Analysis Overview
SHA256
1d50b5d5916f071cbb2205c9e4e164b83b37f249ad90b8d2aa3a984989331bf5
Threat Level: Likely malicious
The file genymotion-3.8.0.exe was found to be: Likely malicious.
Malicious Activity Summary
Command and Scripting Interpreter: PowerShell
Event Triggered Execution: Component Object Model Hijacking
Loads dropped DLL
Executes dropped EXE
Checks installed software on the system
Drops file in System32 directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Uses Task Scheduler COM API
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Modifies registry class
Gathers system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 14:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 14:06
Reported
2024-11-13 14:08
Platform
win7-20240903-en
Max time kernel
39s
Max time network
41s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| N/A | N/A | C:\Program Files\Genymobile\Genymotion\tools\adb.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| N/A | N/A | C:\Program Files\Genymobile\Genymotion\tools\adb.exe | N/A |
| N/A | N/A | C:\Program Files\Genymobile\Genymotion\tools\adb.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\is-3F7EA.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Dialogs\images\is-39RNQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtLocation\is-Q8SSB.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File opened for modification | C:\Program Files\Genymobile\Genymotion\QtQuick\Dialogs\dialogplugin.dll | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\is-TUBTM.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\is-0UDUR.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Extras\is-OP75Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtLocation\is-KJ511.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Material\is-500R3.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File opened for modification | C:\Program Files\Genymobile\Genymotion\Qt5SerialPort.dll | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File opened for modification | C:\Program Files\Genymobile\Genymotion\platforms\qwindows.dll | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\is-ABEB6.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\is-BLO6Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\images\is-3DSC7.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Fusion\is-GS7TV.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Material\is-6CMDD.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\is-NIJAL.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Universal\is-2GRRP.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Extras\Private\is-LTDT3.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtGraphicalEffects\is-NSM66.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\geoservices\is-CS0TF.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File opened for modification | C:\Program Files\Genymobile\Genymotion\Qt5Gui.dll | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File opened for modification | C:\Program Files\Genymobile\Genymotion\tools\AdbWinUsbApi.dll | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Private\is-DBD8Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Material\is-ETHAG.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\geoservices\is-RHRIV.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Private\is-F0C67.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\is-JTK57.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\is-F9DE1.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\images\is-V014J.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Material\is-5C59P.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Templates.2\is-86591.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Imagine\is-M2GRV.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Imagine\is-3JSMJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Imagine\is-FN9DC.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Universal\is-AKCVN.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Dialogs\is-2PUTO.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\qemu\x86_64\share\firmware\is-3CIEI.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File opened for modification | C:\Program Files\Genymobile\Genymotion\Qt5Svg.dll | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\is-TNFCQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Private\is-CKCVC.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\is-V65S0.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Fusion\is-B7JGL.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Material\is-6C6MU.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\qemu\x86_64\is-C62IP.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\qemu\x86_64\share\keymaps\is-PBHFM.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\completion\bash\is-0T0NS.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File opened for modification | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Imagine\qtquickcontrols2imaginestyleplugin.dll | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\is-F5M9O.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File opened for modification | C:\Program Files\Genymobile\Genymotion\tools\glew32.dll | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\is-ERC2D.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\qemu\x86_64\share\firmware\is-49PND.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\translations\is-16EHG.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Private\is-8FLS4.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Private\is-C95SG.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Universal\is-RJDRV.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\qemu\x86_64\is-SHBAA.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\is-CPALC.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Desktop\is-SO9A1.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Imagine\is-NITVL.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtGraphicalEffects\private\is-C111N.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\imageformats\is-FU1U5.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\geoservices\is-IFV1G.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\mediaservice\is-0TP1M.tmp | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\Genymobile\Genymotion\tools\adb.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe
