Malware Analysis Report

2024-12-07 16:02

Sample ID 241113-rex1kstane
Target genymotion-3.8.0.exe
SHA256 1d50b5d5916f071cbb2205c9e4e164b83b37f249ad90b8d2aa3a984989331bf5
Tags
discovery execution persistence privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

1d50b5d5916f071cbb2205c9e4e164b83b37f249ad90b8d2aa3a984989331bf5

Threat Level: Likely malicious

The file genymotion-3.8.0.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery execution persistence privilege_escalation

Command and Scripting Interpreter: PowerShell

Event Triggered Execution: Component Object Model Hijacking

Loads dropped DLL

Executes dropped EXE

Checks installed software on the system

Drops file in System32 directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Uses Task Scheduler COM API

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Modifies registry class

Gathers system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 14:07

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 14:06

Reported

2024-11-13 14:08

Platform

win7-20240903-en

Max time kernel

39s

Max time network

41s

Command Line

"C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe"

Signatures

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\is-3F7EA.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Dialogs\images\is-39RNQ.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtLocation\is-Q8SSB.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File opened for modification C:\Program Files\Genymobile\Genymotion\QtQuick\Dialogs\dialogplugin.dll C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\is-TUBTM.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\is-0UDUR.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Extras\is-OP75Q.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtLocation\is-KJ511.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Material\is-500R3.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File opened for modification C:\Program Files\Genymobile\Genymotion\Qt5SerialPort.dll C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File opened for modification C:\Program Files\Genymobile\Genymotion\platforms\qwindows.dll C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\is-ABEB6.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\is-BLO6Q.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\images\is-3DSC7.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Fusion\is-GS7TV.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Material\is-6CMDD.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\is-NIJAL.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Universal\is-2GRRP.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Extras\Private\is-LTDT3.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtGraphicalEffects\is-NSM66.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\geoservices\is-CS0TF.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File opened for modification C:\Program Files\Genymobile\Genymotion\Qt5Gui.dll C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File opened for modification C:\Program Files\Genymobile\Genymotion\tools\AdbWinUsbApi.dll C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Private\is-DBD8Q.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Material\is-ETHAG.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\geoservices\is-RHRIV.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Private\is-F0C67.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\is-JTK57.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\is-F9DE1.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\images\is-V014J.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Material\is-5C59P.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Templates.2\is-86591.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Imagine\is-M2GRV.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Imagine\is-3JSMJ.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Imagine\is-FN9DC.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Universal\is-AKCVN.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Dialogs\is-2PUTO.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\qemu\x86_64\share\firmware\is-3CIEI.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File opened for modification C:\Program Files\Genymobile\Genymotion\Qt5Svg.dll C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\is-TNFCQ.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Private\is-CKCVC.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\is-V65S0.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Fusion\is-B7JGL.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Material\is-6C6MU.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\qemu\x86_64\is-C62IP.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\qemu\x86_64\share\keymaps\is-PBHFM.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\completion\bash\is-0T0NS.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File opened for modification C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Imagine\qtquickcontrols2imaginestyleplugin.dll C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\is-F5M9O.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File opened for modification C:\Program Files\Genymobile\Genymotion\tools\glew32.dll C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\is-ERC2D.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\qemu\x86_64\share\firmware\is-49PND.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\translations\is-16EHG.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Private\is-8FLS4.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Private\is-C95SG.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Universal\is-RJDRV.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\qemu\x86_64\is-SHBAA.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\is-CPALC.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Desktop\is-SO9A1.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Imagine\is-NITVL.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtGraphicalEffects\private\is-C111N.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\imageformats\is-FU1U5.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\geoservices\is-IFV1G.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\mediaservice\is-0TP1M.tmp C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files\Genymobile\Genymotion\tools\adb.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1600 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp
PID 1600 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp
PID 1600 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp
PID 1600 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp
PID 1600 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp
PID 1600 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp
PID 1600 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp
PID 2108 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp C:\Program Files\Genymobile\Genymotion\tools\adb.exe
PID 2108 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp C:\Program Files\Genymobile\Genymotion\tools\adb.exe
PID 2108 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp C:\Program Files\Genymobile\Genymotion\tools\adb.exe
PID 2108 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp C:\Program Files\Genymobile\Genymotion\tools\adb.exe
PID 2108 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp C:\Windows\system32\ie4uinit.exe
PID 2108 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp C:\Windows\system32\ie4uinit.exe
PID 2108 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp C:\Windows\system32\ie4uinit.exe
PID 2108 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp C:\Windows\system32\ie4uinit.exe

Processes

C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe

"C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe"

C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp

"C:\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp" /SL5="$40016,105396162,1027584,C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe"

C:\Program Files\Genymobile\Genymotion\tools\adb.exe

"C:\Program Files\Genymobile\Genymotion\tools\adb.exe" kill-server

C:\Windows\system32\ie4uinit.exe

"C:\Windows\system32\ie4uinit.exe" -ClearIconCache

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x1

Network

Country Destination Domain Proto
N/A 127.0.0.1:51215 tcp
N/A 127.0.0.1:5037 tcp

Files

memory/1600-0-0x0000000000400000-0x0000000000508000-memory.dmp

memory/1600-2-0x0000000000401000-0x00000000004B7000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-LMAMD.tmp\genymotion-3.8.0.tmp

MD5 bbc7deb4d522e2a1e4f3c81c7780da40
SHA1 fd76d20db744602547690d2d979e41a8f53f59b8
SHA256 15a2ce464f64248ecc577d083824181129412b756f5f5ffb1f82b10c26f028c2
SHA512 690037a4d4ffae9bdcd0aed4a029a0782639b3c880fb9fc0d3362da52566f468ae295f6e0590a6feeb00bbe77244f7dc985e3caeac4dd22d189c1d24289acf36

memory/2108-8-0x0000000000400000-0x0000000000744000-memory.dmp

memory/2108-14-0x0000000000400000-0x0000000000744000-memory.dmp

memory/2108-15-0x0000000000400000-0x0000000000744000-memory.dmp

memory/1600-13-0x0000000000400000-0x0000000000508000-memory.dmp

\Program Files\Genymobile\Genymotion\genymotion.exe

MD5 1d1af01835920a46a486f2c862b032ce
SHA1 9f0b8a16d7a6dbf35bb06f9fa763350fcb30d60f
SHA256 e00da6a17f4084641cacb4aee829175c6c34f91dcdb9f96150adccc32eefcea9
SHA512 84c16adc5fbb969e28efc0e959e4fd8c500d078b351934e04dff5591c1462b938b8c8003fce0b22bf2e8eefb0293f10645fd078cf222ce341e0331f2272de741

\Program Files\Genymobile\Genymotion\genyshell.exe

MD5 b30cddc26adeb18cdb0ebbd5bdc3516f
SHA1 fda632de2daa2bf38a9f4360fa5f0580dda48493
SHA256 4efdb7b97c1597bba5d56c1c2bd6b6e740b526f04fc74a5b49ce1dd37ea4471a
SHA512 fa1f6ddc8d23d4c0f6960cbe1db43b284cb2d3d371b9c2bb10485a920fbb0a1b0cdfeca5a0457c17b8408d97fb407fe49eb06d863228327656f32bf1964aa3ab

