d069cc98d81da2a127a958a0f27929c2f4d28df190423231bd4403d0a2d5738e

Resubmissions

14/09/2022, 05:09

220914-fs6n4adahk 8

14/09/2022, 05:09

220914-fs459shcf2 8

11/08/2022, 20:58

220811-zr9h5sefg3 8

02/08/2022, 11:13

220802-nbqkjsebg7 8

Analysis

max time kernel
509s
max time network
465s
platform
windows10-2004_x64
resource
win10v2004-20220722-en
resource tags

arch:x64arch:x86image:win10v2004-20220722-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2022, 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bad-piggies-1-3-0-en-win.exe
Size

26.9MB
MD5

e7cfb590d467514eae6071e3fe264c4d
SHA1

d5ba530239e3a9fb3af41468db606c6d10503d65
SHA256

d069cc98d81da2a127a958a0f27929c2f4d28df190423231bd4403d0a2d5738e
SHA512

bf9a2f7df2421f5c4530d62fe6f524b75d7d893d3e930005e67433ffafc998fe099379a10eaf93bf6dbc3e548213c5e61ad14820c88c4f5bb5ccbba0bff95849

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

flow	pid	Process
23	1612	msiexec.exe
29	1612	msiexec.exe

Executes dropped EXE 2 IoCs

pid	Process
4260	BadPiggies.exe
1232	updater.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\Control Panel\International\Geo\Nation	BadPiggies.exe

Loads dropped DLL 15 IoCs

pid	Process
2600	bad-piggies-1-3-0-en-win.exe
2600	bad-piggies-1-3-0-en-win.exe
3480	MsiExec.exe
3480	MsiExec.exe
3480	MsiExec.exe
4992	MsiExec.exe
4992	MsiExec.exe
4992	MsiExec.exe
4992	MsiExec.exe
4992	MsiExec.exe
2600	bad-piggies-1-3-0-en-win.exe
2600	bad-piggies-1-3-0-en-win.exe
2764	MsiExec.exe
3480	MsiExec.exe
4260	BadPiggies.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\level10	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\level15	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\level7	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\level8	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\Plugins\Common.dll	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\sharedassets15.assets	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\level17	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\Managed\System.Core.dll	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\Mono\etc\mono\2.0\web.config	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\Mono\etc\mono\mconfig\config.xml	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\sharedassets7.assets	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\Managed\Mono.Security.dll	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\sharedassets1.assets	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\sharedassets12.assets	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\sharedassets6.assets	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\sharedassets9.assets	msiexec.exe
File opened for modification	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\updater.ini	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\sharedassets19.assets	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\sharedassets2.assets	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\Managed\UnityEngine.dll	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\sharedassets0.assets	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\sharedassets4.assets	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\sharedassets5.assets	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies.exe	msiexec.exe
File opened for modification	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\output_log.txt	BadPiggies.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\updater.exe	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\level18	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\Managed\mscorlib.dll	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\Mono\etc\mono\2.0\Browsers\Compat.browser	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\Resources\unity default resources	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\ScreenSelector.bmp	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\sharedassets14.assets	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\mainData	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\level14	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\level16	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\Managed\P31RestKit.dll	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\Mono\etc\mono\1.0\DefaultWsdlHelpGenerator.aspx	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\Mono\etc\mono\2.0\machine.config	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\sharedassets10.assets	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\level2	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\level5	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\sharedassets3.assets	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\level0	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\Managed\Assembly-CSharp-firstpass.dll	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\Managed\Assembly-CSharp.dll	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\Mono\etc\mono\2.0\settings.map	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\Mono\mono.dll	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\sharedassets11.assets	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\level13	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\Managed\System.dll	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\Managed\System.Xml.dll	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\Mono\etc\mono\2.0\DefaultWsdlHelpGenerator.aspx	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\Mono\etc\mono\browscap.ini	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\sharedassets13.assets	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\sharedassets8.assets	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\level11	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\level1	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\level12	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\level3	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\level6	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\level9	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\Mono\etc\mono\config	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies_Data\Plugins\P31RestKit.dll	msiexec.exe
File created	C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies.gdf	msiexec.exe

Drops file in Windows directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE4D5.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE7E4.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{9524C306-CC16-44A0-82AA-996409D1A059}\BadPiggies.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\e57df06.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE0EA.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{9524C306-CC16-44A0-82AA-996409D1A059}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE65D.tmp	msiexec.exe
File created	C:\Windows\Installer\e57df06.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE197.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFEA9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE467.tmp	msiexec.exe
File created	C:\Windows\Installer\{9524C306-CC16-44A0-82AA-996409D1A059}\BadPiggies.exe	msiexec.exe
File created	C:\Windows\Installer\e57df08.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies data under HKEY_USERS 11 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Software\Microsoft\Windows\CurrentVersion\GameUX\GamesToFindOnWindowsUpgrade	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Software	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Software\Microsoft	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Software\Microsoft\Windows\CurrentVersion	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Software\Microsoft\Windows\CurrentVersion\GameUX	MsiExec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Software\Microsoft\Windows	MsiExec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe

