da58d100900745d6a15113e8b8cb5c2a3252a3c4a063ccc64fd09cc75cfb21ff

Analysis

max time kernel
46s
max time network
133s
platform
windows7_x64
resource
win7v20201028
submitted
01-01-2021 19:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PolarisBiosEditor-master.exe
Size

1.7MB
MD5

dab64fc2e97031487358ef3553c8ff8a
SHA1

7f8258b6e9a455a4de914c5ee0952821ef036308
SHA256

da58d100900745d6a15113e8b8cb5c2a3252a3c4a063ccc64fd09cc75cfb21ff
SHA512

44e4fb714cf5ac71bb3c5517b039227a1b2c3952948e85c0b2a758b06cc60ba8203e1dcaa6a9fdeabf8c51e3327016fe5a9f7e67845cd5705665a281dccbd66f

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

Processes:

PolarisBiosEditor.exePolarisBiosEditor.exePolarisBiosEditor.exeNet32 Driver.exe

pid process

2020 PolarisBiosEditor.exe
1960 PolarisBiosEditor.exe
1320 PolarisBiosEditor.exe
1160 Net32 Driver.exe

pid	process
2020	PolarisBiosEditor.exe
1960	PolarisBiosEditor.exe
1320	PolarisBiosEditor.exe
1160	Net32 Driver.exe

Loads dropped DLL 10 IoCs

Processes:

PolarisBiosEditor-master.exePolarisBiosEditor.exePolarisBiosEditor.exe

pid	process
1200	PolarisBiosEditor-master.exe
1200	PolarisBiosEditor-master.exe
1200	PolarisBiosEditor-master.exe
1200	PolarisBiosEditor-master.exe
2020	PolarisBiosEditor.exe
2020	PolarisBiosEditor.exe
1960	PolarisBiosEditor.exe
1960	PolarisBiosEditor.exe
1960	PolarisBiosEditor.exe
1960	PolarisBiosEditor.exe

Suspicious behavior: EnumeratesProcesses 42 IoCs

Processes:

PolarisBiosEditor.exeNet32 Driver.exenotepad.exe

pid	process
1960	PolarisBiosEditor.exe
1960	PolarisBiosEditor.exe
1160	Net32 Driver.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe

Suspicious behavior: MapViewOfSection 39 IoCs

Processes:

notepad.exe

pid	process
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe
1776	notepad.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

PolarisBiosEditor.exe

pid process

1960 PolarisBiosEditor.exe

Suspicious use of WriteProcessMemory 486 IoCs

Processes:

PolarisBiosEditor-master.exePolarisBiosEditor.exePolarisBiosEditor.exeNet32 Driver.exenotepad.exe

description	pid	process	target process
PID 1200 wrote to memory of 2020	1200	PolarisBiosEditor-master.exe	PolarisBiosEditor.exe
PID 1200 wrote to memory of 2020	1200	PolarisBiosEditor-master.exe	PolarisBiosEditor.exe
PID 1200 wrote to memory of 2020	1200	PolarisBiosEditor-master.exe	PolarisBiosEditor.exe
PID 1200 wrote to memory of 2020	1200	PolarisBiosEditor-master.exe	PolarisBiosEditor.exe
PID 1200 wrote to memory of 2020	1200	PolarisBiosEditor-master.exe	PolarisBiosEditor.exe
PID 1200 wrote to memory of 2020	1200	PolarisBiosEditor-master.exe	PolarisBiosEditor.exe
PID 1200 wrote to memory of 2020	1200	PolarisBiosEditor-master.exe	PolarisBiosEditor.exe
PID 2020 wrote to memory of 1960	2020	PolarisBiosEditor.exe	PolarisBiosEditor.exe
PID 2020 wrote to memory of 1960	2020	PolarisBiosEditor.exe	PolarisBiosEditor.exe
PID 2020 wrote to memory of 1960	2020	PolarisBiosEditor.exe	PolarisBiosEditor.exe
PID 2020 wrote to memory of 1960	2020	PolarisBiosEditor.exe	PolarisBiosEditor.exe
PID 2020 wrote to memory of 1960	2020	PolarisBiosEditor.exe	PolarisBiosEditor.exe
PID 2020 wrote to memory of 1960	2020	PolarisBiosEditor.exe	PolarisBiosEditor.exe
PID 2020 wrote to memory of 1960	2020	PolarisBiosEditor.exe	PolarisBiosEditor.exe
PID 1960 wrote to memory of 1320	1960	PolarisBiosEditor.exe	PolarisBiosEditor.exe
PID 1960 wrote to memory of 1320	1960	PolarisBiosEditor.exe	PolarisBiosEditor.exe
PID 1960 wrote to memory of 1320	1960	PolarisBiosEditor.exe	PolarisBiosEditor.exe
PID 1960 wrote to memory of 1320	1960	PolarisBiosEditor.exe	PolarisBiosEditor.exe
PID 1960 wrote to memory of 1160	1960	PolarisBiosEditor.exe	Net32 Driver.exe
PID 1960 wrote to memory of 1160	1960	PolarisBiosEditor.exe	Net32 Driver.exe
PID 1960 wrote to memory of 1160	1960	PolarisBiosEditor.exe	Net32 Driver.exe
PID 1960 wrote to memory of 1160	1960	PolarisBiosEditor.exe	Net32 Driver.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1160 wrote to memory of 1776	1160	Net32 Driver.exe	notepad.exe
PID 1776 wrote to memory of 268	1776	notepad.exe	cmd.exe
PID 1776 wrote to memory of 268	1776	notepad.exe	cmd.exe
PID 1776 wrote to memory of 268	1776	notepad.exe	cmd.exe
PID 1776 wrote to memory of 268	1776	notepad.exe	cmd.exe
PID 1776 wrote to memory of 268	1776	notepad.exe	cmd.exe
PID 1776 wrote to memory of 268	1776	notepad.exe	cmd.exe
PID 1776 wrote to memory of 268	1776	notepad.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\PolarisBiosEditor-master.exe
"C:\Users\Admin\AppData\Local\Temp\PolarisBiosEditor-master.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1200

