x86.sys'
ImageLoaded|endswith: '\echo_driver.sys'
ImageLoaded|endswith: '\ecsiodriverx64.sys'
ImageLoaded|endswith: '\eio.sys'
ImageLoaded|endswith: '\elbycdio.sys'
ImageLoaded|endswith: '\elrawdsk.sys'
ImageLoaded|endswith: '\ene.sys'
ImageLoaded|endswith: '\eneio64.sys'
ImageLoaded|endswith: '\enetechio64.sys'
ImageLoaded|endswith: '\etdsupp.sys'
ImageLoaded|endswith: '\fairplaykd.sys'
ImageLoaded|endswith: '\fd3b7234419fafc9bdd533f48896ed73_b816c5cd.sys'
ImageLoaded|endswith: '\fh-ethercat_dio.sys'
ImageLoaded|endswith: '\fiddrv.sys'
ImageLoaded|endswith: '\fiddrv64.sys'
ImageLoaded|endswith: '\fidpcidrv.sys'
ImageLoaded|endswith: '\fidpcidrv64.sys'
ImageLoaded|endswith: '\fpcie2com.sys'
ImageLoaded|endswith: '\full.sys'
ImageLoaded|endswith: '\gameink.sys'
ImageLoaded|endswith: '\gametersafe.sys'
ImageLoaded|endswith: '\gdrv.sys'
ImageLoaded|endswith: '\gedevdrv.sys'
ImageLoaded|endswith: '\glckio2.sys'
ImageLoaded|endswith: '\goad.sys'
ImageLoaded|endswith: '\gpcidrv64.sys'
ImageLoaded|endswith: '\gtckmdfbs.sys'
ImageLoaded|endswith: '\gvcidrv64.sys'
ImageLoaded|endswith: '\hostnt.sys'
ImageLoaded|endswith: '\hpportiox64.sys'
ImageLoaded|endswith: '\hw.sys'
ImageLoaded|endswith: '\hwdetectng.sys'
ImageLoaded|endswith: '\hwos2ec10x64.sys'
ImageLoaded|endswith: '\hwos2ec7x64.sys'
ImageLoaded|endswith: '\hwrwdrv.sys'
ImageLoaded|endswith: '\inpoutx64.sys'
ImageLoaded|endswith: '\ioaccess.sys'
ImageLoaded|endswith: '\iobitunlocker.sys'
ImageLoaded|endswith: '\iomap64.sys'
ImageLoaded|endswith: '\iomem64.sys'
ImageLoaded|endswith: '\iqvw64.sys'
ImageLoaded|endswith: '\iqvw64e.sys'
ImageLoaded|endswith: '\irec.sys'
ImageLoaded|endswith: '\iscflashx64.sys'
ImageLoaded|endswith: '\kbdcap64.sys'
ImageLoaded|endswith: '\kerneld.amd64'
ImageLoaded|endswith: '\kevp64.sys'
ImageLoaded|endswith: '\kfeco10x64.sys'
ImageLoaded|endswith: '\kfeco11x64.sys'
ImageLoaded|endswith: '\kprocesshacker.sys'
ImageLoaded|endswith: '\lenovodiagnosticsdriver.sys'
ImageLoaded|endswith: '\lgcoretemp.sys'
ImageLoaded|endswith: '\lgdcatcher.sys'
ImageLoaded|endswith: '\lha.sys'
ImageLoaded|endswith: '\libnicm.sys'
ImageLoaded|endswith: '\lmiinfo.sys'
ImageLoaded|endswith: '\lurker.sys'
ImageLoaded|endswith: '\lv561av.sys'
ImageLoaded|endswith: '\magdrvamd64.sys'
ImageLoaded|endswith: '\mhyprot.sys'
ImageLoaded|endswith: '\mhyprot2.sys'
ImageLoaded|endswith: '\mhyprot3.sys'
ImageLoaded|endswith: '\monitor_win10_x64.sys'
ImageLoaded|endswith: '\msio32.sys'
ImageLoaded|endswith: '\msio64.sys'
ImageLoaded|endswith: '\msrhook.sys'
ImageLoaded|endswith: '\mtcbsv64.sys'
ImageLoaded|endswith: '\my.sys'
ImageLoaded|endswith: '\mydrivers.sys'
ImageLoaded|endswith: '\naldrv.sys'
ImageLoaded|endswith: '\nbiolib_x64.sys'
ImageLoaded|endswith: '\nchgbios2x64.sys'
ImageLoaded|endswith: '\ncpl.sys'
ImageLoaded|endswith: '\netfilterdrv.sys'
ImageLoaded|endswith: '\netflt.sys'
ImageLoaded|endswith: '\netproxydriver.sys'
ImageLoaded|endswith: '\ngiodriver.sys'
ImageLoaded|endswith: '\ni.sys'
ImageLoaded|endswith: '\nicm.sys'
ImageLoaded|endswith: '\nscm.sys'
ImageLoaded|endswith: '\nstr.sys'
ImageLoaded|endswith: '\nstrwsk.sys'
ImageLoaded|endswith: '\nt2.sys'
ImageLoaded|endswith: '\nt3.sys'
ImageLoaded|endswith: '\nt4.sys'
ImageLoaded|endswith: '\nt5.sys'
ImageLoaded|endswith: '\nt6.sys'
ImageLoaded|endswith: '\ntiolib.sys'
ImageLoaded|endswith: '\ntiolib_x64.sys'
ImageLoaded|endswith: '\nvaudio.sys'
ImageLoaded|endswith: '\nvflash.sys'
ImageLoaded|endswith: '\nvflsh64.sys'