Modifies registry class 23 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\603C425961CC0A4428AA9946901D0A95\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Roaming\\Rovio Entertainment Ltd\\Bad Piggies 1.3.0.0\\install\\9D1A059\\"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\603C425961CC0A4428AA9946901D0A95\Clients = 3a0000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\603C425961CC0A4428AA9946901D0A95\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\603C425961CC0A4428AA9946901D0A95\Version = "16973824"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\603C425961CC0A4428AA9946901D0A95\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\603C425961CC0A4428AA9946901D0A95\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A148C9B28A3050442BC4BDC6CA6D2FB6	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\603C425961CC0A4428AA9946901D0A95\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\603C425961CC0A4428AA9946901D0A95\PackageCode = "EB24B15B924843F469A97E87C94E6839"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\603C425961CC0A4428AA9946901D0A95\SourceList\PackageName = "Installer.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\603C425961CC0A4428AA9946901D0A95\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\603C425961CC0A4428AA9946901D0A95\MainFeature	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\603C425961CC0A4428AA9946901D0A95	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\603C425961CC0A4428AA9946901D0A95\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\603C425961CC0A4428AA9946901D0A95\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\603C425961CC0A4428AA9946901D0A95\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\Rovio Entertainment Ltd\\Bad Piggies 1.3.0.0\\install\\9D1A059\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\603C425961CC0A4428AA9946901D0A95\SourceList\Media\DiskPrompt = "[1]"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\603C425961CC0A4428AA9946901D0A95	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\603C425961CC0A4428AA9946901D0A95\ProductName = "Bad Piggies"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\603C425961CC0A4428AA9946901D0A95\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\603C425961CC0A4428AA9946901D0A95\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A148C9B28A3050442BC4BDC6CA6D2FB6\603C425961CC0A4428AA9946901D0A95	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\603C425961CC0A4428AA9946901D0A95\SourceList\Net	msiexec.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4436	msiexec.exe
4436	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4260	BadPiggies.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1612	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1612	msiexec.exe
Token: SeSecurityPrivilege	4436	msiexec.exe
Token: SeCreateTokenPrivilege	1612	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1612	msiexec.exe
Token: SeLockMemoryPrivilege	1612	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1612	msiexec.exe
Token: SeMachineAccountPrivilege	1612	msiexec.exe
Token: SeTcbPrivilege	1612	msiexec.exe
Token: SeSecurityPrivilege	1612	msiexec.exe
Token: SeTakeOwnershipPrivilege	1612	msiexec.exe
Token: SeLoadDriverPrivilege	1612	msiexec.exe
Token: SeSystemProfilePrivilege	1612	msiexec.exe
Token: SeSystemtimePrivilege	1612	msiexec.exe
Token: SeProfSingleProcessPrivilege	1612	msiexec.exe
Token: SeIncBasePriorityPrivilege	1612	msiexec.exe
Token: SeCreatePagefilePrivilege	1612	msiexec.exe
Token: SeCreatePermanentPrivilege	1612	msiexec.exe
Token: SeBackupPrivilege	1612	msiexec.exe
Token: SeRestorePrivilege	1612	msiexec.exe
Token: SeShutdownPrivilege	1612	msiexec.exe
Token: SeDebugPrivilege	1612	msiexec.exe
Token: SeAuditPrivilege	1612	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1612	msiexec.exe
Token: SeChangeNotifyPrivilege	1612	msiexec.exe
Token: SeRemoteShutdownPrivilege	1612	msiexec.exe
Token: SeUndockPrivilege	1612	msiexec.exe
Token: SeSyncAgentPrivilege	1612	msiexec.exe
Token: SeEnableDelegationPrivilege	1612	msiexec.exe
Token: SeManageVolumePrivilege	1612	msiexec.exe
Token: SeImpersonatePrivilege	1612	msiexec.exe
Token: SeCreateGlobalPrivilege	1612	msiexec.exe
Token: SeCreateTokenPrivilege	1612	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1612	msiexec.exe
Token: SeLockMemoryPrivilege	1612	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1612	msiexec.exe
Token: SeMachineAccountPrivilege	1612	msiexec.exe
Token: SeTcbPrivilege	1612	msiexec.exe
Token: SeSecurityPrivilege	1612	msiexec.exe
Token: SeTakeOwnershipPrivilege	1612	msiexec.exe
Token: SeLoadDriverPrivilege	1612	msiexec.exe
Token: SeSystemProfilePrivilege	1612	msiexec.exe
Token: SeSystemtimePrivilege	1612	msiexec.exe
Token: SeProfSingleProcessPrivilege	1612	msiexec.exe
Token: SeIncBasePriorityPrivilege	1612	msiexec.exe
Token: SeCreatePagefilePrivilege	1612	msiexec.exe
Token: SeCreatePermanentPrivilege	1612	msiexec.exe
Token: SeBackupPrivilege	1612	msiexec.exe
Token: SeRestorePrivilege	1612	msiexec.exe
Token: SeShutdownPrivilege	1612	msiexec.exe
Token: SeDebugPrivilege	1612	msiexec.exe
Token: SeAuditPrivilege	1612	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1612	msiexec.exe
Token: SeChangeNotifyPrivilege	1612	msiexec.exe
Token: SeRemoteShutdownPrivilege	1612	msiexec.exe
Token: SeUndockPrivilege	1612	msiexec.exe
Token: SeSyncAgentPrivilege	1612	msiexec.exe
Token: SeEnableDelegationPrivilege	1612	msiexec.exe
Token: SeManageVolumePrivilege	1612	msiexec.exe
Token: SeImpersonatePrivilege	1612	msiexec.exe
Token: SeCreateGlobalPrivilege	1612	msiexec.exe
Token: SeCreateTokenPrivilege	1612	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1612	msiexec.exe
Token: SeLockMemoryPrivilege	1612	msiexec.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2600	bad-piggies-1-3-0-en-win.exe
1612	msiexec.exe
1612	msiexec.exe
4260	BadPiggies.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 1612	2600	bad-piggies-1-3-0-en-win.exe	81
PID 2600 wrote to memory of 1612	2600	bad-piggies-1-3-0-en-win.exe	81
PID 4436 wrote to memory of 3480	4436	msiexec.exe	84
PID 4436 wrote to memory of 3480	4436	msiexec.exe	84
PID 4436 wrote to memory of 3480	4436	msiexec.exe	84
PID 4436 wrote to memory of 4992	4436	msiexec.exe	94
PID 4436 wrote to memory of 4992	4436	msiexec.exe	94
PID 4436 wrote to memory of 4992	4436	msiexec.exe	94
PID 4436 wrote to memory of 2764	4436	msiexec.exe	95
PID 4436 wrote to memory of 2764	4436	msiexec.exe	95
PID 4436 wrote to memory of 2764	4436	msiexec.exe	95
PID 3480 wrote to memory of 4260	3480	MsiExec.exe	97
PID 3480 wrote to memory of 4260	3480	MsiExec.exe	97
PID 3480 wrote to memory of 4260	3480	MsiExec.exe	97
PID 4260 wrote to memory of 1232	4260	BadPiggies.exe	99
PID 4260 wrote to memory of 1232	4260	BadPiggies.exe	99
PID 4260 wrote to memory of 1232	4260	BadPiggies.exe	99

