2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957

Analysis

max time kernel
104s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29-01-2023 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
Size

1.2MB
MD5

ec513ecd47ce56679ca56e4b4aafef74
SHA1

e2b3452296f8786252a3ec4b3d9d269c16cefe30
SHA256

2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957
SHA512

8d31fe3dc33cd4851194bf05937c597025fe042d5f03ccc3bc96d0a0c511d4f78f7060fac05785eb698ceddb02f0d9f7cfa852017b8af4418913c80d0c4e46d0
SSDEEP

24576:Ru6J33O0c+JY5UZ+XC0kGso6FaCZlMucA7Mj0VTrs8LXNWY:Du0c++OCvkGs9FawMjw0Y

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 14 IoCs

Processes:

BcastDVRBroker.exeBcastDVRBroker.exeBcastDVRBroker.exeBcastDVRBroker.exeBcastDVRBroker.exeBcastDVRBroker.exeBcastDVRBroker.exeBcastDVRBroker.exeBcastDVRBroker.exeBcastDVRBroker.exeBcastDVRBroker.exeBcastDVRBroker.exeBcastDVRBroker.exeBcastDVRBroker.exe

pid	process
1912	BcastDVRBroker.exe
684	BcastDVRBroker.exe
916	BcastDVRBroker.exe
924	BcastDVRBroker.exe
1556	BcastDVRBroker.exe
1572	BcastDVRBroker.exe
1856	BcastDVRBroker.exe
2036	BcastDVRBroker.exe
2012	BcastDVRBroker.exe
996	BcastDVRBroker.exe
1224	BcastDVRBroker.exe
1704	BcastDVRBroker.exe
1208	BcastDVRBroker.exe
1676	BcastDVRBroker.exe

AutoIT Executable 15 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe	autoit_exe
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe	autoit_exe
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe	autoit_exe
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe	autoit_exe
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe	autoit_exe
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe	autoit_exe
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe	autoit_exe
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe	autoit_exe
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe	autoit_exe
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe	autoit_exe
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe	autoit_exe
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe	autoit_exe
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe	autoit_exe
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe	autoit_exe
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe	autoit_exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 3 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exeschtasks.exeschtasks.exe

pid process

432 schtasks.exe
1464 schtasks.exe
1620 schtasks.exe

pid	process
432	schtasks.exe
1464	schtasks.exe
1620	schtasks.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exetaskeng.exeBcastDVRBroker.exe

description	pid	process	target process
PID 1152 wrote to memory of 2024	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 2024	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 2024	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 2024	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 520	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 520	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 520	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 520	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 1144	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 1144	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 1144	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 1144	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 1256	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 1256	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 1256	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 1256	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 1212	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 1212	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 1212	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 1212	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 1496	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 1496	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 1496	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 1496	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
PID 1152 wrote to memory of 432	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	schtasks.exe
PID 1152 wrote to memory of 432	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	schtasks.exe
PID 1152 wrote to memory of 432	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	schtasks.exe
PID 1152 wrote to memory of 432	1152	2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe	schtasks.exe
PID 868 wrote to memory of 1912	868	taskeng.exe	BcastDVRBroker.exe
PID 868 wrote to memory of 1912	868	taskeng.exe	BcastDVRBroker.exe
PID 868 wrote to memory of 1912	868	taskeng.exe	BcastDVRBroker.exe
PID 868 wrote to memory of 1912	868	taskeng.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 684	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 684	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 684	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 684	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 916	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 916	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 916	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 916	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 924	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 924	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 924	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 924	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 1572	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 1572	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 1572	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 1572	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 1556	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 1556	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 1556	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 1556	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 1856	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 1856	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 1856	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 1856	1912	BcastDVRBroker.exe	BcastDVRBroker.exe
PID 1912 wrote to memory of 1464	1912	BcastDVRBroker.exe	schtasks.exe
PID 1912 wrote to memory of 1464	1912	BcastDVRBroker.exe	schtasks.exe
PID 1912 wrote to memory of 1464	1912	BcastDVRBroker.exe	schtasks.exe
PID 1912 wrote to memory of 1464	1912	BcastDVRBroker.exe	schtasks.exe
PID 868 wrote to memory of 2036	868	taskeng.exe	BcastDVRBroker.exe
PID 868 wrote to memory of 2036	868	taskeng.exe	BcastDVRBroker.exe
PID 868 wrote to memory of 2036	868	taskeng.exe	BcastDVRBroker.exe
PID 868 wrote to memory of 2036	868	taskeng.exe	BcastDVRBroker.exe