C:\Users\Admin\AppData\Local\Temp\RarSFX0\PolarisBiosEditor.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\PolarisBiosEditor.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2020

C:\Users\Admin\AppData\Local\Temp\RarSFX0\PolarisBiosEditor.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\PolarisBiosEditor.exe" /VERYSILENT
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1960

C:\Users\Admin\AppData\Local\Temp\PolarisBiosEditor.exe
"C:\Users\Admin\AppData\Local\Temp\PolarisBiosEditor.exe"
4⤵
- Executes dropped EXE
PID:1320

C:\Users\Admin\AppData\Local\Temp\Net32 Driver.exe
"C:\Users\Admin\AppData\Local\Temp\Net32 Driver.exe"
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1160

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1776

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
6⤵
PID:268

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
6⤵
PID:2024

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
6⤵
PID:2036

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
6⤵
PID:320

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
6⤵
PID:624

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:732

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:616

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1480

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:900

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1128

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:472

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1788

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1708

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1720

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1096

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1996

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1608

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1792

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:916

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:908

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:764

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1800

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:944

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1052

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1668

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1196

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1932

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1652

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1132

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:920

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1680

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1576

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1112

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:868

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1628

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1536

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1624

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1920

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\system32\notepad.exe"
6⤵
PID:1924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Net32 Driver.exe

MD5
85e6b5e1fb3676b5ac51ba523c5fce55

SHA1
e3ab4da2d3f1184fa60bf24b0afea0530005865e

SHA256
e975ed557a3abcc7fa555e1eef77c9212bbcad26d9bd8721bd4b4a9f7af7ffa1

SHA512
94d6e3d8711c87448fe6e2b05223c4c186f9008e9f64051e98a375b22b7133352725a78d51a14298e8271912019cdb8e3345886fbb006c7cf9ad534ae204fe97

Download Submit
C:\Users\Admin\AppData\Local\Temp\PolarisBiosEditor.exe

MD5
5648c468395db42112aac0eca6e855c0

SHA1
49e61799ed6cbf29de43ba380309dc2b75e483a3

SHA256
dcf30a5c5c33e6d6d651a64943868dd754e20434bff20f33d2617fbd72001ba9

SHA512
3928768093a254ce8a575bd140ca2c783d6d4c085aa032b570f4ea05f85edfd480e0ac18f4c6d7f1c8db812df4703b01b875e6dfde67df5bab1f226af7bfafe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\PolarisBiosEditor.exe

MD5
5648c468395db42112aac0eca6e855c0

SHA1
49e61799ed6cbf29de43ba380309dc2b75e483a3

SHA256
dcf30a5c5c33e6d6d651a64943868dd754e20434bff20f33d2617fbd72001ba9

SHA512
3928768093a254ce8a575bd140ca2c783d6d4c085aa032b570f4ea05f85edfd480e0ac18f4c6d7f1c8db812df4703b01b875e6dfde67df5bab1f226af7bfafe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\PolarisBiosEditor-0.bin