C:\Users\Admin\AppData\Local\Temp\bad-piggies-1-3-0-en-win.exe
"C:\Users\Admin\AppData\Local\Temp\bad-piggies-1-3-0-en-win.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Windows\system32\msiexec.exe
  /i "C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\Installer.msi" AI_SETUPEXEPATH="C:\Users\Admin\AppData\Local\Temp\bad-piggies-1-3-0-en-win.exe" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\" EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs "
  2⤵
  - Blocklisted process makes network request
  - Enumerates connected drives
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:1612

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4436
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 515A1867C4DBA003D0F5CD6EE98DD250 C
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3480
- - C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies.exe
    "C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\BadPiggies.exe"
    3⤵
    - Executes dropped EXE
    - Checks computer location settings
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:4260
  - - C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\updater.exe
      "C:\Program Files (x86)\Rovio Entertainment Ltd\Bad Piggies\updater.exe" /justcheck
      4⤵
      Executes dropped EXE
      PID:1232
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 7378C4114C5A7DBCD2BB48AF1A39B789
  2⤵
  - Loads dropped DLL
  PID:4992
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding EDCAA05539250DEB703CB0E0D3D04699 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Modifies data under HKEY_USERS
  PID:2764

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4d8 0x498
1⤵
PID:3756

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\46DE64130271B61D13A0FAFD9465377C_84EBB610FC8D8EF3B7713A6E829172A4

Filesize
1KB

MD5
00553f99ebb070bae4f336b30e2a9819

SHA1
aa2feb0ff368b65ee04ee4e159d2f8bde0af6dbd

SHA256
a0fd30af95fae65fb40469f2820378cde38dc18a531f0a945e45d38a0e4b5e50

SHA512
ef5b88f39a78691b13a1688090b56b47a894ed4da511acf998e4e489fcabe95d4bfe9a045669c4c0cdde54804a93585d91eef7d077202ffade9d40a7e9410a08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BBB768C456D9E2DCD3EF595C400D483D_64C05B9EB32FC3D0CE6CB126561EEBFF

Filesize
1KB

MD5
b80bb8270a42c0be192d89d2099e5c8b

SHA1
d505e5dd07a533e9c802a0811229deec8d27968b

SHA256
e9d390097c7c371072d23f852724dae32b2ebe204585799e4c3d1379f106b86f

SHA512
121bda78c4ddb8ee7abb344ee9a192b39dd33e943ae734f45601dd75b2300a124c65fdbc1b72defce668c3233b0ba4bcfec302da63d0fb287ff32f20026ca295

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\46DE64130271B61D13A0FAFD9465377C_84EBB610FC8D8EF3B7713A6E829172A4

Filesize
466B

MD5
e3e542500c6a72c3a363e3d782e5ae9e

SHA1
71269b00db13d89f3a104bd4b575753e1e476e9b

SHA256
9f0cc78a5b2e6fc183b64fade001a96f20bd2368cd645f622be41bf4aca20584

SHA512
611f8b66f33b5d9b989c990455405105619b4b28123acce4b7afc7ac4b24dae6e7ddaa27c3b80269f791a30d9c652f8e30db12f4eb6a0e1e6223d4fde79f5b7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BBB768C456D9E2DCD3EF595C400D483D_64C05B9EB32FC3D0CE6CB126561EEBFF

Filesize
444B

MD5
bec78d5d28fb72df24683eca85f65271

SHA1
b3aedf0a80224fbef71575c78b99a77661d553f5

SHA256
09c89fc8d87d6d25763c9a1b576fcca15d1aa9a88acc3e30f03664a369ad0a7e

SHA512
c75176e0b85995a20c1fadf2d3794ab1b61983b8b1bf4d2c6d7b8237084546c812d629b1743f4a51885569a1db4330a6a32c0bbbbd6289401c4eb4e59277b18b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB277.tmp

Filesize
70KB

MD5
c21c03a2f0b88b9b76b1e43c6477be8b

SHA1
0bf4c242a4530b6994d5eb6d03212c668f4596c7

SHA256
65247f299c9f78c9041087df2e043e469295146645120c721629f9e048a3e378

SHA512
b678e34e2bb6b049bee1827d7b7b78c4ed6204b4ef7c23a12c43c5c0c566d9cbfd0bd177016bca79d63b1394bf0dcc1b32e98b423a2d23b5d5e3a4f05775add1

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB277.tmp

Filesize
70KB

MD5
c21c03a2f0b88b9b76b1e43c6477be8b

SHA1
0bf4c242a4530b6994d5eb6d03212c668f4596c7

SHA256
65247f299c9f78c9041087df2e043e469295146645120c721629f9e048a3e378

SHA512
b678e34e2bb6b049bee1827d7b7b78c4ed6204b4ef7c23a12c43c5c0c566d9cbfd0bd177016bca79d63b1394bf0dcc1b32e98b423a2d23b5d5e3a4f05775add1

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB537.tmp

Filesize
70KB

MD5
c21c03a2f0b88b9b76b1e43c6477be8b

SHA1
0bf4c242a4530b6994d5eb6d03212c668f4596c7

SHA256
65247f299c9f78c9041087df2e043e469295146645120c721629f9e048a3e378

SHA512
b678e34e2bb6b049bee1827d7b7b78c4ed6204b4ef7c23a12c43c5c0c566d9cbfd0bd177016bca79d63b1394bf0dcc1b32e98b423a2d23b5d5e3a4f05775add1

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB537.tmp

Filesize
70KB

MD5
c21c03a2f0b88b9b76b1e43c6477be8b

SHA1
0bf4c242a4530b6994d5eb6d03212c668f4596c7

SHA256
65247f299c9f78c9041087df2e043e469295146645120c721629f9e048a3e378

SHA512
b678e34e2bb6b049bee1827d7b7b78c4ed6204b4ef7c23a12c43c5c0c566d9cbfd0bd177016bca79d63b1394bf0dcc1b32e98b423a2d23b5d5e3a4f05775add1

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB6A0.tmp

Filesize
70KB

MD5
c21c03a2f0b88b9b76b1e43c6477be8b

SHA1
0bf4c242a4530b6994d5eb6d03212c668f4596c7

SHA256
65247f299c9f78c9041087df2e043e469295146645120c721629f9e048a3e378

SHA512
b678e34e2bb6b049bee1827d7b7b78c4ed6204b4ef7c23a12c43c5c0c566d9cbfd0bd177016bca79d63b1394bf0dcc1b32e98b423a2d23b5d5e3a4f05775add1