C:\Users\Admin\AppData\Local\Temp\2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
"C:\Users\Admin\AppData\Local\Temp\2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1152

C:\Users\Admin\AppData\Local\Temp\2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
"C:\Users\Admin\AppData\Local\Temp\2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe"
2⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
"C:\Users\Admin\AppData\Local\Temp\2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe"
2⤵
PID:520

C:\Users\Admin\AppData\Local\Temp\2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
"C:\Users\Admin\AppData\Local\Temp\2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe"
2⤵
PID:1144

C:\Users\Admin\AppData\Local\Temp\2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
"C:\Users\Admin\AppData\Local\Temp\2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe"
2⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
"C:\Users\Admin\AppData\Local\Temp\2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe"
2⤵
PID:1212

C:\Users\Admin\AppData\Local\Temp\2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe
"C:\Users\Admin\AppData\Local\Temp\2ad8e1058109915bf9b3950a4247c1ef8e6346f82b2bf5d6a345f78b6c665957.exe"
2⤵
PID:1496

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\SysWOW64\schtasks.exe" /create /tn pcwrun /tr "C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe" /sc minute /mo 1 /F
2⤵
- Creates scheduled task(s)
PID:432

C:\Windows\system32\taskeng.exe
taskeng.exe {C7E0FAC9-B31B-4250-91D3-9C7F970ED74B} S-1-5-21-3406023954-474543476-3319432036-1000:VUIIVLGQ\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:868

C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1912

C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe
"C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe"
3⤵
- Executes dropped EXE
PID:684

C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe
"C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe"
3⤵
- Executes dropped EXE
PID:916

C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe
"C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe"
3⤵
- Executes dropped EXE
PID:1856

C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe
"C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe"
3⤵
- Executes dropped EXE
PID:1556

C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe
"C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe"
3⤵
- Executes dropped EXE
PID:1572

C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe
"C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe"
3⤵
- Executes dropped EXE
PID:924

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\SysWOW64\schtasks.exe" /create /tn pcwrun /tr "C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe" /sc minute /mo 1 /F
3⤵
- Creates scheduled task(s)
PID:1464

C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe
2⤵
- Executes dropped EXE
PID:2036

C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe
"C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe"
3⤵
- Executes dropped EXE
PID:2012

C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe
"C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe"
3⤵
- Executes dropped EXE
PID:1224

C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe
"C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe"
3⤵
- Executes dropped EXE
PID:996

C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe
"C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe"
3⤵
- Executes dropped EXE
PID:1704

C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe
"C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe"
3⤵
- Executes dropped EXE
PID:1208

C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe
"C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe"
3⤵
- Executes dropped EXE
PID:1676

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\SysWOW64\schtasks.exe" /create /tn pcwrun /tr "C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe" /sc minute /mo 1 /F
3⤵
- Creates scheduled task(s)
PID:1620

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe

Filesize
1.2MB

MD5
c20a4a7e7e21541470a693abd629800a

SHA1
885d46bdc796b28f7be1938d0e14eb1ba348a1aa

SHA256
ca38c519566d3609f9ffa373b599ba5e22c0bfc8a85b05199fdf2148e35a6e67

SHA512
35c7e3ec861509a1e49cd16ccd167d0222aa568c9e7c4ab6d81e9e976b60a10e92e76397a032f0e5586179ee71325e0fd44d0a04459d13d49a3cf7785a3a321e