ImageLoaded|endswith: '\nvoclock.sys'
ImageLoaded|endswith: '\openlibsys.sys'
ImageLoaded|endswith: '\otipcibus.sys'
ImageLoaded|endswith: '\panio.sys'
ImageLoaded|endswith: '\paniox64.sys'
ImageLoaded|endswith: '\panmonflt.sys'
ImageLoaded|endswith: '\panmonfltx64.sys'
ImageLoaded|endswith: '\pchunter.sys'
ImageLoaded|endswith: '\pdfwkrnl.sys'
ImageLoaded|endswith: '\phlashnt.sys'
ImageLoaded|endswith: '\phymem64.sys'
ImageLoaded|endswith: '\phymem_ext64.sys'
ImageLoaded|endswith: '\phymemx64.sys'
ImageLoaded|endswith: '\physmem.sys'
ImageLoaded|endswith: '\piddrv.sys'
ImageLoaded|endswith: '\piddrv64.sys'
ImageLoaded|endswith: '\procexp.sys'
ImageLoaded|endswith: '\protects.sys'
ImageLoaded|endswith: '\proxy32.sys'
ImageLoaded|endswith: '\proxy64.sys'
ImageLoaded|endswith: '\radhwmgr.sys'
ImageLoaded|endswith: '\rtcore64.sys'
ImageLoaded|endswith: '\rtif.sys'
ImageLoaded|endswith: '\rtkio.sys'
ImageLoaded|endswith: '\rtport.sys'
ImageLoaded|endswith: '\rwdrv.sys'
ImageLoaded|endswith: '\rzpnk.sys'
ImageLoaded|endswith: '\sandra.sys'
ImageLoaded|endswith: '\sbiosio64.sys'
ImageLoaded|endswith: '\se64a.sys'
ImageLoaded|endswith: '\segwindrvx64.sys'
ImageLoaded|endswith: '\semav6msr.sys'
ImageLoaded|endswith: '\sepdrv3_1.sys'
ImageLoaded|endswith: '\sfdrvx32.sys'
ImageLoaded|endswith: '\smarteio64.sys'
ImageLoaded|endswith: '\smep_capcom.sys'
ImageLoaded|endswith: '\smep_namco.sys'
ImageLoaded|endswith: '\speedfan.sys'
ImageLoaded|endswith: '\ssport.sys'
ImageLoaded|endswith: '\stdcdrv64.sys'
ImageLoaded|endswith: '\stdcdrvws64.sys'
ImageLoaded|endswith: '\superbmc.sys'
ImageLoaded|endswith: '\sysconp.sys'
ImageLoaded|endswith: '\sysdrv3s.sys'
ImageLoaded|endswith: '\sysinfo.sys'
ImageLoaded|endswith: '\sysinfodetectorx64.sys'
ImageLoaded|endswith: '\t.sys'
ImageLoaded|endswith: '\t3.sys'
ImageLoaded|endswith: '\t7.sys'
ImageLoaded|endswith: '\t8.sys'
ImageLoaded|endswith: '\tdeio64.sys'
ImageLoaded|endswith: '\tdklib64.sys'
ImageLoaded|endswith: '\testbone.sys'
ImageLoaded|endswith: '\tgsafe.sys'
ImageLoaded|endswith: '\tmcomm.sys'
ImageLoaded|endswith: '\truesight.sys'
ImageLoaded|endswith: '\ucorew64.sys'
ImageLoaded|endswith: '\vboxdrv.sys'
ImageLoaded|endswith: '\vboxusb.sys'
ImageLoaded|endswith: '\vdbsv64.sys'
ImageLoaded|endswith: '\viraglt64.sys'
ImageLoaded|endswith: '\viragt.sys'
ImageLoaded|endswith: '\viragt64.sys'
ImageLoaded|endswith: '\vmdrv.sys'
ImageLoaded|endswith: '\vproeventmonitor.sys'
ImageLoaded|endswith: '\wcpu.sys'
ImageLoaded|endswith: '\windows-xp-64.sys'
ImageLoaded|endswith: '\windows7-32.sys'
ImageLoaded|endswith: '\windows8-10-32.sys'
ImageLoaded|endswith: '\winflash64.sys'
ImageLoaded|endswith: '\winio32.sys'
ImageLoaded|endswith: '\winio32a.sys'
ImageLoaded|endswith: '\winio32b.sys'
ImageLoaded|endswith: '\winio64.sys'
ImageLoaded|endswith: '\winio64a.sys'
ImageLoaded|endswith: '\winio64b.sys'
ImageLoaded|endswith: '\winio64c.sys'
ImageLoaded|endswith: '\winiodrv.sys'
ImageLoaded|endswith: '\winring0.sys'
ImageLoaded|endswith: '\wirwadrv.sys'
ImageLoaded|endswith: '\wiseunlo.sys'
ImageLoaded|endswith: '\wsdkd.sys'
ImageLoaded|endswith: '\wyproxy64.sys'
ImageLoaded|endswith: '\zam64.sys'

Indicators

Each row is a field, operator, and value that the rule matches. The corpus column counts how many other rules in the catalog look for the same combination: high numbers point to widely-used, community-vetted indicators. Blank or 1 shows that the indicator is specific to this rule.