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB6A0.tmp

Filesize
70KB

MD5
c21c03a2f0b88b9b76b1e43c6477be8b

SHA1
0bf4c242a4530b6994d5eb6d03212c668f4596c7

SHA256
65247f299c9f78c9041087df2e043e469295146645120c721629f9e048a3e378

SHA512
b678e34e2bb6b049bee1827d7b7b78c4ed6204b4ef7c23a12c43c5c0c566d9cbfd0bd177016bca79d63b1394bf0dcc1b32e98b423a2d23b5d5e3a4f05775add1

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies.exe

Filesize
9.5MB

MD5
e8de986785e24e4be2df659d0b809087

SHA1
b334e2ceab36b1f29d7c759cbe0b338050c6c8b3

SHA256
0a4ce4bbeb3615aa0344d7b892b3e860071e2fc860a82402bb1a2ca8e6d25a07

SHA512
f864d42a901c7063e71a4753f3d64d2cc28114c01e31dd8aaef341ba3278e8a36866c48506b31fd35f68ac33b1b22111cd6a3ea74ba9b57b86bd24fd8b68ed92

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies.gdf

Filesize
192KB

MD5
6dcc2320bfcda02b22c0862b1572e471

SHA1
255b3a7befcc9699476ed1fcb99b418c26538f5a

SHA256
3912f5cb0444bce1c690e37ab78a6d8ec9815f74127ab5c10ca0908f7fd0fd85

SHA512
4eaae805f69488a3611552cf9c36312bce1a3daebd437cad2a2b5879b8b6309b23d00f6ec4eeb1ef96f7a7038f224a98d67f33ead5044edd893dc8aa266209e6

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\Managed\Assembly-CSharp-firstpass.dll

Filesize
22KB

MD5
2014c1a762e25152d9a275bd838b14a1

SHA1
4565b5feb75b840537372fdfda6fb9ebcb3563a1

SHA256
149910947f7768193bc71d03b2eb960b2d737d963e0b122924c7a567092d879f

SHA512
23b06e8953e0765c0b95ad5b89cf3632bde9bf6d4e53fbb57e1e1552affb51cc5b752499fe71e42aa423864117c253b39f0f400c16cf0c854aa71fca09a1a576

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\Managed\Assembly-CSharp.dll

Filesize
602KB

MD5
5dfeafcf02267110622c14af11f00d2d

SHA1
751a01cab0ec083e456d6e58e80ea01298bd199a

SHA256
e18bbf86aab3763a6543c507a94ca53b61451facce186c6a5b5d87394574374b

SHA512
0f6fb62616c8b8a67ac80ec50e44fbfcbb285c678075f456047d353a2ce8469ade66e441231d37e159a8e640f7d667f82072b9593cc6c5849827bc51c3ce2a61

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\Managed\Mono.Security.dll

Filesize
286KB

MD5
95c1cd2861f793433775148e1e841c6f

SHA1
99d40dc7685cac3f9aa8fdb56f5eb8baee6fbf93

SHA256
13a1a66056f93ba82923e802b1ab595f0f2da0ddfccdc312e0ebc7cd61bddd27

SHA512
3f234d072e915c138a02dd17c4a792020cd5f627695e0223dfbc5cfea95b53cb4ac7c9343947ab8ccf2f92f914b25ca0526e15b2b1c5df6397d0c829141cb189

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\Managed\P31RestKit.dll

Filesize
32KB

MD5
24189ad3d3b7456d983a11b22d09fc6c

SHA1
dd313506525223c6eb5742551aa8f4caaf76d368

SHA256
1d4f11db4e34dc06207e5260f7d86fbc90a7bb028f359dad952501b90e5129aa

SHA512
a5c3c1a773a77348707aba7fa6033ab57d34a63274c8d4bb655181ae266c4db89d5d30ab14ffc2769496646b69b9ac71074c8f6dc04554aa039bfed4ff8bec12

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\Managed\System.Core.dll

Filesize
262KB

MD5
7d058bedd08dd9e185d3dd76c3b50020

SHA1
265324e462a0d7fbd086b559427dc3a36c42dee2

SHA256
f694394a3e16c10a49e2ad066630e9d00789c3029ada81ff3dd6a6050054629f

SHA512
eecde97485f0dca9b8f80a49203b69e00641eec5a27cfd8307f297e764e502d5aa6f86d7f980e716907b8f95ef767c01e00d89a6cead6e8da31f9e4bbf1de7f8

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\Managed\System.Xml.dll

Filesize
1.2MB

MD5
5f2fc4c6f5ee80115cac06e760cea108

SHA1
36ee73fc45fe3bba542fa8cd88a8e980d01b9ea9

SHA256
053184d9afa42f1a454d5a1ffe17980379a329a1808a24f18b26c61560070214

SHA512
b26055d1ec6f2b69c569da84417d9b70390903486da0b7ae4fb2667e954c54a5543065b0c7011570178c19b4e6d258346c76aae6a96d384d9892a09848274dfc

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\Managed\System.dll

Filesize
1.0MB

MD5
9091200af3d06f8afa16f8ef4ccade00

SHA1
043f64e546e4e3530e60d87055fd5c2913915f6b

SHA256
33ea7a39c6a52f31be182622b2010cfd4eac296e2661a9ecf1fced586f889b9b

SHA512
2c83e6100d9f0f6274089fb935d98c7c5112704e5fb0cf6ac23685b348656d553d608d5ffe3f9488720100955a1cfd553f3451b9577986ec66221f81fda704d4

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\Managed\UnityEngine.dll

Filesize
485KB

MD5
7746daff94d9ad4ecb69999a5aaa18ea

SHA1
2474fdbd050379f46b62a1a6c11f11243e03b886

SHA256
36eaf3144bc51d7bb6e1f7913cb26c0d039fe250df56da4f56d68166c8e81f40

SHA512
6d8bf69992010cfdd80ec22f7b8d08f5bd3b28a7cb4b9b83439aaaa0c75f16ed4f5a23a000fed9148716548b76ab0a72bcc83bf0eb1800aac1fdbf410dce493c