"C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe"
C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp
"C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp" /SL5="$40016,105396162,1027584,C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe"
C:\Program Files\Genymobile\Genymotion\tools\adb.exe
"C:\Program Files\Genymobile\Genymotion\tools\adb.exe" kill-server
C:\Windows\system32\ie4uinit.exe
"C:\Windows\system32\ie4uinit.exe" -ClearIconCache
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:51215 | tcp | |
| N/A | 127.0.0.1:5037 | tcp |
Files
memory/1600-0-0x0000000000400000-0x0000000000508000-memory.dmp
memory/1600-2-0x0000000000401000-0x00000000004B7000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp
| MD5 | bbc7deb4d522e2a1e4f3c81c7780da40 |
| SHA1 | fd76d20db744602547690d2d979e41a8f53f59b8 |
| SHA256 | 15a2ce464f64248ecc577d083824181129412b756f5f5ffb1f82b10c26f028c2 |
| SHA512 | 690037a4d4ffae9bdcd0aed4a029a0782639b3c880fb9fc0d3362da52566f468ae295f6e0590a6feeb00bbe77244f7dc985e3caeac4dd22d189c1d24289acf36 |
memory/2108-8-0x0000000000400000-0x0000000000744000-memory.dmp
memory/2108-14-0x0000000000400000-0x0000000000744000-memory.dmp
memory/2108-15-0x0000000000400000-0x0000000000744000-memory.dmp
memory/1600-13-0x0000000000400000-0x0000000000508000-memory.dmp
\Program Files\Genymobile\Genymotion\genymotion.exe
| MD5 | 1d1af01835920a46a486f2c862b032ce |
| SHA1 | 9f0b8a16d7a6dbf35bb06f9fa763350fcb30d60f |
| SHA256 | e00da6a17f4084641cacb4aee829175c6c34f91dcdb9f96150adccc32eefcea9 |
| SHA512 | 84c16adc5fbb969e28efc0e959e4fd8c500d078b351934e04dff5591c1462b938b8c8003fce0b22bf2e8eefb0293f10645fd078cf222ce341e0331f2272de741 |
\Program Files\Genymobile\Genymotion\genyshell.exe
| MD5 | b30cddc26adeb18cdb0ebbd5bdc3516f |
| SHA1 | fda632de2daa2bf38a9f4360fa5f0580dda48493 |
| SHA256 | 4efdb7b97c1597bba5d56c1c2bd6b6e740b526f04fc74a5b49ce1dd37ea4471a |
| SHA512 | fa1f6ddc8d23d4c0f6960cbe1db43b284cb2d3d371b9c2bb10485a920fbb0a1b0cdfeca5a0457c17b8408d97fb407fe49eb06d863228327656f32bf1964aa3ab |
\Program Files\Genymobile\Genymotion\unins000.exe
| MD5 | 1ade04707d5aaab775a84a531daedaa8 |
| SHA1 | 4ff3859c2d0d9b8d13923f6817b30551585bd182 |
| SHA256 | 32b27178c91897e0f5b3b9d27fd643f5db6ceed26f1b7ac2355d35c5a0682289 |
| SHA512 | 5ca6f69547f15ead70cd27634b82f86e0f48a458c9564d20a825af3dbed746b2a1cf5ba6942be359c09b4986619360c05397635991305a4b10291f2d69b7100f |
C:\Program Files\Genymobile\Genymotion\tools\adb.exe
| MD5 | 32165a1230c62f3c12fd1969ca5be174 |
| SHA1 | e5f72adf6c446478b31a2a69ce71e05cef15814f |
| SHA256 | 2679fc07a9de652e7cb0278049ac299335c037ce4e44042469ec98d802bffbeb |
| SHA512 | 425445a08a5d835de167705bc1e38a9451134fbca62d3eb583ec4aa630fc2d278e0a9a7f4e418326a01b099f7762d8d5b28d634a498c9a616aa2f22a4253d5b4 |
\Program Files\Genymobile\Genymotion\tools\AdbWinApi.dll
| MD5 | ed5a809dc0024d83cbab4fb9933d598d |
| SHA1 | 0bc5a82327f8641d9287101e4cc7041af20bad57 |
| SHA256 | d60103a5e99bc9888f786ee916f5d6e45493c3247972cb053833803de7e95cf9 |
| SHA512 | 1fdb74ee5912fbdd2c0cba501e998349fecfbef5f4f743c7978c38996aa7e1f38e8ac750f2dc8f84b8094de3dd6fa3f983a29f290b3fa2cdbdaed691748baf17 |
C:\Program Files\Genymobile\Genymotion\tools\AdbWinUsbApi.dll
| MD5 | 0e24119daf1909e398fa1850b6112077 |
| SHA1 | 293eedadb3172e756a421790d551e407457e0a8c |
| SHA256 | 25207c506d29c4e8dceb61b4bd50e8669ba26012988a43fbf26a890b1e60fc97 |
| SHA512 | 9cbb26e555ab40b019a446337db58770b9a0c9c08316ff1e1909c4b6d99c00bd33522d05890870a91b4b581e20c7dce87488ab0d22fc3c4bbdd7e9b38f164b43 |
memory/2108-2027-0x0000000000400000-0x0000000000744000-memory.dmp
memory/2108-2037-0x0000000000400000-0x0000000000744000-memory.dmp
memory/2108-2040-0x0000000000400000-0x0000000000744000-memory.dmp
memory/1600-2041-0x0000000000400000-0x0000000000508000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-13 14:06
Reported
2024-11-13 14:09
Platform
win10v2004-20241007-en
Max time kernel
109s
Max time network
113s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| N/A | N/A | C:\Program Files\Genymobile\Genymotion\tools\adb.exe | N/A |
| N/A | N/A | C:\Program Files\Genymobile\Genymotion\genymotion.exe | N/A |
| N/A | N/A | C:\Program Files\Genymobile\Genymotion\tools\glewinfo.exe | N/A |
| N/A | N/A | C:\Program Files\Genymobile\Genymotion\genyshell.exe | N/A |
| N/A | N/A | C:\Program Files\Genymobile\Genymotion\genymotion.exe | N/A |
| N/A | N/A | C:\Program Files\Genymobile\Genymotion\tools\glewinfo.exe | N/A |
Loads dropped DLL
Checks installed software on the system
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | \??\c:\windows\system32\driverstore\filerepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\machine.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\machine.inf_amd64_b748590104fe1c15\machine.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\input.inf_amd64_adeb6424513f60a2\input.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\input.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\machine.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\machine.inf_amd64_b748590104fe1c15\machine.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\input.inf_amd64_adeb6424513f60a2\input.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\input.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\is-CU53D.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Fusion\is-2J5IP.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtGraphicalEffects\is-GD3KU.