Download Submit
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe

Filesize
1.2MB

MD5
c20a4a7e7e21541470a693abd629800a

SHA1
885d46bdc796b28f7be1938d0e14eb1ba348a1aa

SHA256
ca38c519566d3609f9ffa373b599ba5e22c0bfc8a85b05199fdf2148e35a6e67

SHA512
35c7e3ec861509a1e49cd16ccd167d0222aa568c9e7c4ab6d81e9e976b60a10e92e76397a032f0e5586179ee71325e0fd44d0a04459d13d49a3cf7785a3a321e

Download Submit
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe

Filesize
1.2MB

MD5
c20a4a7e7e21541470a693abd629800a

SHA1
885d46bdc796b28f7be1938d0e14eb1ba348a1aa

SHA256
ca38c519566d3609f9ffa373b599ba5e22c0bfc8a85b05199fdf2148e35a6e67

SHA512
35c7e3ec861509a1e49cd16ccd167d0222aa568c9e7c4ab6d81e9e976b60a10e92e76397a032f0e5586179ee71325e0fd44d0a04459d13d49a3cf7785a3a321e

Download Submit
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe

Filesize
1.2MB

MD5
c20a4a7e7e21541470a693abd629800a

SHA1
885d46bdc796b28f7be1938d0e14eb1ba348a1aa

SHA256
ca38c519566d3609f9ffa373b599ba5e22c0bfc8a85b05199fdf2148e35a6e67

SHA512
35c7e3ec861509a1e49cd16ccd167d0222aa568c9e7c4ab6d81e9e976b60a10e92e76397a032f0e5586179ee71325e0fd44d0a04459d13d49a3cf7785a3a321e

Download Submit
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe

Filesize
1.2MB

MD5
c20a4a7e7e21541470a693abd629800a

SHA1
885d46bdc796b28f7be1938d0e14eb1ba348a1aa

SHA256
ca38c519566d3609f9ffa373b599ba5e22c0bfc8a85b05199fdf2148e35a6e67

SHA512
35c7e3ec861509a1e49cd16ccd167d0222aa568c9e7c4ab6d81e9e976b60a10e92e76397a032f0e5586179ee71325e0fd44d0a04459d13d49a3cf7785a3a321e

Download Submit
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe

Filesize
1.2MB

MD5
c20a4a7e7e21541470a693abd629800a

SHA1
885d46bdc796b28f7be1938d0e14eb1ba348a1aa

SHA256
ca38c519566d3609f9ffa373b599ba5e22c0bfc8a85b05199fdf2148e35a6e67

SHA512
35c7e3ec861509a1e49cd16ccd167d0222aa568c9e7c4ab6d81e9e976b60a10e92e76397a032f0e5586179ee71325e0fd44d0a04459d13d49a3cf7785a3a321e

Download Submit
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe

Filesize
1.2MB

MD5
c20a4a7e7e21541470a693abd629800a

SHA1
885d46bdc796b28f7be1938d0e14eb1ba348a1aa

SHA256
ca38c519566d3609f9ffa373b599ba5e22c0bfc8a85b05199fdf2148e35a6e67

SHA512
35c7e3ec861509a1e49cd16ccd167d0222aa568c9e7c4ab6d81e9e976b60a10e92e76397a032f0e5586179ee71325e0fd44d0a04459d13d49a3cf7785a3a321e

Download Submit
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe

Filesize
1.2MB

MD5
c20a4a7e7e21541470a693abd629800a

SHA1
885d46bdc796b28f7be1938d0e14eb1ba348a1aa

SHA256
ca38c519566d3609f9ffa373b599ba5e22c0bfc8a85b05199fdf2148e35a6e67

SHA512
35c7e3ec861509a1e49cd16ccd167d0222aa568c9e7c4ab6d81e9e976b60a10e92e76397a032f0e5586179ee71325e0fd44d0a04459d13d49a3cf7785a3a321e

Download Submit
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe

Filesize
1.2MB

MD5
c20a4a7e7e21541470a693abd629800a

SHA1
885d46bdc796b28f7be1938d0e14eb1ba348a1aa

SHA256
ca38c519566d3609f9ffa373b599ba5e22c0bfc8a85b05199fdf2148e35a6e67

SHA512
35c7e3ec861509a1e49cd16ccd167d0222aa568c9e7c4ab6d81e9e976b60a10e92e76397a032f0e5586179ee71325e0fd44d0a04459d13d49a3cf7785a3a321e