\Program Files\Genymobile\Genymotion\unins000.exe

MD5 1ade04707d5aaab775a84a531daedaa8
SHA1 4ff3859c2d0d9b8d13923f6817b30551585bd182
SHA256 32b27178c91897e0f5b3b9d27fd643f5db6ceed26f1b7ac2355d35c5a0682289
SHA512 5ca6f69547f15ead70cd27634b82f86e0f48a458c9564d20a825af3dbed746b2a1cf5ba6942be359c09b4986619360c05397635991305a4b10291f2d69b7100f

C:\Program Files\Genymobile\Genymotion\tools\adb.exe

MD5 32165a1230c62f3c12fd1969ca5be174
SHA1 e5f72adf6c446478b31a2a69ce71e05cef15814f
SHA256 2679fc07a9de652e7cb0278049ac299335c037ce4e44042469ec98d802bffbeb
SHA512 425445a08a5d835de167705bc1e38a9451134fbca62d3eb583ec4aa630fc2d278e0a9a7f4e418326a01b099f7762d8d5b28d634a498c9a616aa2f22a4253d5b4

\Program Files\Genymobile\Genymotion\tools\AdbWinApi.dll

MD5 ed5a809dc0024d83cbab4fb9933d598d
SHA1 0bc5a82327f8641d9287101e4cc7041af20bad57
SHA256 d60103a5e99bc9888f786ee916f5d6e45493c3247972cb053833803de7e95cf9
SHA512 1fdb74ee5912fbdd2c0cba501e998349fecfbef5f4f743c7978c38996aa7e1f38e8ac750f2dc8f84b8094de3dd6fa3f983a29f290b3fa2cdbdaed691748baf17

C:\Program Files\Genymobile\Genymotion\tools\AdbWinUsbApi.dll

MD5 0e24119daf1909e398fa1850b6112077
SHA1 293eedadb3172e756a421790d551e407457e0a8c
SHA256 25207c506d29c4e8dceb61b4bd50e8669ba26012988a43fbf26a890b1e60fc97
SHA512 9cbb26e555ab40b019a446337db58770b9a0c9c08316ff1e1909c4b6d99c00bd33522d05890870a91b4b581e20c7dce87488ab0d22fc3c4bbdd7e9b38f164b43

memory/2108-2027-0x0000000000400000-0x0000000000744000-memory.dmp

memory/2108-2037-0x0000000000400000-0x0000000000744000-memory.dmp

memory/2108-2040-0x0000000000400000-0x0000000000744000-memory.dmp

memory/1600-2041-0x0000000000400000-0x0000000000508000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 14:06

Reported

2024-11-13 14:09

Platform

win10v2004-20241007-en

Max time kernel

109s

Max time network

113s

Command Line

"C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe"

Signatures

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\Genymobile\Genymotion\tools\adb.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\tools\adb.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genyshell.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genyshell.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genyshell.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genyshell.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genyshell.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genyshell.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genyshell.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File created \??\c:\windows\system32\driverstore\filerepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\machine.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\machine.inf_amd64_b748590104fe1c15\machine.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\input.inf_amd64_adeb6424513f60a2\input.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\input.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\machine.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\machine.inf_amd64_b748590104fe1c15\machine.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\input.inf_amd64_adeb6424513f60a2\input.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\input.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF C:\Windows\SYSTEM32\dxdiag.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\is-CU53D.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Fusion\is-2J5IP.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtGraphicalEffects\is-GD3KU.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\is-PPLVJ.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\qemu\x86_64\is-7B1H5.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File opened for modification C:\Program Files\Genymobile\Genymotion\tools\glewinfo.exe C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Desktop\is-6GBGH.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Universal\is-M6D78.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Extras\Private\is-OCK6F.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\is-RK7I6.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\qemu\x86_64\share\keymaps\is-09LJ0.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\qemu\x86_64\share\keymaps\is-RRIMK.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\is-7AO9E.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\images\is-7G557.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Fusion\is-FJTPM.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Universal\is-R98K8.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Dialogs\is-VA1V9.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\qemu\x86_64\share\is-NIDIC.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File opened for modification C:\Program Files\Genymobile\Genymotion\imageformats\qgif.dll C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File opened for modification C:\Program Files\Genymobile\Genymotion\qemu\x86_64\qemu-system-x86_64.exe C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Private\is-KHASN.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\is-R0M6L.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Dialogs\is-4TV9J.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File opened for modification C:\Program Files\Genymobile\Genymotion\qemu\x86_64\libfreetype-6.dll C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\completion\is-QBOPE.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File opened for modification C:\Program Files\Genymobile\Genymotion\Qt5QuickControls2.dll C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Fusion\is-QKP76.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\is-6RII2.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Private\is-PTV3M.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Desktop\is-A6G40.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\qemu\x86_64\share\is-ALNLE.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File opened for modification C:\Program Files\Genymobile\Genymotion\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\is-TUMKU.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Fusion\is-G9JBC.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Imagine\is-HGL4I.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Imagine\is-FQ9D9.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Universal\is-1LK9K.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtGraphicalEffects\private\is-72GSL.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File opened for modification C:\Program Files\Genymobile\Genymotion\plugins\qemu.dll C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Imagine\is-CRO51.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Imagine\is-PH7PR.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Material\is-I021D.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Extras\is-3LT2C.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtGraphicalEffects\is-A0D9L.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtGraphicalEffects\private\is-0ESMV.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File opened for modification C:\Program Files\Genymobile\Genymotion\Qt5Sql.dll C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Private\is-I695N.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\is-KG74Q.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Fusion\is-MUG4V.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\is-BFOSA.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\is-RER4F.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Fusion\is-VTDRI.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\is-4JQ1O.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Extras\Private\is-SALIF.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtGraphicalEffects\is-EM0Q1.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\qemu\x86_64\share\keymaps\is-4TN5E.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\is-K91RA.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\is-2MLTK.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Private\is-UEA0O.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\Styles\Base\images\is-HT4Q4.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\is-53NOQ.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\QtPositioning\is-ELVE1.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
File created C:\Program Files\Genymobile\Genymotion\geoservices\is-IUQMO.tmp C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files\Genymobile\Genymotion\tools\glewinfo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files\Genymobile\Genymotion\tools\adb.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\SYSTEM32\dxdiag.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\SYSTEM32\dxdiag.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\SYSTEM32\dxdiag.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\SYSTEM32\dxdiag.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\SYSTEM32\dxdiag.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\SYSTEM32\dxdiag.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\SYSTEM32\dxdiag.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\SYSTEM32\dxdiag.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\SYSTEM32\dxdiag.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\SYSTEM32\dxdiag.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\SYSTEM32\dxdiag.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\SYSTEM32\dxdiag.exe N/A