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\is-PPLVJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\qemu\x86_64\is-7B1H5.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File opened for modification | C:\Program Files\Genymobile\Genymotion\tools\glewinfo.exe | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Desktop\is-6GBGH.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Universal\is-M6D78.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Extras\Private\is-OCK6F.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\is-RK7I6.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\qemu\x86_64\share\keymaps\is-09LJ0.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\qemu\x86_64\share\keymaps\is-RRIMK.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\is-7AO9E.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\images\is-7G557.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Fusion\is-FJTPM.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Universal\is-R98K8.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Dialogs\is-VA1V9.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\qemu\x86_64\share\is-NIDIC.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File opened for modification | C:\Program Files\Genymobile\Genymotion\imageformats\qgif.dll | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File opened for modification | C:\Program Files\Genymobile\Genymotion\qemu\x86_64\qemu-system-x86_64.exe | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Private\is-KHASN.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\is-R0M6L.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Dialogs\is-4TV9J.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File opened for modification | C:\Program Files\Genymobile\Genymotion\qemu\x86_64\libfreetype-6.dll | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\completion\is-QBOPE.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File opened for modification | C:\Program Files\Genymobile\Genymotion\Qt5QuickControls2.dll | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Fusion\is-QKP76.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\is-6RII2.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Private\is-PTV3M.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Desktop\is-A6G40.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\qemu\x86_64\share\is-ALNLE.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File opened for modification | C:\Program Files\Genymobile\Genymotion\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\is-TUMKU.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Fusion\is-G9JBC.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Imagine\is-HGL4I.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Imagine\is-FQ9D9.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Universal\is-1LK9K.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtGraphicalEffects\private\is-72GSL.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File opened for modification | C:\Program Files\Genymobile\Genymotion\plugins\qemu.dll | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Imagine\is-CRO51.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Imagine\is-PH7PR.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Material\is-I021D.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Extras\is-3LT2C.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtGraphicalEffects\is-A0D9L.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtGraphicalEffects\private\is-0ESMV.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File opened for modification | C:\Program Files\Genymobile\Genymotion\Qt5Sql.dll | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Private\is-I695N.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\is-KG74Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Fusion\is-MUG4V.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\is-BFOSA.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\is-RER4F.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Fusion\is-VTDRI.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\is-4JQ1O.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Extras\Private\is-SALIF.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtGraphicalEffects\is-EM0Q1.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\qemu\x86_64\share\keymaps\is-4TN5E.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\is-K91RA.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\is-2MLTK.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Private\is-UEA0O.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\images\is-HT4Q4.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\is-53NOQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\QtPositioning\is-ELVE1.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| File created | C:\Program Files\Genymobile\Genymotion\geoservices\is-IUQMO.tmp | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\Genymobile\Genymotion\tools\glewinfo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\Genymobile\Genymotion\tools\adb.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