Download Submit
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe

Filesize
1.2MB

MD5
c20a4a7e7e21541470a693abd629800a

SHA1
885d46bdc796b28f7be1938d0e14eb1ba348a1aa

SHA256
ca38c519566d3609f9ffa373b599ba5e22c0bfc8a85b05199fdf2148e35a6e67

SHA512
35c7e3ec861509a1e49cd16ccd167d0222aa568c9e7c4ab6d81e9e976b60a10e92e76397a032f0e5586179ee71325e0fd44d0a04459d13d49a3cf7785a3a321e

Download Submit
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe

Filesize
1.2MB

MD5
c20a4a7e7e21541470a693abd629800a

SHA1
885d46bdc796b28f7be1938d0e14eb1ba348a1aa

SHA256
ca38c519566d3609f9ffa373b599ba5e22c0bfc8a85b05199fdf2148e35a6e67

SHA512
35c7e3ec861509a1e49cd16ccd167d0222aa568c9e7c4ab6d81e9e976b60a10e92e76397a032f0e5586179ee71325e0fd44d0a04459d13d49a3cf7785a3a321e

Download Submit
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe

Filesize
1.2MB

MD5
c20a4a7e7e21541470a693abd629800a

SHA1
885d46bdc796b28f7be1938d0e14eb1ba348a1aa

SHA256
ca38c519566d3609f9ffa373b599ba5e22c0bfc8a85b05199fdf2148e35a6e67

SHA512
35c7e3ec861509a1e49cd16ccd167d0222aa568c9e7c4ab6d81e9e976b60a10e92e76397a032f0e5586179ee71325e0fd44d0a04459d13d49a3cf7785a3a321e

Download Submit
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe

Filesize
1.2MB

MD5
c20a4a7e7e21541470a693abd629800a

SHA1
885d46bdc796b28f7be1938d0e14eb1ba348a1aa

SHA256
ca38c519566d3609f9ffa373b599ba5e22c0bfc8a85b05199fdf2148e35a6e67

SHA512
35c7e3ec861509a1e49cd16ccd167d0222aa568c9e7c4ab6d81e9e976b60a10e92e76397a032f0e5586179ee71325e0fd44d0a04459d13d49a3cf7785a3a321e

Download Submit
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe

Filesize
1.2MB

MD5
c20a4a7e7e21541470a693abd629800a

SHA1
885d46bdc796b28f7be1938d0e14eb1ba348a1aa

SHA256
ca38c519566d3609f9ffa373b599ba5e22c0bfc8a85b05199fdf2148e35a6e67

SHA512
35c7e3ec861509a1e49cd16ccd167d0222aa568c9e7c4ab6d81e9e976b60a10e92e76397a032f0e5586179ee71325e0fd44d0a04459d13d49a3cf7785a3a321e

Download Submit
C:\Users\Admin\AppData\Roaming\Gfxv2_0\BcastDVRBroker.exe

Filesize
1.2MB

MD5
c20a4a7e7e21541470a693abd629800a

SHA1
885d46bdc796b28f7be1938d0e14eb1ba348a1aa

SHA256
ca38c519566d3609f9ffa373b599ba5e22c0bfc8a85b05199fdf2148e35a6e67

SHA512
35c7e3ec861509a1e49cd16ccd167d0222aa568c9e7c4ab6d81e9e976b60a10e92e76397a032f0e5586179ee71325e0fd44d0a04459d13d49a3cf7785a3a321e

Download Submit
memory/432-55-0x0000000000000000-mapping.dmp

Download
memory/1152-54-0x0000000075881000-0x0000000075883000-memory.dmp

Filesize
8KB

Download
memory/1464-65-0x0000000000000000-mapping.dmp

Download
memory/1620-76-0x0000000000000000-mapping.dmp

Download
memory/1912-57-0x0000000000000000-mapping.dmp

Download
memory/2036-67-0x0000000000000000-mapping.dmp

Download