Gathers system information

Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\systeminfo.exe N/A
N/A N/A C:\Windows\SYSTEM32\systeminfo.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer\ = "DxDiag.DxDiagClassObject.1" C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\ProgID C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove\ = "Programmable" C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\ = "DxDiagProvider Class" C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1 C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\ = "DxDiagClassObject Class" C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID\ = "DxDiag.DxDiagClassObject" C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1 C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\ = "DxDiagProvider Class" C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32 C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1" C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1 C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer\ = "DxDiag.DxDiagClassObject.1" C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\SYSTEM32\\dxdiagn.dll" C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\ = "DxDiagClassObject Class" C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\CLSID C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7} C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\ = "DxDiagClassObject Class" C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\VersionIndependentProgID C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32 C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3227495264-2217614367-4027411560-1000\{9A6DF817-1F3B-4B4E-9BAD-2FE46AEC9E70} C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}" C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\ = "DxDiagProvider Class" C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\ = "DxDiagClassObject Class" C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ = "DxDiagClassObject Class" C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}" C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer\ = "DxDiag.DxDiagClassObject.1" C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32 C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B} C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7} C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CLSID C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer\ = "DxDiag.DxDiagClassObject.1" C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B} C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\SYSTEM32\\dxdiagn.dll" C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\VersionIndependentProgID C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3227495264-2217614367-4027411560-1000\{156D669E-9DC7-4779-9D30-3EE009A264CD} C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\CLSID C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID\ = "DxDiag.DxDiagClassObject" C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ = "DxDiagClassObject Class" C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1 C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1" C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\ProgID C:\Windows\SYSTEM32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}" C:\Windows\SYSTEM32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32 C:\Windows\SYSTEM32\dxdiag.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3040 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp
PID 3040 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp
PID 3040 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp
PID 4660 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp C:\Program Files\Genymobile\Genymotion\tools\adb.exe
PID 4660 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp C:\Program Files\Genymobile\Genymotion\tools\adb.exe
PID 4660 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp C:\Program Files\Genymobile\Genymotion\tools\adb.exe
PID 4660 wrote to memory of 4284 N/A C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp C:\Windows\system32\ie4uinit.exe
PID 4660 wrote to memory of 4284 N/A C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp C:\Windows\system32\ie4uinit.exe
PID 4284 wrote to memory of 5052 N/A C:\Windows\system32\ie4uinit.exe C:\Windows\system32\RunDll32.exe
PID 4284 wrote to memory of 5052 N/A C:\Windows\system32\ie4uinit.exe C:\Windows\system32\RunDll32.exe
PID 4284 wrote to memory of 2320 N/A C:\Windows\system32\ie4uinit.exe C:\Windows\system32\RunDll32.exe
PID 4284 wrote to memory of 2320 N/A C:\Windows\system32\ie4uinit.exe C:\Windows\system32\RunDll32.exe
PID 800 wrote to memory of 4588 N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 800 wrote to memory of 4588 N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 800 wrote to memory of 3568 N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe C:\Program Files\Genymobile\Genymotion\tools\glewinfo.exe
PID 800 wrote to memory of 3568 N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe C:\Program Files\Genymobile\Genymotion\tools\glewinfo.exe
PID 800 wrote to memory of 3568 N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe C:\Program Files\Genymobile\Genymotion\tools\glewinfo.exe
PID 800 wrote to memory of 1376 N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe C:\Windows\SYSTEM32\systeminfo.exe
PID 800 wrote to memory of 1376 N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe C:\Windows\SYSTEM32\systeminfo.exe
PID 800 wrote to memory of 4580 N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe C:\Windows\SYSTEM32\route.exe
PID 800 wrote to memory of 4580 N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe C:\Windows\SYSTEM32\route.exe
PID 800 wrote to memory of 2500 N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe C:\Windows\SYSTEM32\dxdiag.exe
PID 800 wrote to memory of 2500 N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe C:\Windows\SYSTEM32\dxdiag.exe
PID 800 wrote to memory of 3632 N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe C:\Windows\SYSTEM32\driverquery.exe
PID 800 wrote to memory of 3632 N/A C:\Program Files\Genymobile\Genymotion\genymotion.exe C:\Windows\SYSTEM32\driverquery.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe

"C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe"

C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp

"C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp" /SL5="$C01D6,105396162,1027584,C:\Users\Admin\AppData\Local\Temp\genymotion-3.8.0.exe"

C:\Program Files\Genymobile\Genymotion\tools\adb.exe

"C:\Program Files\Genymobile\Genymotion\tools\adb.exe" kill-server

C:\Windows\system32\ie4uinit.exe

"C:\Windows\system32\ie4uinit.exe" -ClearIconCache

C:\Windows\system32\RunDll32.exe

C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0

C:\Windows\system32\RunDll32.exe

C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0

C:\Program Files\Genymobile\Genymotion\genymotion.exe

"C:\Program Files\Genymobile\Genymotion\genymotion.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -WindowStyle Hidden -Command "Get-CimInstance -ClassName Win32_ComputerSystemProduct | Select-Object -Property UUID"

C:\Program Files\Genymobile\Genymotion\tools\glewinfo.exe

"C:\Program Files\Genymobile\Genymotion\tools\glewinfo.exe"

C:\Windows\SYSTEM32\systeminfo.exe

systeminfo

C:\Windows\SYSTEM32\route.exe

route print

C:\Windows\SYSTEM32\dxdiag.exe

dxdiag /t C:/Users/Admin/AppData/Local/Temp/genymotion-logs-tmp\dxdiag.log

C:\Windows\SYSTEM32\driverquery.exe

driverquery /FO list /v

C:\Program Files\Genymobile\Genymotion\genyshell.exe

"C:\Program Files\Genymobile\Genymotion\genyshell.exe"

C:\Program Files\Genymobile\Genymotion\genymotion.exe

"C:\Program Files\Genymobile\Genymotion\genymotion.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -WindowStyle Hidden -Command "Get-CimInstance -ClassName Win32_ComputerSystemProduct | Select-Object -Property UUID"

C:\Program Files\Genymobile\Genymotion\tools\glewinfo.exe

"C:\Program Files\Genymobile\Genymotion\tools\glewinfo.exe"

C:\Windows\SYSTEM32\systeminfo.exe

systeminfo

C:\Windows\SYSTEM32\route.exe

route print

C:\Windows\SYSTEM32\dxdiag.exe

dxdiag /t C:/Users/Admin/AppData/Local/Temp/genymotion-logs-tmp\dxdiag.log

C:\Windows\SYSTEM32\driverquery.exe

driverquery /FO list /v

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
N/A 127.0.0.1:58479 tcp
N/A 127.0.0.1:5037 tcp
US 8.8.8.8:53 www.genymotion.com udp
US 8.8.8.8:53 cloud.genymotion.com udp
US 104.16.59.17:443 cloud.genymotion.com tcp
US 104.16.59.17:443 cloud.genymotion.com tcp
US 104.16.59.17:443 cloud.genymotion.com tcp
US 8.8.8.8:53 17.59.16.104.in-addr.arpa udp
US 104.16.59.17:443 cloud.genymotion.com tcp
US 8.8.8.8:53 101.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 api.eu.amplitude.com udp
DE 35.156.124.112:443 api.eu.amplitude.com tcp
US 8.8.8.8:53 112.124.156.35.in-addr.arpa udp
US 8.8.8.8:53 51.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 104.16.59.17:443 cloud.genymotion.com tcp
US 104.16.59.17:443 cloud.genymotion.com tcp
US 104.16.59.17:443 cloud.genymotion.com tcp
US 104.16.59.17:443 cloud.genymotion.com tcp
US 8.8.8.8:53 api.eu.amplitude.com udp
DE 35.156.71.7:443 api.eu.amplitude.com tcp
US 8.8.8.8:53 7.71.156.35.in-addr.arpa udp