Gathers system information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\systeminfo.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\systeminfo.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer\ = "DxDiag.DxDiagClassObject.1" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\ProgID | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove\ = "Programmable" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\ = "DxDiagProvider Class" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1 | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\ = "DxDiagClassObject Class" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID\ = "DxDiag.DxDiagClassObject" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1 | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\ = "DxDiagProvider Class" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32 | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1 | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer\ = "DxDiag.DxDiagClassObject.1" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\SYSTEM32\\dxdiagn.dll" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\ = "DxDiagClassObject Class" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\CLSID | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7} | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\ = "DxDiagClassObject Class" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\VersionIndependentProgID | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32 | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3227495264-2217614367-4027411560-1000\{9A6DF817-1F3B-4B4E-9BAD-2FE46AEC9E70} | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\ = "DxDiagProvider Class" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\ = "DxDiagClassObject Class" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ = "DxDiagClassObject Class" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer\ = "DxDiag.DxDiagClassObject.1" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32 | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B} | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7} | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CLSID | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer\ = "DxDiag.DxDiagClassObject.1" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B} | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\SYSTEM32\\dxdiagn.dll" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\VersionIndependentProgID | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3227495264-2217614367-4027411560-1000\{156D669E-9DC7-4779-9D30-3EE009A264CD} | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\CLSID | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID\ = "DxDiag.DxDiagClassObject" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ = "DxDiagClassObject Class" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1 | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\ProgID | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}" | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32 | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Genymobile\Genymotion\genymotion.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Genymobile\Genymotion\genymotion.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
| N/A | N/A | C:\Program Files\Genymobile\Genymotion\genyshell.exe | N/A |
| N/A | N/A | C:\Program Files\Genymobile\Genymotion\genyshell.exe | N/A |
| N/A | N/A | C:\Program Files\Genymobile\Genymotion\genymotion.exe | N/A |
| N/A | N/A | C:\Program Files\Genymobile\Genymotion\genymotion.exe | N/A |
| N/A | N/A | C:\Program Files\Genymobile\Genymotion\genymotion.exe | N/A |
| N/A | N/A | C:\Program Files\Genymobile\Genymotion\genymotion.exe | N/A |
| N/A | N/A | C:\Program Files\Genymobile\Genymotion\genymotion.exe | N/A |
| N/A | N/A | C:\Program Files\Genymobile\Genymotion\genymotion.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\dxdiag.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe
"C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe"
C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp
"C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp" /SL5="$C01D6,105396162,1027584,C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe"
C:\Program Files\Genymobile\Genymotion\tools\adb.exe
"C:\Program Files\Genymobile\Genymotion\tools\adb.exe" kill-server
C:\Windows\system32\ie4uinit.exe
"C:\Windows\system32\ie4uinit.exe" -ClearIconCache
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0
C:\Program Files\Genymobile\Genymotion\genymotion.exe
"C:\Program Files\Genymobile\Genymotion\genymotion.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden -Command "Get-CimInstance -ClassName Win32_ComputerSystemProduct | Select-Object -Property UUID"
C:\Program Files\Genymobile\Genymotion\tools\glewinfo.exe
"C:\Program Files\Genymobile\Genymotion\tools\glewinfo.exe"
C:\Windows\SYSTEM32\systeminfo.exe
systeminfo
C:\Windows\SYSTEM32\route.exe
route print
C:\Windows\SYSTEM32\dxdiag.exe
dxdiag /t C:/Users/Admin/AppData/Local/Temp/genymotion-logs-tmp\dxdiag.log
C:\Windows\SYSTEM32\driverquery.exe
driverquery /FO list /v
C:\Program Files\Genymobile\Genymotion\genyshell.exe
"C:\Program Files\Genymobile\Genymotion\genyshell.exe"
C:\Program Files\Genymobile\Genymotion\genymotion.exe
"C:\Program Files\Genymobile\Genymotion\genymotion.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden -Command "Get-CimInstance -ClassName Win32_ComputerSystemProduct | Select-Object -Property UUID"
C:\Program Files\Genymobile\Genymotion\tools\glewinfo.exe
"C:\Program Files\Genymobile\Genymotion\tools\glewinfo.exe"
C:\Windows\SYSTEM32\systeminfo.exe
systeminfo
C:\Windows\SYSTEM32\route.exe
route print
C:\Windows\SYSTEM32\dxdiag.exe
dxdiag /t C:/Users/Admin/AppData/Local/Temp/genymotion-logs-tmp\dxdiag.log
C:\Windows\SYSTEM32\driverquery.exe
driverquery /FO list /v
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| N/A | 127.0.0.1:58479 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| US | 8.8.8.8:53 | www.genymotion.com | udp |
| US | 8.8.8.8:53 | cloud.genymotion.com | udp |
| US | 104.16.59.17:443 | cloud.genymotion.com | tcp |
| US | 104.16.59.17:443 | cloud.genymotion.com | tcp |
| US | 104.16.59.17:443 | cloud.genymotion.com | tcp |
| US | 8.8.8.8:53 | 17.59.16.104.in-addr.arpa | udp |
| US | 104.16.59.17:443 | cloud.genymotion.com | tcp |
| US | 8.8.8.8:53 | 101.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.eu.amplitude.com | udp |
| DE | 35.156.124.112:443 | api.eu.amplitude.com | tcp |
| US | 8.8.8.8:53 | 112.124.156.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 104.16.59.17:443 | cloud.genymotion.com | tcp |
| US | 104.16.59.17:443 | cloud.genymotion.com | tcp |
| US | 104.16.59.17:443 | cloud.genymotion.com | tcp |