FieldKindValues
ImageLoadedends_with
  • \1.sys
  • \80.sys
  • \81.sys
  • \adv64drv.sys
  • \agent64.sys
  • \alsysio64.sys
  • \amdpowerprofiler.sys
  • \amdryzenmasterdriver.sys
  • \amifldrv64.sys
  • \amigendrv64.sys
  • \amp.sys
  • \amsdk.sys
  • \aoddriver.sys
  • \asio.sys
  • \asio32.sys
  • \asio64.sys
  • \asmio64.sys
  • \asmmap64.sys
  • \asrautochkupddrv.sys
  • \asrdrv10.sys
  • \asrdrv101.sys
  • \asrdrv102.sys
  • \asrdrv103.sys
  • \asrdrv104.sys
  • \asrdrv106.sys
  • \asribdrv.sys
  • \asromgdrv.sys
  • \asrrapidstartdrv.sys
  • \asrsetupdrv103.sys
  • \asrsmartconnectdrv.sys
  • \asupio.sys
  • \asupio64.sys
  • \aswarpot.sys
  • \aswvmm.sys
  • \atillk64.sys
  • \atlaccess.sys
  • \atszio.sys
  • \atszio64.sys
  • \avalueio.sys
  • \b.sys
  • \b1.sys
  • \b3.sys
  • \b4.sys
  • \bandai.sys
  • \bedaisy.sys
  • \black.sys
  • \blackbonedrv10.sys
  • \bs_def.sys
  • \bs_def64.sys
  • \bs_flash64.sys
  • \bs_hwmio64.sys
  • \bs_hwmio64_w10.sys
  • \bs_i2c64.sys
  • \bs_i2cio.sys
  • \bs_rcio.sys
  • \bs_rcio64.sys
  • \bs_rciow1064.sys
  • \bsmemx64.sys
  • \bsmi.sys
  • \bsmix64.sys
  • \bsmixp64.sys
  • \bw.sys
  • \bwrs.sys
  • \bwrsh.sys
  • \c.sys
  • \capcom.sys
  • \cg6kwin2k.sys
  • \chaos-rootkit.sys
  • \citmdrv_amd64.sys
  • \citmdrv_ia64.sys
  • \computerz.sys
  • \corsairllaccess64.sys
  • \cp2x72c.sys
  • \cpupress.sys
  • \cpuz.sys
  • \cpuz141.sys
  • \cpuz_x64.sys
  • \ctiio64.sys
  • \cupfixerx64.sys
  • \d.sys
  • \d2.sys
  • \d3.sys
  • \d4.sys
  • \dbk64.sys
  • \dbutil.sys
  • \dbutil_2_3.sys
  • \dbutildrv2.sys
  • \dcprotect.sys
  • \dcr.sys
  • \dellbios.sys
  • \dh_kernel.sys
  • \dh_kernel_10.sys
  • \directio.sys
  • \directio32.sys
  • \directio64.sys
  • \driver7-x64.sys
  • \driver7-x86-withoutdbg.sys
  • \driver7-x86.sys
  • \echo_driver.sys
  • \ecsiodriverx64.sys
  • \eio.sys
  • \elbycdio.sys
  • \elrawdsk.sys
  • \ene.sys
  • \eneio64.sys
  • \enetechio64.sys
  • \etdsupp.sys
  • \fairplaykd.sys
  • \fd3b7234419fafc9bdd533f48896ed73_b816c5cd.sys
  • \fh-ethercat_dio.sys
  • \fiddrv.sys
  • \fiddrv64.sys
  • \fidpcidrv.sys
  • \fidpcidrv64.sys
  • \fpcie2com.sys
  • \full.sys
  • \gameink.sys
  • \gametersafe.sys
  • \gdrv.sys
  • \gedevdrv.sys
  • \glckio2.sys
  • \goad.sys
  • \gpcidrv64.sys
  • \gtckmdfbs.sys
  • \gvcidrv64.sys
  • \hostnt.sys
  • \hpportiox64.sys
  • \hw.sys
  • \hwdetectng.sys
  • \hwos2ec10x64.sys
  • \hwos2ec7x64.sys
  • \hwrwdrv.sys
  • \inpoutx64.sys
  • \ioaccess.sys