Files

memory/3040-2-0x0000000000401000-0x00000000004B7000-memory.dmp

memory/3040-0-0x0000000000400000-0x0000000000508000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-VKMD8.tmp\genymotion-3.8.0.tmp

MD5 bbc7deb4d522e2a1e4f3c81c7780da40
SHA1 fd76d20db744602547690d2d979e41a8f53f59b8
SHA256 15a2ce464f64248ecc577d083824181129412b756f5f5ffb1f82b10c26f028c2
SHA512 690037a4d4ffae9bdcd0aed4a029a0782639b3c880fb9fc0d3362da52566f468ae295f6e0590a6feeb00bbe77244f7dc985e3caeac4dd22d189c1d24289acf36

memory/4660-6-0x0000000000400000-0x0000000000744000-memory.dmp

memory/3040-8-0x0000000000400000-0x0000000000508000-memory.dmp

memory/4660-9-0x0000000000400000-0x0000000000744000-memory.dmp

memory/4660-11-0x0000000000400000-0x0000000000744000-memory.dmp

memory/4660-1678-0x0000000000400000-0x0000000000744000-memory.dmp

C:\Program Files\Genymobile\Genymotion\tools\adb.exe

MD5 32165a1230c62f3c12fd1969ca5be174
SHA1 e5f72adf6c446478b31a2a69ce71e05cef15814f
SHA256 2679fc07a9de652e7cb0278049ac299335c037ce4e44042469ec98d802bffbeb
SHA512 425445a08a5d835de167705bc1e38a9451134fbca62d3eb583ec4aa630fc2d278e0a9a7f4e418326a01b099f7762d8d5b28d634a498c9a616aa2f22a4253d5b4

C:\Program Files\Genymobile\Genymotion\tools\AdbWinApi.dll

MD5 ed5a809dc0024d83cbab4fb9933d598d
SHA1 0bc5a82327f8641d9287101e4cc7041af20bad57
SHA256 d60103a5e99bc9888f786ee916f5d6e45493c3247972cb053833803de7e95cf9
SHA512 1fdb74ee5912fbdd2c0cba501e998349fecfbef5f4f743c7978c38996aa7e1f38e8ac750f2dc8f84b8094de3dd6fa3f983a29f290b3fa2cdbdaed691748baf17

C:\Program Files\Genymobile\Genymotion\tools\AdbWinUsbApi.dll

MD5 0e24119daf1909e398fa1850b6112077
SHA1 293eedadb3172e756a421790d551e407457e0a8c
SHA256 25207c506d29c4e8dceb61b4bd50e8669ba26012988a43fbf26a890b1e60fc97
SHA512 9cbb26e555ab40b019a446337db58770b9a0c9c08316ff1e1909c4b6d99c00bd33522d05890870a91b4b581e20c7dce87488ab0d22fc3c4bbdd7e9b38f164b43

memory/4660-2008-0x0000000000400000-0x0000000000744000-memory.dmp

memory/3040-2009-0x0000000000400000-0x0000000000508000-memory.dmp

C:\Program Files\Genymobile\Genymotion\genymotion.exe

MD5 1d1af01835920a46a486f2c862b032ce
SHA1 9f0b8a16d7a6dbf35bb06f9fa763350fcb30d60f
SHA256 e00da6a17f4084641cacb4aee829175c6c34f91dcdb9f96150adccc32eefcea9
SHA512 84c16adc5fbb969e28efc0e959e4fd8c500d078b351934e04dff5591c1462b938b8c8003fce0b22bf2e8eefb0293f10645fd078cf222ce341e0331f2272de741

C:\Program Files\Genymobile\Genymotion\Qt5QuickTemplates2.dll

MD5 1cced7d5e9031bb6778497addc16cc1c
SHA1 c62c66e3cff181a7a9ba76b72284987f9b92fbe4
SHA256 ec695324ad837956ff56394d57bbe378e8add5b637398683db457d9b088f3bf8
SHA512 c839607bf973a8342a9d1b83dde32c4af6586bf7749a46a93b00b6fbd8b0a20e63bb4c7f723f8ecaaef8fe0fbbc3fd6c3d31ff0ea8b597f024e45a7231a96452

C:\Program Files\Genymobile\Genymotion\platforms\qwindows.dll

MD5 4931fcd0e86c4d4f83128dc74e01eaad
SHA1 ac1d0242d36896d4dda53b95812f11692e87d8df
SHA256 3333ba244c97264e3bd19db5953efa80a6e47aaced9d337ac3287ec718162b85
SHA512 0396bccda43856950afe4e7b16e0f95d4d48b87473dc90cf029e6ddfd0777e1192c307cfe424eae6fb61c1b479f0ba1ef1e4269a69c843311a37252cf817d84d

C:\Program Files\Genymobile\Genymotion\imageformats\qwebp.dll

MD5 308e4565c3c5646f9abd77885b07358e
SHA1 71cb8047a9ef0cdb3ee27428726cacd063bb95b7
SHA256 6e37acd0d357871f92b7fde7206c904c734caa02f94544df646957df8c4987af
SHA512 ffaeecfae097d5e9d1186522bd8d29c95ce48b87583624eb6d0d52bd19e36db2860a557e19f0a05847458605a9a540c2a9899d53d36a6b7fd5bf0ad86af88124

C:\Program Files\Genymobile\Genymotion\imageformats\qwbmp.dll

MD5 68919381e3c64e956d05863339f5c68c
SHA1 ce0a2ad1f1a46b61cb298cec5aa0b25ff2c12992
SHA256 0f05969fb926a62a338782b32446ea3e28e4bfbffc0dbd25ed303fab3404abac
SHA512 6222a3818157f6bcd793291a6c0380ef8c6b93ecea2e0c9a767d9d9163461b541afaf8c6b21c5a020f01c95c6ee9b2b74b358ba18da120f520e87e24b20836aa

C:\Program Files\Genymobile\Genymotion\Qt5Svg.dll

MD5 03761f923e52a7269a6e3a7452f6be93
SHA1 2ce53c424336bcc8047e10fa79ce9bce14059c50
SHA256 7348cfc6444438b8845fb3f59381227325d40ca2187d463e82fc7b8e93e38db5
SHA512 de0ff8ebffc62af279e239722e6eedd0b46bc213e21d0a687572bfb92ae1a1e4219322233224ca8b7211ffef52d26cb9fe171d175d2390e3b3e6710bbda010cb

C:\Program Files\Genymobile\Genymotion\imageformats\qsvg.dll

MD5 c0de135782fa0235a0ea8e97898eaf2a
SHA1 fcf5fd99239bf4e0b17b128b0ebec144c7a17de2
SHA256 b3498f0a10ac4cb42cf7213db4944a34594ff36c78c50a0f249c9085d1b1ff39
SHA512 7bd5f90ccab3cf50c55eaf14f7ef21e05d3c893fa7ac9846c6ca98d6e6d177263ac5eb8a85a34501bcfca0da7f0b6c39769726f4090fca2231ee64869b81cf0b