| US | 104.16.59.17:443 | cloud.genymotion.com | tcp |
| US | 8.8.8.8:53 | api.eu.amplitude.com | udp |
| DE | 35.156.71.7:443 | api.eu.amplitude.com | tcp |
| US | 8.8.8.8:53 | 7.71.156.35.in-addr.arpa | udp |
Files
memory/3040-2-0x0000000000401000-0x00000000004B7000-memory.dmp
memory/3040-0-0x0000000000400000-0x0000000000508000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp
| MD5 | bbc7deb4d522e2a1e4f3c81c7780da40 |
| SHA1 | fd76d20db744602547690d2d979e41a8f53f59b8 |
| SHA256 | 15a2ce464f64248ecc577d083824181129412b756f5f5ffb1f82b10c26f028c2 |
| SHA512 | 690037a4d4ffae9bdcd0aed4a029a0782639b3c880fb9fc0d3362da52566f468ae295f6e0590a6feeb00bbe77244f7dc985e3caeac4dd22d189c1d24289acf36 |
memory/4660-6-0x0000000000400000-0x0000000000744000-memory.dmp
memory/3040-8-0x0000000000400000-0x0000000000508000-memory.dmp
memory/4660-9-0x0000000000400000-0x0000000000744000-memory.dmp
memory/4660-11-0x0000000000400000-0x0000000000744000-memory.dmp
memory/4660-1678-0x0000000000400000-0x0000000000744000-memory.dmp
C:\Program Files\Genymobile\Genymotion\tools\adb.exe
| MD5 | 32165a1230c62f3c12fd1969ca5be174 |
| SHA1 | e5f72adf6c446478b31a2a69ce71e05cef15814f |
| SHA256 | 2679fc07a9de652e7cb0278049ac299335c037ce4e44042469ec98d802bffbeb |
| SHA512 | 425445a08a5d835de167705bc1e38a9451134fbca62d3eb583ec4aa630fc2d278e0a9a7f4e418326a01b099f7762d8d5b28d634a498c9a616aa2f22a4253d5b4 |
C:\Program Files\Genymobile\Genymotion\tools\AdbWinApi.dll
| MD5 | ed5a809dc0024d83cbab4fb9933d598d |
| SHA1 | 0bc5a82327f8641d9287101e4cc7041af20bad57 |
| SHA256 | d60103a5e99bc9888f786ee916f5d6e45493c3247972cb053833803de7e95cf9 |
| SHA512 | 1fdb74ee5912fbdd2c0cba501e998349fecfbef5f4f743c7978c38996aa7e1f38e8ac750f2dc8f84b8094de3dd6fa3f983a29f290b3fa2cdbdaed691748baf17 |
C:\Program Files\Genymobile\Genymotion\tools\AdbWinUsbApi.dll
| MD5 | 0e24119daf1909e398fa1850b6112077 |
| SHA1 | 293eedadb3172e756a421790d551e407457e0a8c |
| SHA256 | 25207c506d29c4e8dceb61b4bd50e8669ba26012988a43fbf26a890b1e60fc97 |
| SHA512 | 9cbb26e555ab40b019a446337db58770b9a0c9c08316ff1e1909c4b6d99c00bd33522d05890870a91b4b581e20c7dce87488ab0d22fc3c4bbdd7e9b38f164b43 |
memory/4660-2008-0x0000000000400000-0x0000000000744000-memory.dmp
memory/3040-2009-0x0000000000400000-0x0000000000508000-memory.dmp
C:\Program Files\Genymobile\Genymotion\genymotion.exe
| MD5 | 1d1af01835920a46a486f2c862b032ce |
| SHA1 | 9f0b8a16d7a6dbf35bb06f9fa763350fcb30d60f |
| SHA256 | e00da6a17f4084641cacb4aee829175c6c34f91dcdb9f96150adccc32eefcea9 |
| SHA512 | 84c16adc5fbb969e28efc0e959e4fd8c500d078b351934e04dff5591c1462b938b8c8003fce0b22bf2e8eefb0293f10645fd078cf222ce341e0331f2272de741 |
C:\Program Files\Genymobile\Genymotion\Qt5QuickTemplates2.dll
| MD5 | 1cced7d5e9031bb6778497addc16cc1c |
| SHA1 | c62c66e3cff181a7a9ba76b72284987f9b92fbe4 |
| SHA256 | ec695324ad837956ff56394d57bbe378e8add5b637398683db457d9b088f3bf8 |
| SHA512 | c839607bf973a8342a9d1b83dde32c4af6586bf7749a46a93b00b6fbd8b0a20e63bb4c7f723f8ecaaef8fe0fbbc3fd6c3d31ff0ea8b597f024e45a7231a96452 |
C:\Program Files\Genymobile\Genymotion\platforms\qwindows.dll
| MD5 | 4931fcd0e86c4d4f83128dc74e01eaad |
| SHA1 | ac1d0242d36896d4dda53b95812f11692e87d8df |
| SHA256 | 3333ba244c97264e3bd19db5953efa80a6e47aaced9d337ac3287ec718162b85 |
| SHA512 | 0396bccda43856950afe4e7b16e0f95d4d48b87473dc90cf029e6ddfd0777e1192c307cfe424eae6fb61c1b479f0ba1ef1e4269a69c843311a37252cf817d84d |
C:\Program Files\Genymobile\Genymotion\imageformats\qwebp.dll
| MD5 | 308e4565c3c5646f9abd77885b07358e |
| SHA1 | 71cb8047a9ef0cdb3ee27428726cacd063bb95b7 |
| SHA256 | 6e37acd0d357871f92b7fde7206c904c734caa02f94544df646957df8c4987af |
| SHA512 | ffaeecfae097d5e9d1186522bd8d29c95ce48b87583624eb6d0d52bd19e36db2860a557e19f0a05847458605a9a540c2a9899d53d36a6b7fd5bf0ad86af88124 |
C:\Program Files\Genymobile\Genymotion\imageformats\qwbmp.dll
| MD5 | 68919381e3c64e956d05863339f5c68c |
| SHA1 | ce0a2ad1f1a46b61cb298cec5aa0b25ff2c12992 |
| SHA256 | 0f05969fb926a62a338782b32446ea3e28e4bfbffc0dbd25ed303fab3404abac |
| SHA512 | 6222a3818157f6bcd793291a6c0380ef8c6b93ecea2e0c9a767d9d9163461b541afaf8c6b21c5a020f01c95c6ee9b2b74b358ba18da120f520e87e24b20836aa |
C:\Program Files\Genymobile\Genymotion\Qt5Svg.dll
| MD5 | 03761f923e52a7269a6e3a7452f6be93 |
| SHA1 | 2ce53c424336bcc8047e10fa79ce9bce14059c50 |
| SHA256 | 7348cfc6444438b8845fb3f59381227325d40ca2187d463e82fc7b8e93e38db5 |
| SHA512 | de0ff8ebffc62af279e239722e6eedd0b46bc213e21d0a687572bfb92ae1a1e4219322233224ca8b7211ffef52d26cb9fe171d175d2390e3b3e6710bbda010cb |
C:\Program Files\Genymobile\Genymotion\imageformats\qsvg.dll
| MD5 | c0de135782fa0235a0ea8e97898eaf2a |
| SHA1 | fcf5fd99239bf4e0b17b128b0ebec144c7a17de2 |
| SHA256 | b3498f0a10ac4cb42cf7213db4944a34594ff36c78c50a0f249c9085d1b1ff39 |
| SHA512 | 7bd5f90ccab3cf50c55eaf14f7ef21e05d3c893fa7ac9846c6ca98d6e6d177263ac5eb8a85a34501bcfca0da7f0b6c39769726f4090fca2231ee64869b81cf0b |
C:\Program Files\Genymobile\Genymotion\imageformats\qjpeg.dll
| MD5 | 16abcceb70ba20e73858e8f1912c05cd |
| SHA1 | 4b3a32b166ab5bbbee229790fdae9cbc84f936ba |
| SHA256 | fb4e980cb5fafa8a4cd4239329aed93f7c32ed939c94b61fb2df657f3c6ad158 |
| SHA512 | 3e5c83967bf31c9b7f1720059dd51aa4338e518b076b0461541c781b076135e9cb9cbceb13a8ec9217104517fbcc356bdd3ffaca7956d1c939e43988151f6273 |
C:\Program Files\Genymobile\Genymotion\imageformats\qico.dll
| MD5 | a9abd4329ca364d4f430eddcb471be59 |
| SHA1 | c00a629419509929507a05aebb706562c837e337 |
| SHA256 | 1982a635db9652304131c9c6ff9a693e70241600d2ef22b354962aa37997de0b |
| SHA512 | 004ea8ae07c1a18b0b461a069409e4061d90401c8555dd23dbf164a08e96732f7126305134bfaf8b65b0406315f218e05b5f0f00bedb840fb993d648ce996756 |
C:\Program Files\Genymobile\Genymotion\imageformats\qicns.dll
| MD5 | ad84af4d585643ff94bfa6de672b3284 |
| SHA1 | 5d2df51028fbeb7f6b52c02add702bc3fa781e08 |
| SHA256 | f4a229a082d16f80016f366156a2b951550f1e9df6d4177323bbedd92a429909 |
| SHA512 | b68d83a4a1928eb3390deb9340cb27b8a3eb221c2e0be86211ef318b4dd34b37531ca347c73cce79a640c5b06fbd325e10f8c37e0cee2581f22abfbff5cc0d55 |