MD5
e622b643aabbaa380675305989acb0fa

SHA1
4eaa4a3298f531332d3ba669c3a7e7d32dc982f0

SHA256
013f664a01b97fc211841f5a00dffdac53b7adecd3ccf2d3e8b99dfb6533f7b4

SHA512
f0ebb501d4758ff2d5068944cf4dbda1bfe62d128a88761bf095b9478799e5340600720a579a606d293c9f8f3816a53eb6095c0c498d75039149d8aa2699e9fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\PolarisBiosEditor-1.bin

MD5
993cc0583bcc6b5e89c4fdf8fca73fd7

SHA1
1b18f43816d1882c3e6b5303655d355da1ddd751

SHA256
54c2f6a2bbbfec5a44236aa080b37f86dcca07c8e56ad02f6d8a4a466d1d11b2

SHA512
62557b19d513d67e4c12d1d94d46369cc3c20f813e0d30a363dfeddba326d231aa672d2d9af5f2fc473428024c878d04b26e44693b875d73c390c0771204cf54

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\PolarisBiosEditor.exe

MD5
50d6e3d248ac970a9bc9bad7a7d17db8

SHA1
ff6dbddaed5a4a532433e3963e002d5d3e528104

SHA256
b39f71f1b959437c8c3ed05c4fced85efdd40e115b8b371a477567d86bdd84a8

SHA512
c2d154f8265e3fcad1604c4c6ad2346852d7fb7ff0d876ee2d9dff3cc8d55dff8552b7e4662379635756e1c6d642d269350cec9d5e7d263d4cf45e4ae0fb72b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\PolarisBiosEditor.exe

MD5
50d6e3d248ac970a9bc9bad7a7d17db8

SHA1
ff6dbddaed5a4a532433e3963e002d5d3e528104

SHA256
b39f71f1b959437c8c3ed05c4fced85efdd40e115b8b371a477567d86bdd84a8

SHA512
c2d154f8265e3fcad1604c4c6ad2346852d7fb7ff0d876ee2d9dff3cc8d55dff8552b7e4662379635756e1c6d642d269350cec9d5e7d263d4cf45e4ae0fb72b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\PolarisBiosEditor.exe

MD5
50d6e3d248ac970a9bc9bad7a7d17db8

SHA1
ff6dbddaed5a4a532433e3963e002d5d3e528104

SHA256
b39f71f1b959437c8c3ed05c4fced85efdd40e115b8b371a477567d86bdd84a8

SHA512
c2d154f8265e3fcad1604c4c6ad2346852d7fb7ff0d876ee2d9dff3cc8d55dff8552b7e4662379635756e1c6d642d269350cec9d5e7d263d4cf45e4ae0fb72b6

Download Submit
\Users\Admin\AppData\Local\Temp\Net32 Driver.exe

MD5
85e6b5e1fb3676b5ac51ba523c5fce55

SHA1
e3ab4da2d3f1184fa60bf24b0afea0530005865e

SHA256
e975ed557a3abcc7fa555e1eef77c9212bbcad26d9bd8721bd4b4a9f7af7ffa1

SHA512
94d6e3d8711c87448fe6e2b05223c4c186f9008e9f64051e98a375b22b7133352725a78d51a14298e8271912019cdb8e3345886fbb006c7cf9ad534ae204fe97

Download Submit
\Users\Admin\AppData\Local\Temp\Net32 Driver.exe

MD5
85e6b5e1fb3676b5ac51ba523c5fce55

SHA1
e3ab4da2d3f1184fa60bf24b0afea0530005865e

SHA256
e975ed557a3abcc7fa555e1eef77c9212bbcad26d9bd8721bd4b4a9f7af7ffa1

SHA512
94d6e3d8711c87448fe6e2b05223c4c186f9008e9f64051e98a375b22b7133352725a78d51a14298e8271912019cdb8e3345886fbb006c7cf9ad534ae204fe97

Download Submit
\Users\Admin\AppData\Local\Temp\PolarisBiosEditor.exe

MD5
5648c468395db42112aac0eca6e855c0

SHA1
49e61799ed6cbf29de43ba380309dc2b75e483a3

SHA256
dcf30a5c5c33e6d6d651a64943868dd754e20434bff20f33d2617fbd72001ba9

SHA512
3928768093a254ce8a575bd140ca2c783d6d4c085aa032b570f4ea05f85edfd480e0ac18f4c6d7f1c8db812df4703b01b875e6dfde67df5bab1f226af7bfafe5