C:\Program Files\Genymobile\Genymotion\imageformats\qjpeg.dll

MD5 16abcceb70ba20e73858e8f1912c05cd
SHA1 4b3a32b166ab5bbbee229790fdae9cbc84f936ba
SHA256 fb4e980cb5fafa8a4cd4239329aed93f7c32ed939c94b61fb2df657f3c6ad158
SHA512 3e5c83967bf31c9b7f1720059dd51aa4338e518b076b0461541c781b076135e9cb9cbceb13a8ec9217104517fbcc356bdd3ffaca7956d1c939e43988151f6273

C:\Program Files\Genymobile\Genymotion\imageformats\qico.dll

MD5 a9abd4329ca364d4f430eddcb471be59
SHA1 c00a629419509929507a05aebb706562c837e337
SHA256 1982a635db9652304131c9c6ff9a693e70241600d2ef22b354962aa37997de0b
SHA512 004ea8ae07c1a18b0b461a069409e4061d90401c8555dd23dbf164a08e96732f7126305134bfaf8b65b0406315f218e05b5f0f00bedb840fb993d648ce996756

C:\Program Files\Genymobile\Genymotion\imageformats\qicns.dll

MD5 ad84af4d585643ff94bfa6de672b3284
SHA1 5d2df51028fbeb7f6b52c02add702bc3fa781e08
SHA256 f4a229a082d16f80016f366156a2b951550f1e9df6d4177323bbedd92a429909
SHA512 b68d83a4a1928eb3390deb9340cb27b8a3eb221c2e0be86211ef318b4dd34b37531ca347c73cce79a640c5b06fbd325e10f8c37e0cee2581f22abfbff5cc0d55

C:\Program Files\Genymobile\Genymotion\imageformats\qgif.dll

MD5 52fd90e34fe8ded8e197b532bd622ef7
SHA1 834e280e00bae48a9e509a7dc909bea3169bdce2
SHA256 36174dd4c5f37c5f065c7a26e0ac65c4c3a41fdc0416882af856a23a5d03bb9d
SHA512 ef3fb3770808b3690c11a18316b0c1c56c80198c1b1910e8aa198df8281ba4e13dc9a6179bb93a379ad849304f6bb934f23e6bbd3d258b274cc31856de0fc12b

C:\Program Files\Genymobile\Genymotion\imageformats\qtiff.dll

MD5 9c0acf12d3d25384868dcd81c787f382
SHA1 c6e877aba3fb3d2f21d86be300e753e23bb0b74e
SHA256 825174429ced6b3dab18115dbc6c9da07bf5248c86ec1bd5c0dcaeca93b4c22d
SHA512 45594fa3c5d7c4f26325927bb8d51b0b88e162e3f5e7b7f39a5d72437606383e9fdc8f83a77f814e45aff254914514ae52c1d840a6c7b98767f362ed3f4fc5bd

C:\Program Files\Genymobile\Genymotion\imageformats\qtga.dll

MD5 a913276fa25d2e6fd999940454c23093
SHA1 785b7bc7110218ec0e659c0e5ace9520aa451615
SHA256 5b641dec81aec1cf7ac0cce9fc067bb642fbd32da138a36e3bdac3bb5b36c37a
SHA512 cebe48e6e6c5cdf8fc339560751813b8de11d2471a3dab7d648df5b313d85735889d4e704e8eec0ad1084ab43be0ebdfbacd038aeac46d7a951efb3a7ce838eb

C:\Program Files\Genymobile\Genymotion\Qt5QmlModels.dll

MD5 2030c4177b499e6118be5b9e5761fce1
SHA1 050d0e67c4aa890c80f46cf615431004f2f4f8fc
SHA256 51e4e5a5e91f78774c44f69b599fae4735277ef2918f7061778615cb5c4f6e81
SHA512 488f7d5d9d8deee9bbb9d63dae346e46efeb62456279f388b323777999b597c2d5aea0ee379bdf94c9cbcfd3367d344fb6b5e90ac40be2ce95efa5bbdd363bcc

C:\Program Files\Genymobile\Genymotion\libcrypto-1_1-x64.dll

MD5 0eb4b12ede0999a156c6913d97cc05dc
SHA1 59b6e69f746ab01a10aedb24aac0330cf3049e6a
SHA256 1f19f957bbf0487f87076319dc906b869e765755c8d705166ce73648989f8bc8
SHA512 fe6e9a8ab34214d7127b626dcb66029ff413615d238c1be0017d3411c010f2799b4b9a0a69f8171c69673efd0ab7ec3c154b0c0ca16b9d7c95405177e23ad979

C:\Program Files\Genymobile\Genymotion\Qt5Sql.dll

MD5 ccfddf94281ffad70ee2d26bb77f8b1c
SHA1 6861a4b16ac5ab05ff594e50d8d63579dab1d969
SHA256 9ca14f8d46c25c7c5be2ffbd070231859906204a775e8b8b3f762630efd5f721
SHA512 4bd2d0ba6e3cef76de2a0e09d8ad1b27c8d00e55744ec25f37bef1e4e5e8723468054d1b8c719ab2318bdda342639447f138995a9be22fd8c5af71eece953bb2

C:\Program Files\Genymobile\Genymotion\Qt5Network.dll

MD5 3569693d5bae82854de1d88f86c33184
SHA1 1a6084acfd2aa4d32cedfb7d9023f60eb14e1771
SHA256 4ef341ae9302e793878020f0740b09b0f31cb380408a697f75c69fdbd20fc7a1
SHA512 e5eff4a79e1bdae28a6ca0da116245a9919023560750fc4a087cdcd0ab969c2f0eeec63bbec2cd5222d6824a01dd27d2a8e6684a48202ea733f9bb2fab048b32

C:\Program Files\Genymobile\Genymotion\Qt5Quick.dll

MD5 65f59cfc0c1c060ce20d3b9ceffbaf46
SHA1 cfd56d77506cd8c0671ca559d659dab39e4ad3c2
SHA256 c81ad3c1111544064b1830c6f1aef3c1fd13b401546ab3b852d697c0f4d854b3
SHA512 d6f6dc19f1a0495026cba765b5a2414b6af0dbfc37b5aceed1cd0ae37b3b0f574b759a176d75b01edd74c6ce9a3642d3d29a3fd7f166b53a41c8978f562b4b50

C:\Program Files\Genymobile\Genymotion\Qt5Qml.dll

MD5 d055566b5168d7b1d4e307c41ce47c4b
SHA1 043c0056e9951da79ec94a66a784972532dc18ef
SHA256 30035484c81590976627f8face9507caa8581a7dc7630cccf6a8d6de65cab707
SHA512 4f12d17aa8a3008caa3ddd0e41d3ed713a24f9b5a465ee93b2e4beccf876d5bdf0259aa0d2dd77ad61bb59dc871f78937ffbe4d0f60638014e8ea8a27caf228d