C:\Program Files\Genymobile\Genymotion\imageformats\qgif.dll
| MD5 | 52fd90e34fe8ded8e197b532bd622ef7 |
| SHA1 | 834e280e00bae48a9e509a7dc909bea3169bdce2 |
| SHA256 | 36174dd4c5f37c5f065c7a26e0ac65c4c3a41fdc0416882af856a23a5d03bb9d |
| SHA512 | ef3fb3770808b3690c11a18316b0c1c56c80198c1b1910e8aa198df8281ba4e13dc9a6179bb93a379ad849304f6bb934f23e6bbd3d258b274cc31856de0fc12b |
C:\Program Files\Genymobile\Genymotion\imageformats\qtiff.dll
| MD5 | 9c0acf12d3d25384868dcd81c787f382 |
| SHA1 | c6e877aba3fb3d2f21d86be300e753e23bb0b74e |
| SHA256 | 825174429ced6b3dab18115dbc6c9da07bf5248c86ec1bd5c0dcaeca93b4c22d |
| SHA512 | 45594fa3c5d7c4f26325927bb8d51b0b88e162e3f5e7b7f39a5d72437606383e9fdc8f83a77f814e45aff254914514ae52c1d840a6c7b98767f362ed3f4fc5bd |
C:\Program Files\Genymobile\Genymotion\imageformats\qtga.dll
| MD5 | a913276fa25d2e6fd999940454c23093 |
| SHA1 | 785b7bc7110218ec0e659c0e5ace9520aa451615 |
| SHA256 | 5b641dec81aec1cf7ac0cce9fc067bb642fbd32da138a36e3bdac3bb5b36c37a |
| SHA512 | cebe48e6e6c5cdf8fc339560751813b8de11d2471a3dab7d648df5b313d85735889d4e704e8eec0ad1084ab43be0ebdfbacd038aeac46d7a951efb3a7ce838eb |
C:\Program Files\Genymobile\Genymotion\Qt5QmlModels.dll
| MD5 | 2030c4177b499e6118be5b9e5761fce1 |
| SHA1 | 050d0e67c4aa890c80f46cf615431004f2f4f8fc |
| SHA256 | 51e4e5a5e91f78774c44f69b599fae4735277ef2918f7061778615cb5c4f6e81 |
| SHA512 | 488f7d5d9d8deee9bbb9d63dae346e46efeb62456279f388b323777999b597c2d5aea0ee379bdf94c9cbcfd3367d344fb6b5e90ac40be2ce95efa5bbdd363bcc |
C:\Program Files\Genymobile\Genymotion\libcrypto-1_1-x64.dll
| MD5 | 0eb4b12ede0999a156c6913d97cc05dc |
| SHA1 | 59b6e69f746ab01a10aedb24aac0330cf3049e6a |
| SHA256 | 1f19f957bbf0487f87076319dc906b869e765755c8d705166ce73648989f8bc8 |
| SHA512 | fe6e9a8ab34214d7127b626dcb66029ff413615d238c1be0017d3411c010f2799b4b9a0a69f8171c69673efd0ab7ec3c154b0c0ca16b9d7c95405177e23ad979 |
C:\Program Files\Genymobile\Genymotion\Qt5Sql.dll
| MD5 | ccfddf94281ffad70ee2d26bb77f8b1c |
| SHA1 | 6861a4b16ac5ab05ff594e50d8d63579dab1d969 |
| SHA256 | 9ca14f8d46c25c7c5be2ffbd070231859906204a775e8b8b3f762630efd5f721 |
| SHA512 | 4bd2d0ba6e3cef76de2a0e09d8ad1b27c8d00e55744ec25f37bef1e4e5e8723468054d1b8c719ab2318bdda342639447f138995a9be22fd8c5af71eece953bb2 |
C:\Program Files\Genymobile\Genymotion\Qt5Network.dll
| MD5 | 3569693d5bae82854de1d88f86c33184 |
| SHA1 | 1a6084acfd2aa4d32cedfb7d9023f60eb14e1771 |
| SHA256 | 4ef341ae9302e793878020f0740b09b0f31cb380408a697f75c69fdbd20fc7a1 |
| SHA512 | e5eff4a79e1bdae28a6ca0da116245a9919023560750fc4a087cdcd0ab969c2f0eeec63bbec2cd5222d6824a01dd27d2a8e6684a48202ea733f9bb2fab048b32 |
C:\Program Files\Genymobile\Genymotion\Qt5Quick.dll
| MD5 | 65f59cfc0c1c060ce20d3b9ceffbaf46 |
| SHA1 | cfd56d77506cd8c0671ca559d659dab39e4ad3c2 |
| SHA256 | c81ad3c1111544064b1830c6f1aef3c1fd13b401546ab3b852d697c0f4d854b3 |
| SHA512 | d6f6dc19f1a0495026cba765b5a2414b6af0dbfc37b5aceed1cd0ae37b3b0f574b759a176d75b01edd74c6ce9a3642d3d29a3fd7f166b53a41c8978f562b4b50 |
C:\Program Files\Genymobile\Genymotion\Qt5Qml.dll
| MD5 | d055566b5168d7b1d4e307c41ce47c4b |
| SHA1 | 043c0056e9951da79ec94a66a784972532dc18ef |
| SHA256 | 30035484c81590976627f8face9507caa8581a7dc7630cccf6a8d6de65cab707 |
| SHA512 | 4f12d17aa8a3008caa3ddd0e41d3ed713a24f9b5a465ee93b2e4beccf876d5bdf0259aa0d2dd77ad61bb59dc871f78937ffbe4d0f60638014e8ea8a27caf228d |
C:\Program Files\Genymobile\Genymotion\Qt5QuickControls2.dll
| MD5 | b073dac53f8d885d1e6149a4155a968b |
| SHA1 | e500bbd8ce06c297866827ce01c1ae70ea208b37 |
| SHA256 | 1cf23c84b82c18eddf25660576215a8fc5920c83cd5a82f20d2ef3fb6959308f |
| SHA512 | ff45e57dfb053c09968f9fd99ddb1754d53d5a6bb446ca2e1a737b81a944c199754fad0328ac92c2df2ee76b4dd5ed238f60193426c02b8c9a241d2206837298 |
C:\Program Files\Genymobile\Genymotion\Qt5Gui.dll
| MD5 | 47307a1e2e9987ab422f09771d590ff1 |
| SHA1 | 0dfc3a947e56c749a75f921f4a850a3dcbf04248 |
| SHA256 | 5e7d2d41b8b92a880e83b8cc0ca173f5da61218604186196787ee1600956be1e |
| SHA512 | 21b1c133334c7ca7bbbe4f00a689c580ff80005749da1aa453cceb293f1ad99f459ca954f54e93b249d406aea038ad3d44d667899b73014f884afdbd9c461c14 |
C:\Program Files\Genymobile\Genymotion\Qt5Widgets.dll
| MD5 | 4cd1f8fdcd617932db131c3688845ea8 |
| SHA1 | b090ed884b07d2d98747141aefd25590b8b254f9 |
| SHA256 | 3788c669d4b645e5a576de9fc77fca776bf516d43c89143dc2ca28291ba14358 |
| SHA512 | 7d47d2661bf8fac937f0d168036652b7cfe0d749b571d9773a5446c512c58ee6bb081fec817181a90f4543ebc2367c7f8881ff7f80908aa48a7f6bb261f1d199 |
C:\Program Files\Genymobile\Genymotion\Qt5Core.dll
| MD5 | 817520432a42efa345b2d97f5c24510e |
| SHA1 | fea7b9c61569d7e76af5effd726b7ff6147961e5 |
| SHA256 | 8d2ff4ce9096ddccc4f4cd62c2e41fc854cfd1b0d6e8d296645a7f5fd4ae565a |
| SHA512 | 8673b26ec5421fce8e23adf720de5690673bb4ce6116cb44ebcc61bbbef12c0ad286dfd675edbed5d8d000efd7609c81aae4533180cf4ec9cd5316e7028f7441 |
C:\Program Files\Genymobile\Genymotion\libssl-1_1-x64.dll
| MD5 | fcef29efc6a4d8dea8719faf7288ad8c |
| SHA1 | 79bb251bebfa231207bcf5a27b7e523b579b0263 |
| SHA256 | eb15d6b5618296f3b0eba9499b4cee8aaa2f3222cca44f776f0acaaf50527cb3 |
| SHA512 | e25f5edbf8a0bc85f8b1fb1e5be7613c42c4e97c1cecd2771a3a59377eaad6a6dba4f4c9450467e6fcfbff98e056573591685f38928518762d54b4710f9af4ab |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wcasp1ag.bqc.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1356-2034-0x00000113BCBF0000-0x00000113BCC12000-memory.dmp
memory/1356-2044-0x00000113BCF80000-0x00000113BCFAA000-memory.dmp
memory/1356-2045-0x00000113BCF80000-0x00000113BCFA4000-memory.dmp
C:\Program Files\Genymobile\Genymotion\sqldrivers\qsqlite.dll
| MD5 | 24e3288942a9ed3ed046e9dfdc3e7ccb |
| SHA1 | 2bb7ba646ede4ad09d11e7cdbb241b3da4603327 |
| SHA256 | 0776ca618fc81aaee6c27a185df05b28e4571381c613adbff92e12ec3e6c1d17 |
| SHA512 | b2124261f882a7b140e95ce9d4c84c961d44b6647c8b20fdbdf71057671cdd41e4f4d0d348dc9b84516822a72a79a575e9ef3f92258aee1dca2703c652f3a600 |
C:\Program Files\Genymobile\Genymotion\libGLESv2.dll
