3a106d498bf436f3a93ddda054549fdc0f4075b023765c1f9be9be4eca1be4c4

Analysis

max time kernel
150s
max time network
152s
platform
windows10_x64
resource
win10v20210408
submitted
22-07-2021 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlueLinkrIRC.exe
Size

3.8MB
MD5

680827bf74af49d305f7246831f27048
SHA1

d9e5879ea10b833c30eedd514a171cc4e9601664
SHA256

3a106d498bf436f3a93ddda054549fdc0f4075b023765c1f9be9be4eca1be4c4
SHA512

687636be75f057bd7381dba193dca84d4de66f89ca918ebac147475bc7303f8a2aadfac62b33d84ee4ebe2336f29aa658fb1ccb47617f9b5f5443191d3391d5d

Score

9^/10

persistence upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\Program Files (x86)\Bluelinkr\Irc\HTMLayout.dll	acprotect
\Program Files (x86)\Bluelinkr\Irc\htmlayout.dll	acprotect

Executes dropped EXE 5 IoCs

Processes:

setname.exeBluelinkrserver.exeBluelinkrserver.exeBluelinkrserver.exeBluelinkrserver.exe

pid process

3276 setname.exe
3676 Bluelinkrserver.exe
2860 Bluelinkrserver.exe
988 Bluelinkrserver.exe
1800 Bluelinkrserver.exe

pid	process
3276	setname.exe
3676	Bluelinkrserver.exe
2860	Bluelinkrserver.exe
988	Bluelinkrserver.exe
1800	Bluelinkrserver.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Program Files (x86)\Bluelinkr\Irc\HTMLayout.dll	upx
\Program Files (x86)\Bluelinkr\Irc\htmlayout.dll	upx

Loads dropped DLL 2 IoCs

Processes:

setname.exeBluelinkrserver.exe

pid process

3276 setname.exe
988 Bluelinkrserver.exe

pid	process
3276	setname.exe
988	Bluelinkrserver.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

Bluelinkrserver.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BluelinkrServertvncontrol = "\"C:\\Program Files (x86)\\Bluelinkr\\Irc\\Bluelinkrserver.exe\" -controlservice -slave"	Bluelinkrserver.exe

Drops file in Program Files directory 57 IoCs

Processes:

BlueLinkrIRC.exesetname.exeBluelinkrserver.exe

description	ioc	process
File created	C:\Program Files (x86)\Bluelinkr\Irc\UI\minimize.png	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\UI\confirm.htm	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\UI\card.htm	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\UI\main.htm	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\UI\uninstall.htm	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\Bluelinkrservice.dll	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\UI\k.jpg	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\UI\titlebar.png	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\Bluelinkrserver.exe	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\UI\bgline.jpg	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\UI\k.jpg	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\Password.exe	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\Password.exe	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\Unload.exe	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\htmlayout.dll	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\msvcp100.dll	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\msvcr100.dll	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\UI\back.png	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\build.bat	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\log\2021.07.22.log	setname.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\install.bat	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\UI\close.png	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\UI\marsNormal.png	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\Unload.exe	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\bluelinkr.ini	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\UI\card.htm	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\UI\password.htm	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\UI\titlebar.png	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\htmlayout.dll	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\setname.exe	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\Bluelinkrservice.dll	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\Bluelinkr.ini	setname.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\UI\back.png	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\UI\close.png	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\UI\msg.htm	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\UI\minimize.png	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\bluelinkr.ini	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\UI\main.htm	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\UI\msg.htm	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\UI\marsNormal.png	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\UI\uninstall.htm	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\install.bat	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\screenhooks32.dll	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\setname.exe	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\UI\newpass.htm	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\UI\newpass.htm	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\UI\confirm.htm	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\Bluelinkrserver.exe	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\UI\bgline.jpg	BlueLinkrIRC.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\UI\password.htm	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\msvcp100.dll	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\build.bat	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\log\2021.07.22.ttlog.log	Bluelinkrserver.exe
File created	C:\Program Files (x86)\Bluelinkr\Irc\UI\icon.png	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\UI\icon.png	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\msvcr100.dll	BlueLinkrIRC.exe
File opened for modification	C:\Program Files (x86)\Bluelinkr\Irc\screenhooks32.dll	BlueLinkrIRC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Kills process with taskkill 2 IoCs
evasion

Processes:

taskkill.exetaskkill.exe

pid process

3584 taskkill.exe
4064 taskkill.exe
Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