C:\Program Files\Genymobile\Genymotion\Qt5QuickControls2.dll

MD5 b073dac53f8d885d1e6149a4155a968b
SHA1 e500bbd8ce06c297866827ce01c1ae70ea208b37
SHA256 1cf23c84b82c18eddf25660576215a8fc5920c83cd5a82f20d2ef3fb6959308f
SHA512 ff45e57dfb053c09968f9fd99ddb1754d53d5a6bb446ca2e1a737b81a944c199754fad0328ac92c2df2ee76b4dd5ed238f60193426c02b8c9a241d2206837298

C:\Program Files\Genymobile\Genymotion\Qt5Gui.dll

MD5 47307a1e2e9987ab422f09771d590ff1
SHA1 0dfc3a947e56c749a75f921f4a850a3dcbf04248
SHA256 5e7d2d41b8b92a880e83b8cc0ca173f5da61218604186196787ee1600956be1e
SHA512 21b1c133334c7ca7bbbe4f00a689c580ff80005749da1aa453cceb293f1ad99f459ca954f54e93b249d406aea038ad3d44d667899b73014f884afdbd9c461c14

C:\Program Files\Genymobile\Genymotion\Qt5Widgets.dll

MD5 4cd1f8fdcd617932db131c3688845ea8
SHA1 b090ed884b07d2d98747141aefd25590b8b254f9
SHA256 3788c669d4b645e5a576de9fc77fca776bf516d43c89143dc2ca28291ba14358
SHA512 7d47d2661bf8fac937f0d168036652b7cfe0d749b571d9773a5446c512c58ee6bb081fec817181a90f4543ebc2367c7f8881ff7f80908aa48a7f6bb261f1d199

C:\Program Files\Genymobile\Genymotion\Qt5Core.dll

MD5 817520432a42efa345b2d97f5c24510e
SHA1 fea7b9c61569d7e76af5effd726b7ff6147961e5
SHA256 8d2ff4ce9096ddccc4f4cd62c2e41fc854cfd1b0d6e8d296645a7f5fd4ae565a
SHA512 8673b26ec5421fce8e23adf720de5690673bb4ce6116cb44ebcc61bbbef12c0ad286dfd675edbed5d8d000efd7609c81aae4533180cf4ec9cd5316e7028f7441

C:\Program Files\Genymobile\Genymotion\libssl-1_1-x64.dll

MD5 fcef29efc6a4d8dea8719faf7288ad8c
SHA1 79bb251bebfa231207bcf5a27b7e523b579b0263
SHA256 eb15d6b5618296f3b0eba9499b4cee8aaa2f3222cca44f776f0acaaf50527cb3
SHA512 e25f5edbf8a0bc85f8b1fb1e5be7613c42c4e97c1cecd2771a3a59377eaad6a6dba4f4c9450467e6fcfbff98e056573591685f38928518762d54b4710f9af4ab

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wcasp1ag.bqc.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1356-2034-0x00000113BCBF0000-0x00000113BCC12000-memory.dmp

memory/1356-2044-0x00000113BCF80000-0x00000113BCFAA000-memory.dmp

memory/1356-2045-0x00000113BCF80000-0x00000113BCFA4000-memory.dmp

C:\Program Files\Genymobile\Genymotion\sqldrivers\qsqlite.dll

MD5 24e3288942a9ed3ed046e9dfdc3e7ccb
SHA1 2bb7ba646ede4ad09d11e7cdbb241b3da4603327
SHA256 0776ca618fc81aaee6c27a185df05b28e4571381c613adbff92e12ec3e6c1d17
SHA512 b2124261f882a7b140e95ce9d4c84c961d44b6647c8b20fdbdf71057671cdd41e4f4d0d348dc9b84516822a72a79a575e9ef3f92258aee1dca2703c652f3a600

C:\Program Files\Genymobile\Genymotion\libGLESv2.dll

MD5 2247ee4356666335df7d72129af8d600
SHA1 f0131c1a67fc17c0e8dcc4a4ca38c9f1780e7182
SHA256 50fad5605b3d57627848b3b84a744dfb6a045609b8236b04124f2234676758d8
SHA512 67f2a7bf169c7b9a516689cf1b16446ca50e57f099b9b742ccb1abb2dcde8867f8f6305ad8842cd96194687fc314715ae04c1942b0e0a4f51b592b028c5b16d3

C:\Program Files\Genymobile\Genymotion\libEGL.dll

MD5 bb00ef1dd81296af10fdfa673b4d1397
SHA1 773ffcf4a231b963baac36cbef68079c09b62837
SHA256 32092de077fd57b6ef355705ec46c6d21f6d72fbe3d3a5dd628f2a29185a96fa
SHA512 c87c0868c04852b63a7399afe4e568cd9a65b7b7d5fd63030abea649aac5e9f2293ab5be2b2ce56a57f2b4b1992ae730150a293ada53637fc5cd7be0a727cbd4

C:\Program Files\Genymobile\Genymotion\Qt5QmlWorkerScript.dll

MD5 6aeb9d49571b53ae417ced788e6b42fd
SHA1 009a7bdb7d31170ee6d59be470e0b4e47ae75e0a
SHA256 016ef2a37c5a84de027b112ae1b65d974648ef6ae072beffec119c1a7036ea5e
SHA512 9b8cc61d246a025d4f622d4f1b834b15d3c4f597960c3f455ebe3c9a2e3095de6b485572deb99b8e279a4b3f4cea86254e205c5b46681678a8355b5919a1cf02

C:\Program Files\Genymobile\Genymotion\QtQuick.2\qtquick2plugin.dll

MD5 f2d65eec94486d58956811607d6e0a44
SHA1 3b50806bb2e255a5931907c37e9136e4f6024c93
SHA256 e70f734803ae75acbcf2c6d21fe8dc3a0fd745113c543f5b930230949472ec02
SHA512 85fb0f8ff8a336e15e2438ebb8c6b068c72fb875491bafabe4ea0b10697a7318dcbdea9d5acf5553d6932e49447f59910d50b9066720444a947dcbca4a2f3caa

C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\qtquickcontrols2plugin.dll

MD5 5039ba7eda325bfa357125870c13111e
SHA1 81bb79aae0ddab90f4e6302f24e3ff7bc53a9bdf
SHA256 26f10ca8d9446d75d0a73b231404b65919151093be6af3ea2da4697ed3c155f9
SHA512 07f2eefb58ac731162d42b33dc5c38765dec7eef7591779f6aa6b72cb0765b063ec44c9dfad1b4ec437bbbb9b533247cc73f4db2f21cfd059009bc2dcc6736da

C:\Program Files\Genymobile\Genymotion\QtQuick\Controls.2\Material\qtquickcontrols2materialstyleplugin.dll

MD5 b7d862f5f15e86b73c670913684fa8e4
SHA1 8266952e8e14d04b5e710563935791d1dd90a2ae
SHA256 2eabb8e5f3b57e42c6f29db645edc4bac17910b1ac0d8d0083c66b152f8878b8
SHA512 e68e6298f557cb92eb2aaa9d334621eb1b29ab1186a4f25e22f28667b5ebc4732639827c5ce136360525f0ee300ff37ed424dd311626af3fd5c36710fbf0ff23