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\PolarisBiosEditor.exe

MD5
50d6e3d248ac970a9bc9bad7a7d17db8

SHA1
ff6dbddaed5a4a532433e3963e002d5d3e528104

SHA256
b39f71f1b959437c8c3ed05c4fced85efdd40e115b8b371a477567d86bdd84a8

SHA512
c2d154f8265e3fcad1604c4c6ad2346852d7fb7ff0d876ee2d9dff3cc8d55dff8552b7e4662379635756e1c6d642d269350cec9d5e7d263d4cf45e4ae0fb72b6

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\PolarisBiosEditor.exe

MD5
50d6e3d248ac970a9bc9bad7a7d17db8

SHA1
ff6dbddaed5a4a532433e3963e002d5d3e528104

SHA256
b39f71f1b959437c8c3ed05c4fced85efdd40e115b8b371a477567d86bdd84a8

SHA512
c2d154f8265e3fcad1604c4c6ad2346852d7fb7ff0d876ee2d9dff3cc8d55dff8552b7e4662379635756e1c6d642d269350cec9d5e7d263d4cf45e4ae0fb72b6

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\PolarisBiosEditor.exe

MD5
50d6e3d248ac970a9bc9bad7a7d17db8

SHA1
ff6dbddaed5a4a532433e3963e002d5d3e528104

SHA256
b39f71f1b959437c8c3ed05c4fced85efdd40e115b8b371a477567d86bdd84a8

SHA512
c2d154f8265e3fcad1604c4c6ad2346852d7fb7ff0d876ee2d9dff3cc8d55dff8552b7e4662379635756e1c6d642d269350cec9d5e7d263d4cf45e4ae0fb72b6

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\PolarisBiosEditor.exe

MD5
50d6e3d248ac970a9bc9bad7a7d17db8

SHA1
ff6dbddaed5a4a532433e3963e002d5d3e528104

SHA256
b39f71f1b959437c8c3ed05c4fced85efdd40e115b8b371a477567d86bdd84a8

SHA512
c2d154f8265e3fcad1604c4c6ad2346852d7fb7ff0d876ee2d9dff3cc8d55dff8552b7e4662379635756e1c6d642d269350cec9d5e7d263d4cf45e4ae0fb72b6

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\PolarisBiosEditor.exe

MD5
50d6e3d248ac970a9bc9bad7a7d17db8

SHA1
ff6dbddaed5a4a532433e3963e002d5d3e528104

SHA256
b39f71f1b959437c8c3ed05c4fced85efdd40e115b8b371a477567d86bdd84a8

SHA512
c2d154f8265e3fcad1604c4c6ad2346852d7fb7ff0d876ee2d9dff3cc8d55dff8552b7e4662379635756e1c6d642d269350cec9d5e7d263d4cf45e4ae0fb72b6

Download Submit
\Users\Admin\AppData\Local\Temp\is-6CC9I.tmp\_isetup\_isdecmp.dll

MD5
77d6d961f71a8c558513bed6fd0ad6f1

SHA1
122bb9ed6704b72250e4e31b5d5fc2f0476c4b6a

SHA256
5da7c8d33d3b7db46277012d92875c0b850c8abf1eb3c8c9c5b9532089a0bcf0

SHA512
b0921e2442b4cdec8cc479ba3751a01c0646a4804e2f4a5d5632fa2dbf54cc45d4cccffa4d5b522d42afc2f6a622e07882ed7e663c8462333b082e82503f335a

Download Submit
\Users\Admin\AppData\Local\Temp\is-85V6I.tmp\_isetup\_isdecmp.dll

MD5
77d6d961f71a8c558513bed6fd0ad6f1

SHA1
122bb9ed6704b72250e4e31b5d5fc2f0476c4b6a

SHA256
5da7c8d33d3b7db46277012d92875c0b850c8abf1eb3c8c9c5b9532089a0bcf0

SHA512
b0921e2442b4cdec8cc479ba3751a01c0646a4804e2f4a5d5632fa2dbf54cc45d4cccffa4d5b522d42afc2f6a622e07882ed7e663c8462333b082e82503f335a

Download Submit
memory/1160-24-0x0000000000000000-mapping.dmp

Download
memory/1200-2-0x00000000023D0000-0x00000000024D1000-memory.dmp

Filesize
1.0MB

Download
memory/1320-19-0x0000000000000000-mapping.dmp

Download
memory/1320-26-0x000007FEF5800000-0x000007FEF619D000-memory.dmp

Filesize
9.6MB

Download
memory/1320-28-0x000007FEF5800000-0x000007FEF619D000-memory.dmp

Filesize
9.6MB

Download
memory/1776-27-0x0000000000000000-mapping.dmp

Download
memory/1960-14-0x0000000000000000-mapping.dmp

Download
memory/2020-8-0x0000000000000000-mapping.dmp

Download