2120 PING.EXE
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

BlueLinkrIRC.exe

pid process

900 BlueLinkrIRC.exe
900 BlueLinkrIRC.exe
900 BlueLinkrIRC.exe
900 BlueLinkrIRC.exe
900 BlueLinkrIRC.exe
900 BlueLinkrIRC.exe

pid	process
3584	taskkill.exe
4064	taskkill.exe

pid	process
2120	PING.EXE

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

taskkill.exetaskkill.exewerfault.exe

description	pid	process
Token: SeDebugPrivilege	3584	taskkill.exe
Token: SeDebugPrivilege	4064	taskkill.exe
Token: SeRestorePrivilege	612	werfault.exe
Token: SeBackupPrivilege	612	werfault.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

BlueLinkrIRC.exeBluelinkrserver.exe

pid	process
900	BlueLinkrIRC.exe
900	BlueLinkrIRC.exe
900	BlueLinkrIRC.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

BlueLinkrIRC.exeBluelinkrserver.exe

pid	process
900	BlueLinkrIRC.exe
900	BlueLinkrIRC.exe
900	BlueLinkrIRC.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe
1800	Bluelinkrserver.exe

Suspicious use of WriteProcessMemory 27 IoCs

Processes:

BlueLinkrIRC.exesetname.execmd.exeBluelinkrserver.exe

description	pid	process	target process
PID 900 wrote to memory of 3276	900	BlueLinkrIRC.exe	setname.exe
PID 900 wrote to memory of 3276	900	BlueLinkrIRC.exe	setname.exe
PID 900 wrote to memory of 3276	900	BlueLinkrIRC.exe	setname.exe
PID 3276 wrote to memory of 1152	3276	setname.exe	cmd.exe
PID 3276 wrote to memory of 1152	3276	setname.exe	cmd.exe
PID 3276 wrote to memory of 1152	3276	setname.exe	cmd.exe
PID 1152 wrote to memory of 3584	1152	cmd.exe	taskkill.exe
PID 1152 wrote to memory of 3584	1152	cmd.exe	taskkill.exe
PID 1152 wrote to memory of 3584	1152	cmd.exe	taskkill.exe
PID 1152 wrote to memory of 4064	1152	cmd.exe	taskkill.exe
PID 1152 wrote to memory of 4064	1152	cmd.exe	taskkill.exe
PID 1152 wrote to memory of 4064	1152	cmd.exe	taskkill.exe
PID 1152 wrote to memory of 476	1152	cmd.exe	reg.exe
PID 1152 wrote to memory of 476	1152	cmd.exe	reg.exe
PID 1152 wrote to memory of 476	1152	cmd.exe	reg.exe
PID 1152 wrote to memory of 3676	1152	cmd.exe	Bluelinkrserver.exe
PID 1152 wrote to memory of 3676	1152	cmd.exe	Bluelinkrserver.exe
PID 1152 wrote to memory of 3676	1152	cmd.exe	Bluelinkrserver.exe
PID 1152 wrote to memory of 2860	1152	cmd.exe	Bluelinkrserver.exe
PID 1152 wrote to memory of 2860	1152	cmd.exe	Bluelinkrserver.exe
PID 1152 wrote to memory of 2860	1152	cmd.exe	Bluelinkrserver.exe
PID 2860 wrote to memory of 1800	2860	Bluelinkrserver.exe	Bluelinkrserver.exe
PID 2860 wrote to memory of 1800	2860	Bluelinkrserver.exe	Bluelinkrserver.exe
PID 2860 wrote to memory of 1800	2860	Bluelinkrserver.exe	Bluelinkrserver.exe
PID 1152 wrote to memory of 2120	1152	cmd.exe	PING.EXE
PID 1152 wrote to memory of 2120	1152	cmd.exe	PING.EXE
PID 1152 wrote to memory of 2120	1152	cmd.exe	PING.EXE

C:\Users\Admin\AppData\Local\Temp\BlueLinkrIRC.exe
"C:\Users\Admin\AppData\Local\Temp\BlueLinkrIRC.exe"
1⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:900

C:\Program Files (x86)\Bluelinkr\Irc\setname.exe
"C:\Program Files (x86)\Bluelinkr\Irc\setname.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3276

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Bluelinkr\Irc\install.bat" "
3⤵
- Suspicious use of WriteProcessMemory
PID:1152

C:\Windows\SysWOW64\taskkill.exe
taskkill /im BluelinkrServer.exe /f
4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3584

C:\Windows\SysWOW64\taskkill.exe
taskkill /im Bluelinkrproxyauto.exe /f
4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4064

