Overview

overview

10

Static

static

10

bdf85a0d4d...da.exe

windows7-x64

10

bdf85a0d4d...da.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    61s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    11-01-2023 00:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bdf85a0d4de087264aa6fd089375adda.exe

  • Size

    1.3MB

  • MD5

    bdf85a0d4de087264aa6fd089375adda

  • SHA1

    c1e0b04c84419d3364148835d67ba9bf98c55b7c

  • SHA256

    7235f8a24a197b99d55e124472f7689509057074e00efe0a3ed18feb26b3a88c

  • SHA512

    22ff8d54b814e0412acbc5ac5a44af1088ee558460cf8effd148860543b37c0daf1cda8d45b202a49fe00946d8e8e40b403163079452e0968a89c62f1735df80

  • SSDEEP

    24576:/2G/nvxW3WF36YW5Mna4CGWoyJmZ+3uBWMjDhN:/bA3pYsM4GmDMDb

Score
10/10
dcratinfostealerratspywarestealer

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • Process spawned unexpected child process 54 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • DCRat payload 8 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

    rat
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Program Files directory 15 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Creates scheduled task(s) 1 TTPs 54 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bdf85a0d4de087264aa6fd089375adda.exe
    "C:\Users\Admin\AppData\Local\Temp\bdf85a0d4de087264aa6fd089375adda.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:912
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\bridgeserverref\OISo0jBwHBn4xoiWAh.vbe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:276
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\bridgeserverref\qUFNDlasPyhJt.bat" "
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:524
        • C:\bridgeserverref\portbrowserDriver.exe
          "C:\bridgeserverref\portbrowserDriver.exe"
          4⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:528
          • C:\Windows\System32\cmd.exe
            "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\FUFXa92erV.bat"
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:2464
            • C:\Windows\system32\w32tm.exe
              w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
              6⤵
                PID:2504
              • C:\Program Files (x86)\Windows Photo Viewer\en-US\cmd.exe
                "C:\Program Files (x86)\Windows Photo Viewer\en-US\cmd.exe"
                6⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:2524
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "cmdc" /sc MINUTE /mo 14 /tr "'C:\Program Files\Windows Sidebar\de-DE\cmd.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1004
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Program Files\Windows Sidebar\de-DE\cmd.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1624
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "cmdc" /sc MINUTE /mo 7 /tr "'C:\Program Files\Windows Sidebar\de-DE\cmd.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1784
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 10 /tr "'C:\Users\All Users\Mozilla\updates\308046B0AF4A39CB\spoolsv.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1856
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "spoolsv" /sc ONLOGON /tr "'C:\Users\All Users\Mozilla\updates\308046B0AF4A39CB\spoolsv.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1036
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 5 /tr "'C:\Users\All Users\Mozilla\updates\308046B0AF4A39CB\spoolsv.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1972
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "portbrowserDriverp" /sc MINUTE /mo 9 /tr "'C:\Users\Admin\Desktop\portbrowserDriver.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:304
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "portbrowserDriver" /sc ONLOGON /tr "'C:\Users\Admin\Desktop\portbrowserDriver.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1712
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "portbrowserDriverp" /sc MINUTE /mo 12 /tr "'C:\Users\Admin\Desktop\portbrowserDriver.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1540
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 8 /tr "'C:\Program Files\VideoLAN\VLC\sppsvc.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1008
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "sppsvc" /sc ONLOGON /tr "'C:\Program Files\VideoLAN\VLC\sppsvc.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1936
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 10 /tr "'C:\Program Files\VideoLAN\VLC\sppsvc.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1376
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 10 /tr "'C:\Windows\IME\fr-FR\winlogon.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1216
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "winlogon" /sc ONLOGON /tr "'C:\Windows\IME\fr-FR\winlogon.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1232
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 10 /tr "'C:\Windows\IME\fr-FR\winlogon.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1184
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "cmdc" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\Windows Photo Viewer\en-US\cmd.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:796
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Photo Viewer\en-US\cmd.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:764
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "cmdc" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\Windows Photo Viewer\en-US\cmd.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1356
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "smsss" /sc MINUTE /mo 11 /tr "'C:\bridgeserverref\smss.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1104
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "smss" /sc ONLOGON /tr "'C:\bridgeserverref\smss.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:564
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "smsss" /sc MINUTE /mo 7 /tr "'C:\bridgeserverref\smss.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1496
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "portbrowserDriverp" /sc MINUTE /mo 11 /tr "'C:\Recovery\5e97ab82-6219-11ed-b9ee-5e34c4ab0fa3\portbrowserDriver.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:652
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "portbrowserDriver" /sc ONLOGON /tr "'C:\Recovery\5e97ab82-6219-11ed-b9ee-5e34c4ab0fa3\portbrowserDriver.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1596
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "portbrowserDriverp" /sc MINUTE /mo 14 /tr "'C:\Recovery\5e97ab82-6219-11ed-b9ee-5e34c4ab0fa3\portbrowserDriver.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1076
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "servicess" /sc MINUTE /mo 10 /tr "'C:\Program Files\Internet Explorer\en-US\services.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1148
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Program Files\Internet Explorer\en-US\services.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2032
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "servicess" /sc MINUTE /mo 8 /tr "'C:\Program Files\Internet Explorer\en-US\services.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1300
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "dwmd" /sc MINUTE /mo 10 /tr "'C:\Users\Default\Templates\dwm.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1656
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "dwm" /sc ONLOGON /tr "'C:\Users\Default\Templates\dwm.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1828
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "dwmd" /sc MINUTE /mo 9 /tr "'C:\Users\Default\Templates\dwm.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1696
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "lsml" /sc MINUTE /mo 9 /tr "'C:\Recovery\5e97ab82-6219-11ed-b9ee-5e34c4ab0fa3\lsm.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:276
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "lsm" /sc ONLOGON /tr "'C:\Recovery\5e97ab82-6219-11ed-b9ee-5e34c4ab0fa3\lsm.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1852
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "lsml" /sc MINUTE /mo 5 /tr "'C:\Recovery\5e97ab82-6219-11ed-b9ee-5e34c4ab0fa3\lsm.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1932
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 7 /tr "'C:\Windows\Prefetch\conhost.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:572
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Windows\Prefetch\conhost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1624
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 14 /tr "'C:\Windows\Prefetch\conhost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:332
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 7 /tr "'C:\Program Files\Java\jre7\bin\server\csrss.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1340
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Program Files\Java\jre7\bin\server\csrss.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:948
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 12 /tr "'C:\Program Files\Java\jre7\bin\server\csrss.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1584
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "servicess" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\Google\CrashReports\services.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1540
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Program Files (x86)\Google\CrashReports\services.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2060
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "servicess" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\Google\CrashReports\services.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2084
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 7 /tr "'C:\bridgeserverref\wininit.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2112
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\bridgeserverref\wininit.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2192
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 8 /tr "'C:\bridgeserverref\wininit.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2228
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "lsassl" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\Uninstall Information\lsass.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2248
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "lsass" /sc ONLOGON /tr "'C:\Program Files (x86)\Uninstall Information\lsass.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2276
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "lsassl" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\Uninstall Information\lsass.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2304
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "explorere" /sc MINUTE /mo 9 /tr "'C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\explorer.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2328
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\explorer.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2344
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "explorere" /sc MINUTE /mo 9 /tr "'C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\explorer.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2368
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 5 /tr "'C:\Users\Public\Downloads\Idle.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2384
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Users\Public\Downloads\Idle.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2416
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 10 /tr "'C:\Users\Public\Downloads\Idle.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2436