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\Managed\mscorlib.dll

Filesize
2.4MB

MD5
74eac6174cf25cf70310934b69e7ca46

SHA1
78be02356a20496fbd71d9ca7995aa7f3eb25b40

SHA256
34abc1b75de24cb13460bca3dce31020ed23b37d0fbcd7ca53ebbda234cf15bf

SHA512
c9384943a3d7e10195f130cca009432bb0961b1fe6d80644f95e0d25a1786ad3b6f652712c3870f76e4171d7509f08b20ff8eddb56173bd38e307608923763df

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\Mono\etc\mono\1.0\DefaultWsdlHelpGenerator.aspx

Filesize
56KB

MD5
66fed2411c14a0fc8ce4c593ef601bfb

SHA1
4680a34aae1193f1e4a6aac1a5dd3c307de257fb

SHA256
d87d5196b2ae2abf4e673315e1fd22c3a44df80192f23e89b78108579c287524

SHA512
331874a9956c87db0646e4d21937a88009804a59fdf5f5882ea5b1dfb7dd7ef17724e09877d98f52e7327bbf38a46dde0c54d5c85f1e860b88322bdfad64679d

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\Mono\etc\mono\1.0\machine.config

Filesize
16KB

MD5
8dccd9a98d2575162aa366224a983c08

SHA1
4eedcaa785182201857134d8432807bc30742f6a

SHA256
1ba3755323483de257587a7276180c65d96824d441f95feb28f819e77a0cf767

SHA512
96b6beb2bf56334ad5e7d0b95079107ce736b45011679bf9a2ecd295636ceb7f0748e84bdebfdde37cfe45ab28716e4cc5fe2441e986777369a319cc0c5ecfc5

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\Mono\etc\mono\2.0\Browsers\Compat.browser

Filesize
1KB

MD5
0d831c1264b5b32a39fa347de368fe48

SHA1
187dff516f9448e63ea5078190b3347922c4b3eb

SHA256
8a1082057ac5681dcd4e9c227ed7fb8eb42ac1618963b5de3b65739dd77e2741

SHA512
4b7549eda1f8ed2c4533d056b62ca5030445393f9c6003e5ee47301ff7f44b4bd5022b74d54f571aa890b6e4593c6eded1a881500ac5ba2a720dc0ff280300af

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\Mono\etc\mono\2.0\DefaultWsdlHelpGenerator.aspx

Filesize
59KB

MD5
3b3452c399f27a24ea5a589c7bfe750b

SHA1
b06cb1d09ad3bbdf1d8214c910e3da2a228d113c

SHA256
ae044cd9cc2c7c42f8864195125ab440472d657e5f0d55e131f7890bd45c518a

SHA512
41c099350159e942be8bc04c8f59c7fb0fd4bd99db46f1c0158f0fa053c08ae0c73e9d169f6816b77376283cce5beafdcfe5d3d5e3b98e8b358d67c34b954a04

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\Mono\etc\mono\2.0\machine.config

Filesize
26KB

MD5
603173d56ace47a2d90b87ffbc3bfa91

SHA1
889d20428d2f8a60f7aeead5d0da4009200e5365

SHA256
2d2fccb3f1afe931f7f4df289caf9fcfa31578b4fb4e1f610d3530832848e70a

SHA512
7b8b8073ebae8a31605ab127e2549a013f59da5d4de0fba933aeca7119cfc937111e48a2354e41c794dc0082b6c08ad50724ae806fde8f95a946d55d2ebdb7f5

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\Mono\etc\mono\2.0\settings.map

Filesize
2KB

MD5
55dac562878b7dd98ee8a7ad203a26e6

SHA1
d16baa15e7d3042bcf9d7318209c696f4daf2cb0

SHA256
ca89036b7d7f1ae9311a6a2fbcf05fc5b997bd43fd21dd54e11c18018ef65f08

SHA512
987c5cd86a9825953de670e5c15404694feb15cd5fa9afa8af4c2d5bda9d805839c9695d44122b32e0ffafe08d720c3df58000e89c8822fd9a5eb28eaf2ad478

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\Mono\etc\mono\2.0\web.config

Filesize
11KB

MD5
2b6303c4f12762b71051db6e947f90a4

SHA1
a4d7e05516f63d6ab67327b299d4fb2852cb840b

SHA256
3c1a76a5849074b437d297656a208a3bef6d84b982153542b9c797046c601dfc

SHA512
80f5da60654e1851ef21526e434b32d94e18883a08bacbbaa0e1f85b80469c46510b6ddb9b429f16cc4be89c6f2bb2627bbae9cb1d0c7e45b665efb7721c6d86

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\level0

Filesize
168KB

MD5
ba96484e8c6698f3e8afc9e6cb332298

SHA1
394bdb0a12126e7a03b8fab4fd4e84ef0f42c577

SHA256
c4b9b70a12a60dc188a39b78d80306d8bcddc73ef33f8c4c680675afc1b02e66

SHA512
eaa7a62b1fd4a00e923117180222ae23181b7ebdbf03aff516a2c70fa08b7301da4022249ec93b6e4ee56f00d5b498a6cf1949d0af154d731babed7a4ac43547

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\level1

Filesize
6KB

MD5
d730289853f031b047b5662d510c559d

SHA1
fa91730c86cc44e4225db1bb0d71f2300666d06a

SHA256
ee73d6d48827958cc1b3be2cec1c22178d99d8bcd661739eda497882cbc027f6

SHA512
798ec952c99d7e85d745c3e0ee92474bcf383799889321d561437471f8fb5a30d0bd17a5ffeabdf93693267b1fe37417fa38aaf631dcd6686ca6ab27db907bfd

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\level10

Filesize
49KB

MD5
265acf1cbd2b45e26d5c25f4ec189bfc

SHA1
5a655b9d4ec8335f06c7c8810f5b95701378089c

SHA256
32cfe17b6de4c1d72bb1dfb5acdaf175ea6221796daf1931af3f5c611685f8e7

SHA512
db8379b50ab5e574884858045472969100198f2a9119120093ba6b568a60cae0d429f82b85658d1eedc7e6edf92113b5a09744aa28153fffca066ac9789623a1