C:\Windows\SysWOW64\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "SoftwareSASGeneration" /t "REG_DWORD" /d "1" /f
4⤵
PID:476

C:\Program Files (x86)\Bluelinkr\Irc\Bluelinkrserver.exe
BluelinkrServer.exe -install -silent
4⤵
- Executes dropped EXE
- Adds Run key to start application
PID:3676

C:\Program Files (x86)\Bluelinkr\Irc\Bluelinkrserver.exe
BluelinkrServer.exe -start -silent
4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2860

C:\Program Files (x86)\Bluelinkr\Irc\Bluelinkrserver.exe
"C:\Program Files (x86)\Bluelinkr\Irc\Bluelinkrserver.exe" -controlservice -slave
5⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1800

C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 1 -w 100
4⤵
- Runs ping.exe
PID:2120

C:\Program Files (x86)\Bluelinkr\Irc\Bluelinkrserver.exe
"C:\Program Files (x86)\Bluelinkr\Irc\Bluelinkrserver.exe" -service
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:988

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\c8eccdf562fc41118fb56d72a90e0fb5 /t 3224 /p 3276
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:612

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Remote System Discovery

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Bluelinkr\Irc\Bluelinkr.ini
MD5
3f31c9b075e25f73a679bfe65f3aee3f

SHA1
1f0ee097fd1ea920daf90f60b17fdaa02c81299e

SHA256
c4baa97c28c213144a546a25dd2ad3d168c9a7c3becfb312bd13a929ace861b1

SHA512
ca401a1db8e90f8fb69936009f5f50ef8e96f491a9c61cb6935d41ff48c03e6c821bb145aa1e187ccd23e77bcd15643817969f9c5ec382f7f9de8b8368941014

Download Submit
C:\Program Files (x86)\Bluelinkr\Irc\Bluelinkr.ini
MD5
3f31c9b075e25f73a679bfe65f3aee3f

SHA1
1f0ee097fd1ea920daf90f60b17fdaa02c81299e

SHA256
c4baa97c28c213144a546a25dd2ad3d168c9a7c3becfb312bd13a929ace861b1

SHA512
ca401a1db8e90f8fb69936009f5f50ef8e96f491a9c61cb6935d41ff48c03e6c821bb145aa1e187ccd23e77bcd15643817969f9c5ec382f7f9de8b8368941014

Download Submit
C:\Program Files (x86)\Bluelinkr\Irc\BluelinkrService.dll
MD5
27dbb1fec517635721ba6a13e91b60b2

SHA1
6e3823cf8ae6b6fc10570e8fc76c107004fc989a

SHA256
054905d717f149b730d63caf6ca1cc2cdcd9d4f5891ffccbd41f0a59a674f350

SHA512
b517dccc9b63d941577e5f0e0e8492b9a1ddd312ce35c72fd8c31a3645d462820cc78bbbf180967abeec04772bd3940b337162240f07c88ccfbca116dc5b16a1

Download Submit
C:\Program Files (x86)\Bluelinkr\Irc\Bluelinkrserver.exe
MD5
bc7848c0c1539e660657c137f18eecb7

SHA1
ffeddf0da11f70a99980599e88bd77c02ec2a132

SHA256
7c109a43bf859024faaf50c3fa6841478c2d47b7768cf13521d2cd927b402698

SHA512
5a3c75d12d0127e96b729b79dc5f4aed4c7b859eb52eaf717fd51108005a32a5191ac6c87db75497f6219d400753635f196e6e56edb6af448a69dc12721f1c0a

Download Submit
C:\Program Files (x86)\Bluelinkr\Irc\Bluelinkrserver.exe
MD5
bc7848c0c1539e660657c137f18eecb7

SHA1
ffeddf0da11f70a99980599e88bd77c02ec2a132

SHA256
7c109a43bf859024faaf50c3fa6841478c2d47b7768cf13521d2cd927b402698

SHA512
5a3c75d12d0127e96b729b79dc5f4aed4c7b859eb52eaf717fd51108005a32a5191ac6c87db75497f6219d400753635f196e6e56edb6af448a69dc12721f1c0a

Download Submit
C:\Program Files (x86)\Bluelinkr\Irc\Bluelinkrserver.exe
MD5
bc7848c0c1539e660657c137f18eecb7

SHA1
ffeddf0da11f70a99980599e88bd77c02ec2a132

SHA256
7c109a43bf859024faaf50c3fa6841478c2d47b7768cf13521d2cd927b402698

SHA512
5a3c75d12d0127e96b729b79dc5f4aed4c7b859eb52eaf717fd51108005a32a5191ac6c87db75497f6219d400753635f196e6e56edb6af448a69dc12721f1c0a