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Windows Photo Viewer\en-US\cmd.exe
      Filesize

      1002KB

      MD5

      78b6a1e77f422124b9df2cf52ece8637

      SHA1

      75b68997249ae9ca134dc8e311f20d8767e2fee4

      SHA256

      9c05f54d304337ea176229198d04f5f4b92d7f66d6d8c65214b8ec98e3d8365e

      SHA512

      1d4896b00350acc6bd4d1cd799d7555af5a84902c2f5d933ec076a076a12bdfa395359ff1c4b9e7443c3d07566059f2d9f515b661d2a870ba8d602f211b0938d

      Download Submit
    • C:\Program Files (x86)\Windows Photo Viewer\en-US\cmd.exe
      Filesize

      1002KB

      MD5

      78b6a1e77f422124b9df2cf52ece8637

      SHA1

      75b68997249ae9ca134dc8e311f20d8767e2fee4

      SHA256

      9c05f54d304337ea176229198d04f5f4b92d7f66d6d8c65214b8ec98e3d8365e

      SHA512

      1d4896b00350acc6bd4d1cd799d7555af5a84902c2f5d933ec076a076a12bdfa395359ff1c4b9e7443c3d07566059f2d9f515b661d2a870ba8d602f211b0938d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\FUFXa92erV.bat
      Filesize

      222B

      MD5

      706eafe7c07dcd161091699641fe9618

      SHA1

      865a5a266f38e383b6e177a9f1ed5c8ad00b90cd

      SHA256

      87c0bcfc83379e103d3a51ba347ade1de48ce0ac46e032ba0ab6ecda6e457cc0

      SHA512

      d642bae524c3ac4c2b39fafa18947cd20e468152edf27f8aff73409d1c81201743ab8d631ab5bdc373719daca5eee9bd263941885742d42b6a81329c4990ade3