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\level11

Filesize
47KB

MD5
234e17498c2ffe7475ea81230308d181

SHA1
2b4a32d5e687941c53114cb439624e94be095fcd

SHA256
5f0df1c62fae253bb76f6b05417d998ab954896f34489d5ba383050de22101bc

SHA512
da79fdd2943fd928f5d6ae40105136696c86bc76d48664e62c9b10ddcb30be62f446e3b44d6453966f52654552c64c0b18f2cf0bbe17878bd7a9df5f942c20ea

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\level12

Filesize
8KB

MD5
876a5a27ee84f20e6eeae3e1b7cd6810

SHA1
c9ee3b577968130609fb64e056256ec22da32f95

SHA256
a8eaf9e4443158df8ea12c92baa9e05fb5063d70ec82eb2c9e9a8d9ef4c29384

SHA512
2cabb68e1a5a801b4fc85741dc2cf11652929e282081d30984b46bab441b65569c5b9fd3b55327fda941cf467802da550bfaeef23c0dc304f7cd1d65c946453d

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\level13

Filesize
12KB

MD5
8fc0da9cdd09d263b04a8918168d9b97

SHA1
d3e2e2ad06312171ab94b984b15af0fc84807899

SHA256
e4805814789a4182e2c4a923f8ccfbe72cfcc6ad7a9cedee36af52341a8fb520

SHA512
a281cf7023a64145a8418d66a9c5ef80920ecac6c11dca2bc42afc6f7ea7560c71c8a3c768b032aaa3443658aec69c130a45e4863a825f2ee058dbcfe797033c

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\level14

Filesize
173KB

MD5
c31780e7809c25dfdef2ee6fdbc8fd96

SHA1
b0d0e60ca60c9e8b9facd413bdea573becb64902

SHA256
1e5475576d4b03554add7cbd04aa2413a8ad8c613df8e2feb0ef9b1856f7838c

SHA512
f27cb692c36ef0800eb044148e10bd009472bac7ceb45c80cc6ad4e36d5f7c4ba0a7528cf7521a751554d1d78ebe40f2f3b3cc4ad7d7355a323eb47bd7843518

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\level15

Filesize
195KB

MD5
c8e757b1762ba8a5226a52e7ed5c708c

SHA1
214d88f5447e58f6c7b5e9c7dfa4562b91233513

SHA256
4eb36c89595c70c2b68031a77d0fa6d22f5648e4bc4039b0fb73d14a4f8a2a8f

SHA512
bf76e138b9a7d3086f871de6efde9b04d433bee24f853992ec9dfc60124aa30f12fd8ba2a7a8736104058778a08f7cc65bcc2793d7809937f3a0dab50f0e20ff

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\level16

Filesize
5KB

MD5
6fada80b12e0b99e7bc83ce323aa17d2

SHA1
849f6b325a919c7909d98dd7dc83adcdb7b1ae44

SHA256
94c8a4b7f8f4dfe94d4810b2133e64644d8614f1833714de69301303d02cb3a0

SHA512
cf5c8a5d8d602d7b2742cd160293257ba993c3a18c7c1d10c61df5590578989af14d6028d9fb1a9a7d3689d27fca5153e17c2de1212ad2673f3afaa59a642a8c

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\level17

Filesize
6KB

MD5
774f6efd5de09d1f79954ceff580ab31

SHA1
786845cdb959332c18f5142ab74d9c10c8e480a6

SHA256
52d8f32c0495cc071d9f35a0eb1a823fa5d0bb1c110cfa128599823dd7eeefcf

SHA512
a55c309f17a281ae5caf597ae888f92c6a3d8ad7fc8e52d7ae8a2f5534a878f863a079ef1dc6da035046499dbfc206c313470c0d985610492968f51b0236447d

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\level18

Filesize
7KB

MD5
c7bf2d7927e7010efa0a5ca48486caf5

SHA1
85fc80317ac90b01667c460ba50f15d47c2fb8a0

SHA256
60b3064fdf590205909e03e9d22a307737836bac8606572af28885000a2c553e

SHA512
334f6f28860e078fc384c51f3dd364a2890d8b3c7206896625e6c3852ff0913fb05df342f3ed8cab8b202c9bf18eeac0d782e6697303a523315f5e02ce175291

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\level2

Filesize
8KB

MD5
4f7850f458f0ccbf7f97ee863d6b47b8

SHA1
ade1eee9d27c8b41e30d98fe21f8fa045dd254ec

SHA256
06906c65025056187bdf144d442c73eb2ceef836f1e93fda7cf7b85f681b438d

SHA512
718e71b942679435732b38f7b2f4d401e592404d924d387a721a5f4ba3ac026a600652acccd96e66e1885530e0ab26d0083bbf5e53c74afc7475c32ee3cabb8d

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\level3

Filesize
6KB

MD5
700e63f062ddc3d8775bd688ab86115c

SHA1
db1e3971b393f69617164b0eb04c6e4c09eb64ff

SHA256
20e36125e62d30372519ea58e1681bb00106da147654ff6d1bb9d37cf06ffd86

SHA512
f64f4d49f089f566be5e9d94c9fb0e0de207fbb52d2d2a75937f84b27671f98353f202421670ba587e1be12fa79df089603d0faa8313dfa331327ba43538dd21

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\level4

Filesize
8KB

MD5
eb85b4f962d8c455f8bf99ba90b38faa

SHA1
8a0b3d55c89dbec991d86623f12c19d296d258bf

SHA256
bd4db4abc898c9bcefc3d4856c6fca3d67960c89826de808271f2e86ce0e7049

SHA512
23c6f7538e7cdef2a4f1deb00fff4a445141d7993e06d62b8c1a1a43ad958d265000c6bf9c26a8b9e255822232e43f582df17d7deac360c08583c440b40eb587

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\level5

Filesize
6KB

MD5
1259d9ede85b20f05b9ebae7603e10f7

SHA1
519181331b26616cde4828296ebfb7637a6db30a

SHA256
421bcf9c23e32729fd21b7a0834a99a554b98777e785d76c78c68df7098a9696

SHA512
6b52a95881a0af4539cc26dace7496b0f76ef0a01902c5e7df981316d55016a720ee4bc21bfbdbc4b8ac6bafda24e4f0396887c98f37c4196d447e4ed1703724