| MD5 | 2247ee4356666335df7d72129af8d600 |
| SHA1 | f0131c1a67fc17c0e8dcc4a4ca38c9f1780e7182 |
| SHA256 | 50fad5605b3d57627848b3b84a744dfb6a045609b8236b04124f2234676758d8 |
| SHA512 | 67f2a7bf169c7b9a516689cf1b16446ca50e57f099b9b742ccb1abb2dcde8867f8f6305ad8842cd96194687fc314715ae04c1942b0e0a4f51b592b028c5b16d3 |
C:\Program Files\Genymobile\Genymotion\libEGL.dll
| MD5 | bb00ef1dd81296af10fdfa673b4d1397 |
| SHA1 | 773ffcf4a231b963baac36cbef68079c09b62837 |
| SHA256 | 32092de077fd57b6ef355705ec46c6d21f6d72fbe3d3a5dd628f2a29185a96fa |
| SHA512 | c87c0868c04852b63a7399afe4e568cd9a65b7b7d5fd63030abea649aac5e9f2293ab5be2b2ce56a57f2b4b1992ae730150a293ada53637fc5cd7be0a727cbd4 |
C:\Program Files\Genymobile\Genymotion\Qt5QmlWorkerScript.dll
| MD5 | 6aeb9d49571b53ae417ced788e6b42fd |
| SHA1 | 009a7bdb7d31170ee6d59be470e0b4e47ae75e0a |
| SHA256 | 016ef2a37c5a84de027b112ae1b65d974648ef6ae072beffec119c1a7036ea5e |
| SHA512 | 9b8cc61d246a025d4f622d4f1b834b15d3c4f597960c3f455ebe3c9a2e3095de6b485572deb99b8e279a4b3f4cea86254e205c5b46681678a8355b5919a1cf02 |
C:\Program Files\Genymobile\Genymotion\QtQuick.2\qtquick2plugin.dll
| MD5 | f2d65eec94486d58956811607d6e0a44 |
| SHA1 | 3b50806bb2e255a5931907c37e9136e4f6024c93 |
| SHA256 | e70f734803ae75acbcf2c6d21fe8dc3a0fd745113c543f5b930230949472ec02 |
| SHA512 | 85fb0f8ff8a336e15e2438ebb8c6b068c72fb875491bafabe4ea0b10697a7318dcbdea9d5acf5553d6932e49447f59910d50b9066720444a947dcbca4a2f3caa |
C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\qtquickcontrols2plugin.dll
| MD5 | 5039ba7eda325bfa357125870c13111e |
| SHA1 | 81bb79aae0ddab90f4e6302f24e3ff7bc53a9bdf |
| SHA256 | 26f10ca8d9446d75d0a73b231404b65919151093be6af3ea2da4697ed3c155f9 |
| SHA512 | 07f2eefb58ac731162d42b33dc5c38765dec7eef7591779f6aa6b72cb0765b063ec44c9dfad1b4ec437bbbb9b533247cc73f4db2f21cfd059009bc2dcc6736da |
C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Material\qtquickcontrols2materialstyleplugin.dll
| MD5 | b7d862f5f15e86b73c670913684fa8e4 |
| SHA1 | 8266952e8e14d04b5e710563935791d1dd90a2ae |
| SHA256 | 2eabb8e5f3b57e42c6f29db645edc4bac17910b1ac0d8d0083c66b152f8878b8 |
| SHA512 | e68e6298f557cb92eb2aaa9d334621eb1b29ab1186a4f25e22f28667b5ebc4732639827c5ce136360525f0ee300ff37ed424dd311626af3fd5c36710fbf0ff23 |
C:\Program Files\Genymobile\Genymotion\QtQuick\Window.2\windowplugin.dll
| MD5 | c49831569882e926856e02e62cd5ee87 |
| SHA1 | f1a75f9cad6860d55341f7c05d1c87cdf7dad0fa |
| SHA256 | 9aff9f92ba9624dba025725a0385792f412b607d24b1bb2829f0ce4702a0a228 |
| SHA512 | 5182033979d40ebaf1703c9f15eb2e093fa2117ddc82caef38c2d275312eb163697ec827f12e72b73af47ecfb20f6bda662c2b7b5803313ea1b2d68c0422aad3 |
C:\Program Files\Genymobile\Genymotion\Qt\labs\platform\qtlabsplatformplugin.dll
| MD5 | 6bd698becdab8ac4504f920849243d8f |
| SHA1 | 3429b36053287399d4ea95ed58523080351f25db |
| SHA256 | 4d2f5ae5103c1072e36546222eccb8efe2698c886e12b0161e479327a531a2c1 |
| SHA512 | 2df753a41cad7dee0468f27316ae2c8d9ac7545a2cc715850484e0e0048e95ceb30750dba11d7635ece77764621ccf035df65587e138b9e882b7898f236d8d40 |
C:\Program Files\Genymobile\Genymotion\Qt\labs\settings\qmlsettingsplugin.dll
| MD5 | 80411405b9fe2aac7b15ca5ffc65c391 |
| SHA1 | 7bc2d461e7648960ab02acac47d79fc99748c27c |
| SHA256 | ab2bae83e88595ffdab5025bcc7af7724822ca363e9d26ebe2d294cf7e5cd342 |
| SHA512 | 92f41bb5e6fd6b5434dd050129b0ba426307dd1646a7cf9537a860e47dcb58a9085a6310a12b0f3c789f8f3f63d7b1fe3f49ac4fda879bee1190a3ea86ab514d |
C:\Program Files\Genymobile\Genymotion\QtQuick\Layouts\qquicklayoutsplugin.dll
| MD5 | bf107e9a7299175994089a6005464e4f |
| SHA1 | 7c924c325ec1988aacde7b9a08099e3660354d09 |
| SHA256 | 9357fc000d782e8ad2eaf79c8dfa2eb58678348ec0830a09070724a0eee6db53 |
| SHA512 | 775af0c18fd4c1853ecac14d7a07c05aace9b2d1b0f9939797e0e6ba0ffaf13349418fa4a84eaaf16f87fbac1c093cf70cdae4af421fc72f2d4a80442a4bd27f |
C:\Program Files\Genymobile\Genymotion\QtQuick\Dialogs\dialogplugin.dll
| MD5 | f6b0c744d24762818b0950d61fbe0c45 |
| SHA1 | 9560528bb2d338c2788510e1110e6a46b39a2211 |
| SHA256 | 0c9efdc3b001d629b3f140cf801755393f925de13851a9727d1e157b8642e701 |
| SHA512 | c8b8fac049cda98d5dc5e1be421a410dcc802cd5a9dfe72eccf2398ae166bdbe2d51e8520b267b5b0f99cdc8ce84b80d484001e34719e197eeaaa377d75f77a7 |
C:\Program Files\Genymobile\Genymotion\QtQuick\Templates.2\qtquicktemplates2plugin.dll
| MD5 | a6267964565761ac4696708397ad6be5 |
| SHA1 | 69c004ef79d406868b305ff33a35c6c73694c344 |
| SHA256 | ee8572e9934bed6dcd01a667aecaa0b2e1a28419573559607f499bf6bb7779a9 |
| SHA512 | 1770aacd19742e9e85ddc1d616353c25f4defa3e311df95a3eaf022f7170ae3f9b50711c3f354cdca89014a765f45cd3c91d982dc3b92f03bc1d4c15342bd271 |
C:\Program Files\Genymobile\Genymotion\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
| MD5 | 1b8e5738f9fd2955b9c82f8ff74bb5a1 |
| SHA1 | cae992713ef5073653a1ba2ab57629f4a7860834 |
| SHA256 | 701b009e82b18eaaf44656852160d9b6584ce3eed90da8ec532454707755a1f6 |
| SHA512 | 853282f0ecc9a73645a189e4a0a519e57a09cbc81f66761df1e7a6cf749b7676db8c9e5f58a1517393f52d455637e79f651ea3e490260a4665d0943f69ebb574 |
C:\Program Files\Genymobile\Genymotion\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
| MD5 | 9661a90b134aeb0b551c296d3fc88753 |
| SHA1 | f61313dde19b6d385459ace926dd028f9f7abe50 |
| SHA256 | 9faa62a83cc032b913cd5480df5fe0ce39cf39bd2cf4064b27d8535f29617281 |
| SHA512 | 2871eb5bcc450d13e7de6a5c30e95803a1a80f40aadd9704f61356ba7adef61f2d60e72323056defde81f063852ea0502d246fcf4724a7b456f3a82486d8354a |
C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\qtquickcontrolsplugin.dll
| MD5 | dcfff1747bb8e7a2c6497df0a4e5ee8e |
| SHA1 | 8bad65cc7dcf4c4b9ec0473f22d251e8661d140e |
| SHA256 | 2ec497ac8ac4814ed4cee6bf7daeb15a6def7857dcec6bf290446b125acd5ac1 |
| SHA512 | 10ac1d163900fb03d7b8b11d45113e5a326b653775b5275ea92c35359b17e7f8cad6636baad77c1f660e7439b6262ed6147b6a167e6fb915e890da9af9317749 |
C:\Program Files\Genymobile\Genymotion\QtQuick\Dialogs\Private\dialogsprivateplugin.dll
| MD5 | de05a20cdd9e1ed8c0fccc8a0737fe1c |