  • \iobitunlocker.sys
  • \iomap64.sys
  • \iomem64.sys
  • \iqvw64.sys
  • \iqvw64e.sys
  • \irec.sys
  • \iscflashx64.sys
  • \kbdcap64.sys
  • \kerneld.amd64
  • \kevp64.sys
  • \kfeco10x64.sys
  • \kfeco11x64.sys
  • \kprocesshacker.sys corpus 2 (sigma 2)
  • \lenovodiagnosticsdriver.sys
  • \lgcoretemp.sys
  • \lgdcatcher.sys
  • \lha.sys
  • \libnicm.sys
  • \lmiinfo.sys
  • \lurker.sys
  • \lv561av.sys
  • \magdrvamd64.sys
  • \mhyprot.sys
  • \mhyprot2.sys
  • \mhyprot3.sys
  • \monitor_win10_x64.sys
  • \msio32.sys
  • \msio64.sys
  • \msrhook.sys
  • \mtcbsv64.sys
  • \my.sys
  • \mydrivers.sys
  • \naldrv.sys
  • \nbiolib_x64.sys
  • \nchgbios2x64.sys
  • \ncpl.sys
  • \netfilterdrv.sys
  • \netflt.sys
  • \netproxydriver.sys
  • \ngiodriver.sys
  • \ni.sys
  • \nicm.sys
  • \nscm.sys
  • \nstr.sys
  • \nstrwsk.sys
  • \nt2.sys
  • \nt3.sys
  • \nt4.sys
  • \nt5.sys
  • \nt6.sys
  • \ntiolib.sys
  • \ntiolib_x64.sys
  • \nvaudio.sys
  • \nvflash.sys
  • \nvflsh64.sys
  • \nvoclock.sys
  • \openlibsys.sys
  • \otipcibus.sys
  • \panio.sys
  • \paniox64.sys
  • \panmonflt.sys
  • \panmonfltx64.sys
  • \pchunter.sys
  • \pdfwkrnl.sys
  • \phlashnt.sys
  • \phymem64.sys
  • \phymem_ext64.sys
  • \phymemx64.sys
  • \physmem.sys
  • \piddrv.sys
  • \piddrv64.sys
  • \procexp.sys
  • \protects.sys
  • \proxy32.sys
  • \proxy64.sys
  • \radhwmgr.sys
  • \rtcore64.sys
  • \rtif.sys
  • \rtkio.sys
  • \rtport.sys
  • \rwdrv.sys
  • \rzpnk.sys
  • \sandra.sys
  • \sbiosio64.sys
  • \se64a.sys
  • \segwindrvx64.sys
  • \semav6msr.sys
  • \sepdrv3_1.sys
  • \sfdrvx32.sys
  • \smarteio64.sys
  • \smep_capcom.sys
  • \smep_namco.sys
  • \speedfan.sys
  • \ssport.sys
  • \stdcdrv64.sys
  • \stdcdrvws64.sys
  • \superbmc.sys
  • \sysconp.sys
  • \sysdrv3s.sys
  • \sysinfo.sys
  • \sysinfodetectorx64.sys
  • \t.sys
  • \t3.sys
  • \t7.sys
  • \t8.sys
  • \tdeio64.sys
  • \tdklib64.sys
  • \testbone.sys
  • \tgsafe.sys
  • \tmcomm.sys
  • \truesight.sys
  • \ucorew64.sys
  • \vboxdrv.sys
  • \vboxusb.sys
  • \vdbsv64.sys
  • \viraglt64.sys
  • \viragt.sys
  • \viragt64.sys
  • \vmdrv.sys
  • \vproeventmonitor.sys
  • \wcpu.sys
  • \windows-xp-64.sys
  • \windows7-32.sys
  • \windows8-10-32.sys
  • \winflash64.sys
  • \winio32.sys
  • \winio32a.sys
  • \winio32b.sys
  • \winio64.sys
  • \winio64a.sys
  • \winio64b.sys
  • \winio64c.sys
  • \winiodrv.sys
  • \winring0.sys
  • \wirwadrv.sys
  • \wiseunlo.sys
  • \wsdkd.sys
  • \wyproxy64.sys
  • \zam64.sys