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\level6

Filesize
7KB

MD5
8dbf22e272dfb394ce4367e6be26fed4

SHA1
652bb41e95c623df1d9bf0de5dea71cb5a455351

SHA256
e876eb92264bb3b81be6c5892515fe48e6963fa706fc7807693102e4c3f0df83

SHA512
9754adecec4fa04d687e6c5fb782b3b34d76e07537b57ffd51db24abfc57406a9bc311bd0795e035bac0e3766d4b1ceff7cc27b9a4bab1fc650246c922a2de54

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\level7

Filesize
4KB

MD5
ff947283bb8427b425440253e4631022

SHA1
04ab34181e71a18a7f72621ae4bd80272c527938

SHA256
8de62f1e52a24421846e5e69c8de14011604caddabe5359b014b8b37878f9e37

SHA512
22514be08282f6dd16469486dc1ff7f51129633ec3864be8a3e3fded6113c9e2c65856b30c1f3048077ca29d123fcbac6b70ca03fdde09bf739eaf6db50397b2

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\level8

Filesize
102KB

MD5
a008dac012908acbfd666335b4d5798c

SHA1
ed082b0196569d99a8c324779ca94aea1e978ce3

SHA256
187e5cc439f43f94d696f05e08b7b933386ed3882003ed899eaac0a9339757c3

SHA512
de12addf719bb7c135d0183e009b73929e5209b7096fa321d9e7caaa8626f845cbf75a6f06bd5a2acd3b92f5079cd7248c3b149db6878af67223c1040701c6ae

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\level9

Filesize
122KB

MD5
0c5148c079965ff0ffa9e80cacc76b53

SHA1
d06627b25e72b9b89efe543ad623dc6f59f44efc

SHA256
ede4841d027b1c870406fd65188660a65e885bf6701caea0ab664fc35f319d2c

SHA512
435f0a5a2620748fb9ff19df3bd72ceb4fd36c42a61756fd82ff6bb534b47b26f4a5dd136f9557276aafce8ce92abf69893a72ee903f928351d546e41065d485

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\BadPiggies_Data\mainData

Filesize
78KB

MD5
f951c67b22d156151125774a178b45c0

SHA1
1bb4ccc203cab28202e025607a662db9d78a3461

SHA256
1c88e3013db929fd7ebb1f3bd4cc044dcba4e19552f850f76276d38c26d2def1

SHA512
ac02a843d4572db295d8e15e3c599ece7132a5b7dc30add8eaa73d2922d910a4c4aa6b14c241245445ab9c184f01a2680d4fcd1594d1234a32573e6c2abcb5f4

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\Installer.msi

Filesize
963KB

MD5
28f5b2639aa751eb175fe3ccf989ecd5

SHA1
38f98d6a25660fc3d4c28b48537d38e792e4eaa6

SHA256
a3683613d47a5d9e64725c34dd5c8ccf27134a834c8403df8d9ec1f92acdc128

SHA512
05e6d0c880412580e9132def3ebc556acd22a8726e60e9ddc197e5bb47d7aac11f9b10ec4b511195391189158b234835ed88eb5b125cf39ffde75304f2abd388

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\9D1A059\updater.exe

Filesize
311KB

MD5
6c971aa656d8e7d9864664af294f211d

SHA1
2e1a138cf15c81010e7cf45989bfa42a2c2567ad

SHA256
dea1369587624f1373d9084fcb65179848d14a41e958baa6f30e98d5fb4c38fd

SHA512
e486a113b110f80fa090cb94d2bda7f000cd21160254aeafbdb342bb25c238b35a205a4efc2266ae1320cf6d601c97aee6ddcb4faaca2e6b7a3b976d17fb037c

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\decoder.dll

Filesize
120KB

MD5
7fe03d84ca384aa478bcdf4ba3558983

SHA1
e7bf3412cb9747a4bf92639a9290a70642f0fd6d

SHA256
25c027fa14602412c0692c619e5e6b696a5ddaa4577364989a098fb7605feb6f

SHA512
6d71103cd23c791fe82dab15ae4786a2ec13a98dfcb3120a4f22a6eaf31d07a58d54c8d501e1ecc52cd4031dfd484eb5cbaa6138476166050ca123f381aa3e35

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\decoder.dll

Filesize
120KB

MD5
7fe03d84ca384aa478bcdf4ba3558983

SHA1
e7bf3412cb9747a4bf92639a9290a70642f0fd6d

SHA256
25c027fa14602412c0692c619e5e6b696a5ddaa4577364989a098fb7605feb6f

SHA512
6d71103cd23c791fe82dab15ae4786a2ec13a98dfcb3120a4f22a6eaf31d07a58d54c8d501e1ecc52cd4031dfd484eb5cbaa6138476166050ca123f381aa3e35

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\decoder.dll

Filesize
120KB

MD5
7fe03d84ca384aa478bcdf4ba3558983

SHA1
e7bf3412cb9747a4bf92639a9290a70642f0fd6d

SHA256
25c027fa14602412c0692c619e5e6b696a5ddaa4577364989a098fb7605feb6f

SHA512
6d71103cd23c791fe82dab15ae4786a2ec13a98dfcb3120a4f22a6eaf31d07a58d54c8d501e1ecc52cd4031dfd484eb5cbaa6138476166050ca123f381aa3e35

Download Submit
C:\Users\Admin\AppData\Roaming\Rovio Entertainment Ltd\Bad Piggies 1.3.0.0\install\decoder.dll

Filesize
120KB

MD5
7fe03d84ca384aa478bcdf4ba3558983

SHA1
e7bf3412cb9747a4bf92639a9290a70642f0fd6d

SHA256
25c027fa14602412c0692c619e5e6b696a5ddaa4577364989a098fb7605feb6f

SHA512
6d71103cd23c791fe82dab15ae4786a2ec13a98dfcb3120a4f22a6eaf31d07a58d54c8d501e1ecc52cd4031dfd484eb5cbaa6138476166050ca123f381aa3e35

Download Submit
C:\Windows\Installer\MSIE0EA.tmp

Filesize
70KB

MD5
c21c03a2f0b88b9b76b1e43c6477be8b

SHA1
0bf4c242a4530b6994d5eb6d03212c668f4596c7

SHA256
65247f299c9f78c9041087df2e043e469295146645120c721629f9e048a3e378

SHA512
b678e34e2bb6b049bee1827d7b7b78c4ed6204b4ef7c23a12c43c5c0c566d9cbfd0bd177016bca79d63b1394bf0dcc1b32e98b423a2d23b5d5e3a4f05775add1