| SHA1 | 56f0687b132bbde9fd9ad1ce11f4f85e7385dd7d |
| SHA256 | abceab15bebe79bd6e53b2dce71190bef7c0eaa0bb9b575ed6eef15eba9b417a |
| SHA512 | 30f70e65866a5b9572684d5548feb907b1c376aa0db30d1ffdae24250bded0dffc7fcaa6827320f892225ddf230968651c925ac24864473fc3cc9e67d803b40f |
C:\Program Files\Genymobile\Genymotion\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
| MD5 | 1d6bc68cfda1c2131464b64452c95443 |
| SHA1 | 94e81e0801ce11a17a33b0da11feed86db775579 |
| SHA256 | 6a82375574b44737ecff678fb061fafaae2c4188561097d6d88460d2648510b3 |
| SHA512 | 2dc5ee91001c1c00ba5ebee6ef731a5dac3d93baa78ad5d87f690bfa1393e50291a5e927de1b8b09d550cfb35d8fa9cd6435ec24dae01045176f8d1b1f9b5763 |
C:\Program Files\Genymobile\Genymotion\QtQuick\PrivateWidgets\widgetsplugin.dll
| MD5 | 735f7910b0e5fcfd2573e249c9ee879e |
| SHA1 | d57836f276638a2caa43df96d78ff80668fb2af5 |
| SHA256 | e6efcb6d1506e99f30a81f892ac7b72b36392efe2a6e3a81199600cfeadeab3e |
| SHA512 | 247b95671a307079f29f332e2af7179d075f286597a6b074e760b26e24c2105af5db990e8d8c7c2b78694964e90a5e7aa15f12a983ebbdb2f0477cfa5e39fb31 |
C:\Program Files\Genymobile\Genymotion\plugins\vboxmanage.dll
| MD5 | f2986ac19a9572c69eaafb3fb0f80f88 |
| SHA1 | ca764f80b1eddd09c589a5c963cd4184991654ed |
| SHA256 | d9aa4ed0e9d5758be24a19b09924033e95f8fb8e0ce97f76fbe3fc7dfd3c9210 |
| SHA512 | c404f972642a3aaa329458247e384d5349831f73f88a38afe41cd1925a1c51e68b356d7caaa5b4e4c8b27fe5777630fb9afd2083f2e898274a2bc77fd893f67c |
C:\Program Files\Genymobile\Genymotion\tools\glewinfo.exe
| MD5 | da6b636b47d133e75e86970af996cf80 |
| SHA1 | 552da8347c5142442ed1520d1b99c4ab4f40baf6 |
| SHA256 | f21bb25c3624ef8e2ca3a23c80b39801432b731bfc65c2627652e31c7c730b46 |
| SHA512 | 726b73d694f9217163f1b56220d2a0791ca9e05d318ef6d12275c0de998381c60c95b4def254a1a398c6e70d9a20edc115465b8c1887886a48908bc672f3af2a |
memory/1424-2071-0x00000237AEEE0000-0x00000237AEEE1000-memory.dmp
memory/1424-2073-0x00000237AEEE0000-0x00000237AEEE1000-memory.dmp
memory/1424-2072-0x00000237AEEE0000-0x00000237AEEE1000-memory.dmp
memory/1424-2083-0x00000237AEEE0000-0x00000237AEEE1000-memory.dmp
memory/1424-2082-0x00000237AEEE0000-0x00000237AEEE1000-memory.dmp
memory/1424-2081-0x00000237AEEE0000-0x00000237AEEE1000-memory.dmp
memory/1424-2080-0x00000237AEEE0000-0x00000237AEEE1000-memory.dmp
memory/1424-2079-0x00000237AEEE0000-0x00000237AEEE1000-memory.dmp
memory/1424-2078-0x00000237AEEE0000-0x00000237AEEE1000-memory.dmp
memory/1424-2077-0x00000237AEEE0000-0x00000237AEEE1000-memory.dmp
memory/1424-2098-0x00000237AF750000-0x00000237AF796000-memory.dmp
C:\Program Files\Genymobile\Genymotion\genyshell.exe
| MD5 | b30cddc26adeb18cdb0ebbd5bdc3516f |
| SHA1 | fda632de2daa2bf38a9f4360fa5f0580dda48493 |
| SHA256 | 4efdb7b97c1597bba5d56c1c2bd6b6e740b526f04fc74a5b49ce1dd37ea4471a |
| SHA512 | fa1f6ddc8d23d4c0f6960cbe1db43b284cb2d3d371b9c2bb10485a920fbb0a1b0cdfeca5a0457c17b8408d97fb407fe49eb06d863228327656f32bf1964aa3ab |
C:\Program Files\Genymobile\Genymotion\com.dll
| MD5 | fb44a66f1efde4138b55553cbdacd999 |
| SHA1 | 10f13621f047c94710aa6e4a2e3822638f6711f4 |
| SHA256 | 25dc0428e10664d9517f9ada2c18222484de93f2a07ad245eccf1f15f4a9d96e |
| SHA512 | 66fcee9f5fc52e5d17c91b37921acb3aed8cc5db820a8ccec3ebe6a1e855a1d9d85861d5f7f516fd13a65f84c0ec63fc32d72c6f91c0657e96c5ff4bd6d00e8d |
C:\Program Files\Genymobile\Genymotion\hiredis.dll
| MD5 | e65d97e83161cc9468d8b6fc3fa82d44 |
| SHA1 | 724a7bdab7ac1c1a2ca0ec3f9aa1a255dbe3aa4a |
| SHA256 | 6efecf2a319f6fe5d8a2c2915b9747888d535b1a11061ce220d2302f7dc23700 |
| SHA512 | cedf852ef3965e19402505364d333b74c43c88339d4712122fdc5bb34b10ebb2e43a629609ae8c6699b9a25637b3c02402936b088f1b44b0a6b95a5186661146 |
C:\Users\Admin\AppData\Local\Genymobile\Genymotion\settings.json
| MD5 | 7dc0e44358bc244d3f86ba8b52fd05f1 |
| SHA1 | c2b3f8ed8ca7ec16f9630bb2ba3fca459b46e29c |
| SHA256 | 357b773adf171d213939a2d0cfb8863997b3986fcafffd24cc527e154eaed442 |
| SHA512 | e9886a0d1afce19c55ee02c8fc3be407885359d3ca4aa61a03ab4ef3a530592185555723d8cc519824e2e69546d68d33cabd0cc7149e3cc77d45d34cecd7952c |
memory/800-2128-0x00007FF918630000-0x00007FF918B71000-memory.dmp
memory/800-2129-0x00007FF9161E0000-0x00007FF9165D8000-memory.dmp
memory/800-2131-0x000001CFC81D0000-0x000001CFC8610000-memory.dmp
memory/800-2132-0x000001CFC8610000-0x000001CFC8810000-memory.dmp
memory/800-2163-0x000001CFCD190000-0x000001CFCD191000-memory.dmp
memory/800-2165-0x000001CFCD1B0000-0x000001CFCD1B1000-memory.dmp
memory/800-2166-0x000001CFCD1B0000-0x000001CFCD1B1000-memory.dmp
memory/800-2167-0x000001CFCD1B0000-0x000001CFCD1B1000-memory.dmp
memory/800-2168-0x000001CFCD1B0000-0x000001CFCD1B1000-memory.dmp
memory/2500-2199-0x00000213DF670000-0x00000213DF671000-memory.dmp
memory/2500-2198-0x00000213DF670000-0x00000213DF671000-memory.dmp
memory/2500-2197-0x00000213DF670000-0x00000213DF671000-memory.dmp
memory/2500-2201-0x00000213DF670000-0x00000213DF671000-memory.dmp
memory/2500-2206-0x00000213DF670000-0x00000213DF671000-memory.dmp
memory/2500-2205-0x00000213DF670000-0x00000213DF671000-memory.dmp
memory/2500-2204-0x00000213DF670000-0x00000213DF671000-memory.dmp
memory/2500-2203-0x00000213DF670000-0x00000213DF671000-memory.dmp
memory/2500-2202-0x00000213DF670000-0x00000213DF671000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\genymotion-logs-tmp\general-genymotion.log
| MD5 | 558797addc990945d5b2751f2970b929 |
| SHA1 | 2a9e7b027b03b415771b21d3752c6f1833a6b042 |
| SHA256 | 9dc03361ed587c214dfadd132d1596fc37cf86fba529c82272ca566cde7bbdd6 |
| SHA512 | 643e64fb4b0995fe39860ba5762dd3343880c908193cab2e57bb82c72c9b828272f21767576fb30a68c3f6054cb7640b5e7384b467bd180f622616bd7682fc7e |
C:\Users\Admin\genymotion-logs-20241113-140906.zip
| MD5 | 28f203038c2072a15dc99df3e5e48578 |
| SHA1 | 7e9a3472c653f7bc4f718e7b1b01728dd60dc9af |
| SHA256 | cec9dcf8be26ac428d442051ab32e0a957650544631252ad6240966088a33fb8 |
| SHA512 | 8cd789656d650be46f2a5b77774e78096e241acceeff4fabbf5ec3667fbdd27344575c29d5127b4d5f5d12815a033f20e99a2c4bd6a0bd959034903f44da3309 |