C:\Program Files\Genymobile\Genymotion\QtQuick\Window.2\windowplugin.dll

MD5 c49831569882e926856e02e62cd5ee87
SHA1 f1a75f9cad6860d55341f7c05d1c87cdf7dad0fa
SHA256 9aff9f92ba9624dba025725a0385792f412b607d24b1bb2829f0ce4702a0a228
SHA512 5182033979d40ebaf1703c9f15eb2e093fa2117ddc82caef38c2d275312eb163697ec827f12e72b73af47ecfb20f6bda662c2b7b5803313ea1b2d68c0422aad3

C:\Program Files\Genymobile\Genymotion\Qt\labs\platform\qtlabsplatformplugin.dll

MD5 6bd698becdab8ac4504f920849243d8f
SHA1 3429b36053287399d4ea95ed58523080351f25db
SHA256 4d2f5ae5103c1072e36546222eccb8efe2698c886e12b0161e479327a531a2c1
SHA512 2df753a41cad7dee0468f27316ae2c8d9ac7545a2cc715850484e0e0048e95ceb30750dba11d7635ece77764621ccf035df65587e138b9e882b7898f236d8d40

C:\Program Files\Genymobile\Genymotion\Qt\labs\settings\qmlsettingsplugin.dll

MD5 80411405b9fe2aac7b15ca5ffc65c391
SHA1 7bc2d461e7648960ab02acac47d79fc99748c27c
SHA256 ab2bae83e88595ffdab5025bcc7af7724822ca363e9d26ebe2d294cf7e5cd342
SHA512 92f41bb5e6fd6b5434dd050129b0ba426307dd1646a7cf9537a860e47dcb58a9085a6310a12b0f3c789f8f3f63d7b1fe3f49ac4fda879bee1190a3ea86ab514d

C:\Program Files\Genymobile\Genymotion\QtQuick\Layouts\qquicklayoutsplugin.dll

MD5 bf107e9a7299175994089a6005464e4f
SHA1 7c924c325ec1988aacde7b9a08099e3660354d09
SHA256 9357fc000d782e8ad2eaf79c8dfa2eb58678348ec0830a09070724a0eee6db53
SHA512 775af0c18fd4c1853ecac14d7a07c05aace9b2d1b0f9939797e0e6ba0ffaf13349418fa4a84eaaf16f87fbac1c093cf70cdae4af421fc72f2d4a80442a4bd27f

C:\Program Files\Genymobile\Genymotion\QtQuick\Dialogs\dialogplugin.dll

MD5 f6b0c744d24762818b0950d61fbe0c45
SHA1 9560528bb2d338c2788510e1110e6a46b39a2211
SHA256 0c9efdc3b001d629b3f140cf801755393f925de13851a9727d1e157b8642e701
SHA512 c8b8fac049cda98d5dc5e1be421a410dcc802cd5a9dfe72eccf2398ae166bdbe2d51e8520b267b5b0f99cdc8ce84b80d484001e34719e197eeaaa377d75f77a7

C:\Program Files\Genymobile\Genymotion\QtQuick\Templates.2\qtquicktemplates2plugin.dll

MD5 a6267964565761ac4696708397ad6be5
SHA1 69c004ef79d406868b305ff33a35c6c73694c344
SHA256 ee8572e9934bed6dcd01a667aecaa0b2e1a28419573559607f499bf6bb7779a9
SHA512 1770aacd19742e9e85ddc1d616353c25f4defa3e311df95a3eaf022f7170ae3f9b50711c3f354cdca89014a765f45cd3c91d982dc3b92f03bc1d4c15342bd271

C:\Program Files\Genymobile\Genymotion\QtGraphicalEffects\qtgraphicaleffectsplugin.dll

MD5 1b8e5738f9fd2955b9c82f8ff74bb5a1
SHA1 cae992713ef5073653a1ba2ab57629f4a7860834
SHA256 701b009e82b18eaaf44656852160d9b6584ce3eed90da8ec532454707755a1f6
SHA512 853282f0ecc9a73645a189e4a0a519e57a09cbc81f66761df1e7a6cf749b7676db8c9e5f58a1517393f52d455637e79f651ea3e490260a4665d0943f69ebb574

C:\Program Files\Genymobile\Genymotion\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll

MD5 9661a90b134aeb0b551c296d3fc88753
SHA1 f61313dde19b6d385459ace926dd028f9f7abe50
SHA256 9faa62a83cc032b913cd5480df5fe0ce39cf39bd2cf4064b27d8535f29617281
SHA512 2871eb5bcc450d13e7de6a5c30e95803a1a80f40aadd9704f61356ba7adef61f2d60e72323056defde81f063852ea0502d246fcf4724a7b456f3a82486d8354a

C:\Program Files\Genymobile\Genymotion\QtQuick\Controls\qtquickcontrolsplugin.dll

MD5 dcfff1747bb8e7a2c6497df0a4e5ee8e
SHA1 8bad65cc7dcf4c4b9ec0473f22d251e8661d140e
SHA256 2ec497ac8ac4814ed4cee6bf7daeb15a6def7857dcec6bf290446b125acd5ac1
SHA512 10ac1d163900fb03d7b8b11d45113e5a326b653775b5275ea92c35359b17e7f8cad6636baad77c1f660e7439b6262ed6147b6a167e6fb915e890da9af9317749

C:\Program Files\Genymobile\Genymotion\QtQuick\Dialogs\Private\dialogsprivateplugin.dll

MD5 de05a20cdd9e1ed8c0fccc8a0737fe1c
SHA1 56f0687b132bbde9fd9ad1ce11f4f85e7385dd7d
SHA256 abceab15bebe79bd6e53b2dce71190bef7c0eaa0bb9b575ed6eef15eba9b417a
SHA512 30f70e65866a5b9572684d5548feb907b1c376aa0db30d1ffdae24250bded0dffc7fcaa6827320f892225ddf230968651c925ac24864473fc3cc9e67d803b40f

C:\Program Files\Genymobile\Genymotion\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll

MD5 1d6bc68cfda1c2131464b64452c95443
SHA1 94e81e0801ce11a17a33b0da11feed86db775579
SHA256 6a82375574b44737ecff678fb061fafaae2c4188561097d6d88460d2648510b3
SHA512 2dc5ee91001c1c00ba5ebee6ef731a5dac3d93baa78ad5d87f690bfa1393e50291a5e927de1b8b09d550cfb35d8fa9cd6435ec24dae01045176f8d1b1f9b5763

C:\Program Files\Genymobile\Genymotion\QtQuick\PrivateWidgets\widgetsplugin.dll

MD5 735f7910b0e5fcfd2573e249c9ee879e
SHA1 d57836f276638a2caa43df96d78ff80668fb2af5
SHA256 e6efcb6d1506e99f30a81f892ac7b72b36392efe2a6e3a81199600cfeadeab3e
SHA512 247b95671a307079f29f332e2af7179d075f286597a6b074e760b26e24c2105af5db990e8d8c7c2b78694964e90a5e7aa15f12a983ebbdb2f0477cfa5e39fb31