Download Submit
C:\Program Files (x86)\Bluelinkr\Irc\Bluelinkrserver.exe
MD5
bc7848c0c1539e660657c137f18eecb7

SHA1
ffeddf0da11f70a99980599e88bd77c02ec2a132

SHA256
7c109a43bf859024faaf50c3fa6841478c2d47b7768cf13521d2cd927b402698

SHA512
5a3c75d12d0127e96b729b79dc5f4aed4c7b859eb52eaf717fd51108005a32a5191ac6c87db75497f6219d400753635f196e6e56edb6af448a69dc12721f1c0a

Download Submit
C:\Program Files (x86)\Bluelinkr\Irc\Bluelinkrserver.exe
MD5
bc7848c0c1539e660657c137f18eecb7

SHA1
ffeddf0da11f70a99980599e88bd77c02ec2a132

SHA256
7c109a43bf859024faaf50c3fa6841478c2d47b7768cf13521d2cd927b402698

SHA512
5a3c75d12d0127e96b729b79dc5f4aed4c7b859eb52eaf717fd51108005a32a5191ac6c87db75497f6219d400753635f196e6e56edb6af448a69dc12721f1c0a

Download Submit
C:\Program Files (x86)\Bluelinkr\Irc\HTMLayout.dll
MD5
19660f7dcca5176b0640b2b677e9cb08

SHA1
00d181acb9e07791bb05aabb91b1efbe45ac9f1f

SHA256
fbce41fabb06aba7c07cd0f1c47460a767b580c96b8fc1ec6739b752b2d7c0ca

SHA512
ffc841535c3ad99ae682cd63f4c33fb24d39d9a222d5ebd44053a59bbdfdca413d86da6b392aa6a64ebc38af72527011d6f8d95a0e4b90e324972e19441ad0e0

Download Submit
C:\Program Files (x86)\Bluelinkr\Irc\install.bat
MD5
04f559f28d6a9326e4a8cc40a86b329d

SHA1
a8706c6a489a3ff91a8a5f8cc8c7460d063655be

SHA256
c9da6208ec63e2cb9827f5ae4b6fcf45d14e8c48ac19b34e371e3077db86b853

SHA512
4b0b435b1e279486c5de9bc57458d7cb8b39f1cf2b945ebab6da38cb88574aca8e018beebbe357b2c275d19fffbb8dfaf219de74e39b51267684449913fe2823

Download Submit
C:\Program Files (x86)\Bluelinkr\Irc\setname.exe
MD5
787840101b0cd50716f4805bced1faa0

SHA1
71e7ca88c5f7b5aa257c332703d2ffeed994d22a

SHA256
f407ae3e683bd1d00078278881ad0f44e86130f5d4f15fb36a026ec96e95e55e

SHA512
82838f9f4d311ae98031e9efb72da697fae6a860933f9d9cedd884d515e3f697c47060566f8044bb176bf48a8eca5ec06730a9561a37b3c0447377ce2f5440c0

Download Submit
C:\Program Files (x86)\Bluelinkr\Irc\setname.exe
MD5
787840101b0cd50716f4805bced1faa0

SHA1
71e7ca88c5f7b5aa257c332703d2ffeed994d22a

SHA256
f407ae3e683bd1d00078278881ad0f44e86130f5d4f15fb36a026ec96e95e55e

SHA512
82838f9f4d311ae98031e9efb72da697fae6a860933f9d9cedd884d515e3f697c47060566f8044bb176bf48a8eca5ec06730a9561a37b3c0447377ce2f5440c0

Download Submit
C:\Program Files (x86)\Bluelinkr\Irc\ui\back.png
MD5
51c2e465dc63554abdec6c51251f2a19

SHA1
6bbad8c1944b6b6fce93815c77afdff339348134

SHA256
3094a0489848874c1837d01a812396106412bf10df767ec10492fcefd2cfbdaf

SHA512
021eefb5b6e0d94e79d3a1a61ccc06ad5cdae1ea0c8a3dde4648c1689da21b219af6d88b49a27c229c39b9313d11711beaefc1c74fb8852f4415ed5a72f59a33

Download Submit
C:\Program Files (x86)\Bluelinkr\Irc\ui\close.png
MD5
a02411fe39a126f07f3203cd285bab1b