      Download Submit
    • C:\bridgeserverref\OISo0jBwHBn4xoiWAh.vbe
      Filesize

      205B

      MD5

      106e933e48535c5b58d189fc8621b36c

      SHA1

      89887d3c7bbadd8d3d734860b9792371e29a7a60

      SHA256

      0c8b5357c376b682596e01bf0f7abe28ae100785bb1e57e489bc89b95fcc6e71

      SHA512

      f0e01329517b6a48b50a91855307c0b36cee24858e580996caaf5b7ec190261d9a37f672ec9fa965e703734ac6d971d15cd394f474543f72371817cc65ff5e86

      Download Submit
    • C:\bridgeserverref\portbrowserDriver.exe
      Filesize

      1002KB

      MD5

      78b6a1e77f422124b9df2cf52ece8637

      SHA1

      75b68997249ae9ca134dc8e311f20d8767e2fee4

      SHA256

      9c05f54d304337ea176229198d04f5f4b92d7f66d6d8c65214b8ec98e3d8365e

      SHA512

      1d4896b00350acc6bd4d1cd799d7555af5a84902c2f5d933ec076a076a12bdfa395359ff1c4b9e7443c3d07566059f2d9f515b661d2a870ba8d602f211b0938d

      Download Submit
    • C:\bridgeserverref\portbrowserDriver.exe
      Filesize

      1002KB

      MD5

      78b6a1e77f422124b9df2cf52ece8637

      SHA1

      75b68997249ae9ca134dc8e311f20d8767e2fee4

      SHA256

      9c05f54d304337ea176229198d04f5f4b92d7f66d6d8c65214b8ec98e3d8365e

      SHA512

      1d4896b00350acc6bd4d1cd799d7555af5a84902c2f5d933ec076a076a12bdfa395359ff1c4b9e7443c3d07566059f2d9f515b661d2a870ba8d602f211b0938d

      Download Submit
    • C:\bridgeserverref\qUFNDlasPyhJt.bat
      Filesize

      42B

      MD5

      93da5536b5cc60dadec6683e833b7295

      SHA1

      929ed3502470546fdceca2342f64ae6ad196ef73

      SHA256

      97894eb0076b938a1fb93bab0fc17bbe170affadd3af8e7c68730eb4e29d3d17

      SHA512

      afad9760d5786f8b09468b66433488a52f4e23736d4b730fcee3328e56289845583ac464c28e07d0750bb5edb3594e230ee2f2ffb1f2f9d325b4172500a74b43

      Download Submit
    • \bridgeserverref\portbrowserDriver.exe
      Filesize

      1002KB

      MD5

      78b6a1e77f422124b9df2cf52ece8637

      SHA1

      75b68997249ae9ca134dc8e311f20d8767e2fee4

      SHA256

      9c05f54d304337ea176229198d04f5f4b92d7f66d6d8c65214b8ec98e3d8365e

      SHA512

      1d4896b00350acc6bd4d1cd799d7555af5a84902c2f5d933ec076a076a12bdfa395359ff1c4b9e7443c3d07566059f2d9f515b661d2a870ba8d602f211b0938d

      Download Submit
    • \bridgeserverref\portbrowserDriver.exe
      Filesize

      1002KB

      MD5

      78b6a1e77f422124b9df2cf52ece8637

      SHA1

      75b68997249ae9ca134dc8e311f20d8767e2fee4

      SHA256

      9c05f54d304337ea176229198d04f5f4b92d7f66d6d8c65214b8ec98e3d8365e

      SHA512

      1d4896b00350acc6bd4d1cd799d7555af5a84902c2f5d933ec076a076a12bdfa395359ff1c4b9e7443c3d07566059f2d9f515b661d2a870ba8d602f211b0938d

      Download Submit
    • memory/276-55-0x0000000000000000-mapping.dmp
      Download
    • memory/524-59-0x0000000000000000-mapping.dmp
      Download
    • memory/528-66-0x0000000000250000-0x000000000026C000-memory.dmp
      Filesize

      112KB

      Download
    • memory/528-65-0x0000000000960000-0x0000000000A62000-memory.dmp
      Filesize

      1.0MB

      Download
    • memory/528-63-0x0000000000000000-mapping.dmp
      Download
    • memory/912-54-0x0000000075FF1000-0x0000000075FF3000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2464-67-0x0000000000000000-mapping.dmp
      Download
    • memory/2504-69-0x0000000000000000-mapping.dmp
      Download
    • memory/2524-71-0x0000000000000000-mapping.dmp
      Download
    • memory/2524-73-0x0000000000370000-0x0000000000472000-memory.dmp
      Filesize

      1.0MB

      Download