C:\Program Files\Genymobile\Genymotion\plugins\vboxmanage.dll

MD5 f2986ac19a9572c69eaafb3fb0f80f88
SHA1 ca764f80b1eddd09c589a5c963cd4184991654ed
SHA256 d9aa4ed0e9d5758be24a19b09924033e95f8fb8e0ce97f76fbe3fc7dfd3c9210
SHA512 c404f972642a3aaa329458247e384d5349831f73f88a38afe41cd1925a1c51e68b356d7caaa5b4e4c8b27fe5777630fb9afd2083f2e898274a2bc77fd893f67c

C:\Program Files\Genymobile\Genymotion\tools\glewinfo.exe

MD5 da6b636b47d133e75e86970af996cf80
SHA1 552da8347c5142442ed1520d1b99c4ab4f40baf6
SHA256 f21bb25c3624ef8e2ca3a23c80b39801432b731bfc65c2627652e31c7c730b46
SHA512 726b73d694f9217163f1b56220d2a0791ca9e05d318ef6d12275c0de998381c60c95b4def254a1a398c6e70d9a20edc115465b8c1887886a48908bc672f3af2a

memory/1424-2071-0x00000237AEEE0000-0x00000237AEEE1000-memory.dmp

memory/1424-2073-0x00000237AEEE0000-0x00000237AEEE1000-memory.dmp

memory/1424-2072-0x00000237AEEE0000-0x00000237AEEE1000-memory.dmp

memory/1424-2083-0x00000237AEEE0000-0x00000237AEEE1000-memory.dmp

memory/1424-2082-0x00000237AEEE0000-0x00000237AEEE1000-memory.dmp

memory/1424-2081-0x00000237AEEE0000-0x00000237AEEE1000-memory.dmp

memory/1424-2080-0x00000237AEEE0000-0x00000237AEEE1000-memory.dmp

memory/1424-2079-0x00000237AEEE0000-0x00000237AEEE1000-memory.dmp

memory/1424-2078-0x00000237AEEE0000-0x00000237AEEE1000-memory.dmp

memory/1424-2077-0x00000237AEEE0000-0x00000237AEEE1000-memory.dmp

memory/1424-2098-0x00000237AF750000-0x00000237AF796000-memory.dmp

C:\Program Files\Genymobile\Genymotion\genyshell.exe

MD5 b30cddc26adeb18cdb0ebbd5bdc3516f
SHA1 fda632de2daa2bf38a9f4360fa5f0580dda48493
SHA256 4efdb7b97c1597bba5d56c1c2bd6b6e740b526f04fc74a5b49ce1dd37ea4471a
SHA512 fa1f6ddc8d23d4c0f6960cbe1db43b284cb2d3d371b9c2bb10485a920fbb0a1b0cdfeca5a0457c17b8408d97fb407fe49eb06d863228327656f32bf1964aa3ab

C:\Program Files\Genymobile\Genymotion\com.dll

MD5 fb44a66f1efde4138b55553cbdacd999
SHA1 10f13621f047c94710aa6e4a2e3822638f6711f4
SHA256 25dc0428e10664d9517f9ada2c18222484de93f2a07ad245eccf1f15f4a9d96e
SHA512 66fcee9f5fc52e5d17c91b37921acb3aed8cc5db820a8ccec3ebe6a1e855a1d9d85861d5f7f516fd13a65f84c0ec63fc32d72c6f91c0657e96c5ff4bd6d00e8d

C:\Program Files\Genymobile\Genymotion\hiredis.dll

MD5 e65d97e83161cc9468d8b6fc3fa82d44
SHA1 724a7bdab7ac1c1a2ca0ec3f9aa1a255dbe3aa4a
SHA256 6efecf2a319f6fe5d8a2c2915b9747888d535b1a11061ce220d2302f7dc23700
SHA512 cedf852ef3965e19402505364d333b74c43c88339d4712122fdc5bb34b10ebb2e43a629609ae8c6699b9a25637b3c02402936b088f1b44b0a6b95a5186661146

C:\Users\Admin\AppData\Local\Genymobile\Genymotion\settings.json

MD5 7dc0e44358bc244d3f86ba8b52fd05f1
SHA1 c2b3f8ed8ca7ec16f9630bb2ba3fca459b46e29c
SHA256 357b773adf171d213939a2d0cfb8863997b3986fcafffd24cc527e154eaed442
SHA512 e9886a0d1afce19c55ee02c8fc3be407885359d3ca4aa61a03ab4ef3a530592185555723d8cc519824e2e69546d68d33cabd0cc7149e3cc77d45d34cecd7952c

memory/800-2128-0x00007FF918630000-0x00007FF918B71000-memory.dmp

memory/800-2129-0x00007FF9161E0000-0x00007FF9165D8000-memory.dmp

memory/800-2131-0x000001CFC81D0000-0x000001CFC8610000-memory.dmp

memory/800-2132-0x000001CFC8610000-0x000001CFC8810000-memory.dmp

memory/800-2163-0x000001CFCD190000-0x000001CFCD191000-memory.dmp

memory/800-2165-0x000001CFCD1B0000-0x000001CFCD1B1000-memory.dmp

memory/800-2166-0x000001CFCD1B0000-0x000001CFCD1B1000-memory.dmp

memory/800-2167-0x000001CFCD1B0000-0x000001CFCD1B1000-memory.dmp

memory/800-2168-0x000001CFCD1B0000-0x000001CFCD1B1000-memory.dmp

memory/2500-2199-0x00000213DF670000-0x00000213DF671000-memory.dmp

memory/2500-2198-0x00000213DF670000-0x00000213DF671000-memory.dmp

memory/2500-2197-0x00000213DF670000-0x00000213DF671000-memory.dmp

memory/2500-2201-0x00000213DF670000-0x00000213DF671000-memory.dmp

memory/2500-2206-0x00000213DF670000-0x00000213DF671000-memory.dmp

memory/2500-2205-0x00000213DF670000-0x00000213DF671000-memory.dmp

memory/2500-2204-0x00000213DF670000-0x00000213DF671000-memory.dmp

memory/2500-2203-0x00000213DF670000-0x00000213DF671000-memory.dmp

memory/2500-2202-0x00000213DF670000-0x00000213DF671000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\genymotion-logs-tmp\general-genymotion.log

MD5 558797addc990945d5b2751f2970b929
SHA1 2a9e7b027b03b415771b21d3752c6f1833a6b042
SHA256 9dc03361ed587c214dfadd132d1596fc37cf86fba529c82272ca566cde7bbdd6
SHA512 643e64fb4b0995fe39860ba5762dd3343880c908193cab2e57bb82c72c9b828272f21767576fb30a68c3f6054cb7640b5e7384b467bd180f622616bd7682fc7e

C:\Users\Admin\genymotion-logs-20241113-140906.zip

MD5 28f203038c2072a15dc99df3e5e48578
SHA1 7e9a3472c653f7bc4f718e7b1b01728dd60dc9af
SHA256 cec9dcf8be26ac428d442051ab32e0a957650544631252ad6240966088a33fb8
SHA512 8cd789656d650be46f2a5b77774e78096e241acceeff4fabbf5ec3667fbdd27344575c29d5127b4d5f5d12815a033f20e99a2c4bd6a0bd959034903f44da3309