SHA1
1131bda594b60c63ac15f0d0007d2ca4688daa56

SHA256
3587870c3335581b1f96a010c291c1e4457b8ef0b6ed3c945288c88058f6b31d

SHA512
3c8eea43eaaaf1e97552ce4e8531f96958182fab404fbaeecc2cb6c9ec4a660ecd64d3966fa95193de46984f8382297c02684c37b899e6211192e6bd3e98c496

Download Submit
C:\Program Files (x86)\Bluelinkr\Irc\ui\minimize.png
MD5
be10f697f00fdedaf18e169cd5faa69c

SHA1
bafc0fe42870389b8f0f0fedc40b3bc2a57a3c10

SHA256
eff575cb4a939ec65e61c48c3b443a159e8b2aea41655fbc740e01331e76a984

SHA512
a3271c8ce918f9958618655e31114a3eac0e7a31804ad8a83f0844f749007eb803f5bb3f720e91b651fda8c48c98788d43ad9384b52e6f616163bcc12c58964f

Download Submit
C:\Program Files (x86)\Bluelinkr\Irc\ui\msg.htm
MD5
3deddd1c0ccedc38858d8930c2b7960e

SHA1
577b4e270bfbb77c7abe71b8bf0c5bcd96a93cff

SHA256
df7b17ea71e30ca9e58e829411050e3ab8f13c676d0f4a03a7af569eaef008dc

SHA512
65f07c0171f1fb8f553a0bf0292871c524b5296132d999736c4aa68a6f35543e59de33ee66c8c5a73a30d156012f10a58d95ba62919a710855b88188e26df6ab

Download Submit
C:\Program Files (x86)\Bluelinkr\Irc\ui\newpass.htm
MD5
026bb0ce09ce2ca8e9e69cd0ba9058f0

SHA1
b31364f23334b2680d40d89aba061888ca9bd4c9

SHA256
d6ddaa392e6978b6fd8354a8363e12c8b9623dbffe3820175be4f73ebb832222

SHA512
61f223d6b80946124fa770879cebfb329fdd79b02e5de98e9e2f0ccfcb4ddc2aae1a2001d6df1d7d5d069836f1a02b8c1a9c0af20e0a09d7896f662133e28121

Download Submit
C:\Program Files (x86)\Bluelinkr\Irc\ui\titlebar.png
MD5
6661a793bda035249ca04bbfdc27dd86

SHA1
172144308e0cdf37c8068c1cc61d671a2d1d1edf

SHA256
35cefd888cb072d0c473f611d05bc6bc7c30f59ecdc298a1f8a4d279d450147d

SHA512
be4eab1cf556544500c6d2e12ef99d22e88084f0cfc34cbd1a428bc4811d2613a045e35c847d854bca4d16d890ac3119eea00b47dc71ae750b2c1419cda1264f

Download Submit
\??\pipe\BluelinkrServer_Service_Control
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Program Files (x86)\Bluelinkr\Irc\Bluelinkrservice.dll
MD5
27dbb1fec517635721ba6a13e91b60b2

SHA1
6e3823cf8ae6b6fc10570e8fc76c107004fc989a

SHA256
054905d717f149b730d63caf6ca1cc2cdcd9d4f5891ffccbd41f0a59a674f350

SHA512
b517dccc9b63d941577e5f0e0e8492b9a1ddd312ce35c72fd8c31a3645d462820cc78bbbf180967abeec04772bd3940b337162240f07c88ccfbca116dc5b16a1

Download Submit
\Program Files (x86)\Bluelinkr\Irc\htmlayout.dll
MD5
19660f7dcca5176b0640b2b677e9cb08

SHA1
00d181acb9e07791bb05aabb91b1efbe45ac9f1f

SHA256
fbce41fabb06aba7c07cd0f1c47460a767b580c96b8fc1ec6739b752b2d7c0ca

SHA512
ffc841535c3ad99ae682cd63f4c33fb24d39d9a222d5ebd44053a59bbdfdca413d86da6b392aa6a64ebc38af72527011d6f8d95a0e4b90e324972e19441ad0e0

Download Submit
memory/476-129-0x0000000000000000-mapping.dmp

Download
memory/1152-126-0x0000000000000000-mapping.dmp

Download
memory/1800-139-0x0000000000000000-mapping.dmp

Download
memory/2120-142-0x0000000000000000-mapping.dmp

Download
memory/2860-133-0x0000000000000000-mapping.dmp

Download
memory/3276-114-0x0000000000000000-mapping.dmp

Download
memory/3584-127-0x0000000000000000-mapping.dmp

Download
memory/3676-130-0x0000000000000000-mapping.dmp

Download
memory/4064-128-0x0000000000000000-mapping.dmp

Download