Download Submit
C:\Windows\Installer\MSIE0EA.tmp

Filesize
70KB

MD5
c21c03a2f0b88b9b76b1e43c6477be8b

SHA1
0bf4c242a4530b6994d5eb6d03212c668f4596c7

SHA256
65247f299c9f78c9041087df2e043e469295146645120c721629f9e048a3e378

SHA512
b678e34e2bb6b049bee1827d7b7b78c4ed6204b4ef7c23a12c43c5c0c566d9cbfd0bd177016bca79d63b1394bf0dcc1b32e98b423a2d23b5d5e3a4f05775add1

Download Submit
C:\Windows\Installer\MSIE197.tmp

Filesize
70KB

MD5
c21c03a2f0b88b9b76b1e43c6477be8b

SHA1
0bf4c242a4530b6994d5eb6d03212c668f4596c7

SHA256
65247f299c9f78c9041087df2e043e469295146645120c721629f9e048a3e378

SHA512
b678e34e2bb6b049bee1827d7b7b78c4ed6204b4ef7c23a12c43c5c0c566d9cbfd0bd177016bca79d63b1394bf0dcc1b32e98b423a2d23b5d5e3a4f05775add1

Download Submit
C:\Windows\Installer\MSIE197.tmp

Filesize
70KB

MD5
c21c03a2f0b88b9b76b1e43c6477be8b

SHA1
0bf4c242a4530b6994d5eb6d03212c668f4596c7

SHA256
65247f299c9f78c9041087df2e043e469295146645120c721629f9e048a3e378

SHA512
b678e34e2bb6b049bee1827d7b7b78c4ed6204b4ef7c23a12c43c5c0c566d9cbfd0bd177016bca79d63b1394bf0dcc1b32e98b423a2d23b5d5e3a4f05775add1

Download Submit
C:\Windows\Installer\MSIE4D5.tmp

Filesize
269KB

MD5
b755e87f91de68178bc09fc2a5b4d7f4

SHA1
662204fde395574099e661daffd6550875e10eb2

SHA256
77aede394fc1f87ad7e3dc4145be5e751e202c24abceb332c477ee7a2aa26ec9

SHA512
e1252da0ea85734325ede120063f3b415b19f6841afe09259069b82d36fb78a79de45e706dfac1b7e957e38b8cbae71a1991e8b3485fffb1cc207e16936ad23a

Download Submit
C:\Windows\Installer\MSIE4D5.tmp

Filesize
269KB

MD5
b755e87f91de68178bc09fc2a5b4d7f4

SHA1
662204fde395574099e661daffd6550875e10eb2

SHA256
77aede394fc1f87ad7e3dc4145be5e751e202c24abceb332c477ee7a2aa26ec9

SHA512
e1252da0ea85734325ede120063f3b415b19f6841afe09259069b82d36fb78a79de45e706dfac1b7e957e38b8cbae71a1991e8b3485fffb1cc207e16936ad23a

Download Submit
C:\Windows\Installer\MSIE65D.tmp

Filesize
191KB

MD5
641deb3339387c65007fd607962cc891

SHA1
3a95ff1db5c55e802b5f754435a6697871513d4d

SHA256
8f010a871683836ce1e71777173c34e50e92c2d8410c7c130774ab1f317f6f74

SHA512
3d96290450123bcc9d7fa3b748492a47f875802b62a18e7f183d90a80640b632772f9b966ea6295c2aae60919f8e8060f311fae8efd786e26b86d294deea0550

Download Submit
C:\Windows\Installer\MSIE65D.tmp

Filesize
191KB

MD5
641deb3339387c65007fd607962cc891

SHA1
3a95ff1db5c55e802b5f754435a6697871513d4d

SHA256
8f010a871683836ce1e71777173c34e50e92c2d8410c7c130774ab1f317f6f74

SHA512
3d96290450123bcc9d7fa3b748492a47f875802b62a18e7f183d90a80640b632772f9b966ea6295c2aae60919f8e8060f311fae8efd786e26b86d294deea0550

Download Submit
C:\Windows\Installer\MSIE7E4.tmp

Filesize
269KB

MD5
b755e87f91de68178bc09fc2a5b4d7f4

SHA1
662204fde395574099e661daffd6550875e10eb2

SHA256
77aede394fc1f87ad7e3dc4145be5e751e202c24abceb332c477ee7a2aa26ec9

SHA512
e1252da0ea85734325ede120063f3b415b19f6841afe09259069b82d36fb78a79de45e706dfac1b7e957e38b8cbae71a1991e8b3485fffb1cc207e16936ad23a

Download Submit
C:\Windows\Installer\MSIE7E4.tmp

Filesize
269KB

MD5
b755e87f91de68178bc09fc2a5b4d7f4

SHA1
662204fde395574099e661daffd6550875e10eb2

SHA256
77aede394fc1f87ad7e3dc4145be5e751e202c24abceb332c477ee7a2aa26ec9

SHA512
e1252da0ea85734325ede120063f3b415b19f6841afe09259069b82d36fb78a79de45e706dfac1b7e957e38b8cbae71a1991e8b3485fffb1cc207e16936ad23a

Download Submit
memory/4260-201-0x0000000003D10000-0x0000000003E10000-memory.dmp

Filesize
1024KB

Download
memory/4260-202-0x00000000043C0000-0x00000000044C0000-memory.dmp

Filesize
1024KB

Download
memory/4260-204-0x000000000068E000-0x0000000000693000-memory.dmp

Filesize
20KB

Download
memory/4260-205-0x000000000068E000-0x0000000000693000-memory.dmp

Filesize
20KB

Download
memory/4260-203-0x000000000068E000-0x0000000000693000-memory.dmp

Filesize
20KB

Download
memory/4260-206-0x000000000068E000-0x0000000000693000-memory.dmp

Filesize
20KB

Download
memory/4260-208-0x00000000043C0000-0x00000000044C0000-memory.dmp

Filesize
1024KB

Download
memory/4260-207-0x0000000003D10000-0x0000000003E10000-memory.dmp

Filesize
1024KB

Download