2d2e603887e75f7437f944099ef06444af6700567e5a94093bc9fd5f094b9b7f

Analysis

max time kernel
65s
max time network
72s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14/06/2023, 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

blue.exe
Size

304.9MB
MD5

8196b9fd3b7004fbf420935e959a298a
SHA1

4a010ac5633df4eb46bf5d2c94f80bbcc1b8b975
SHA256

2d2e603887e75f7437f944099ef06444af6700567e5a94093bc9fd5f094b9b7f
SHA512

df3f2fcc1485fa996979d6112cd71f161e9427005c8925a91da8bc668b59db16a77559ebb7305aa71ebb11d21a89d154eff7dc666f5216073d1dbffa8a980b75
SSDEEP

6291456:VJnPDnzeWfercQUEIkvU6qYeUCTtISBdwN5xm+oDhI28IxZiPMWyDjzBgOPxt:VlPjPerc/ErRqYayKwN3GI4ZoMF1Pj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
596	MicroInstallerNative.exe
1152	BlueStacks-Installer_2.5.43.8001.exe

Loads dropped DLL 9 IoCs

pid	Process
1484	blue.exe
1484	blue.exe
1484	blue.exe
1484	blue.exe
596	MicroInstallerNative.exe
596	MicroInstallerNative.exe
596	MicroInstallerNative.exe
596	MicroInstallerNative.exe
1152	BlueStacks-Installer_2.5.43.8001.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
596	MicroInstallerNative.exe
596	MicroInstallerNative.exe
1152	BlueStacks-Installer_2.5.43.8001.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1152	BlueStacks-Installer_2.5.43.8001.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1484 wrote to memory of 596	1484	blue.exe	28
PID 1484 wrote to memory of 596	1484	blue.exe	28
PID 1484 wrote to memory of 596	1484	blue.exe	28
PID 1484 wrote to memory of 596	1484	blue.exe	28
PID 1484 wrote to memory of 596	1484	blue.exe	28
PID 1484 wrote to memory of 596	1484	blue.exe	28
PID 1484 wrote to memory of 596	1484	blue.exe	28
PID 596 wrote to memory of 1152	596	MicroInstallerNative.exe	30
PID 596 wrote to memory of 1152	596	MicroInstallerNative.exe	30
PID 596 wrote to memory of 1152	596	MicroInstallerNative.exe	30
PID 596 wrote to memory of 1152	596	MicroInstallerNative.exe	30
PID 596 wrote to memory of 1152	596	MicroInstallerNative.exe	30
PID 596 wrote to memory of 1152	596	MicroInstallerNative.exe	30
PID 596 wrote to memory of 1152	596	MicroInstallerNative.exe	30

C:\Users\Admin\AppData\Local\Temp\blue.exe
"C:\Users\Admin\AppData\Local\Temp\blue.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1484
- C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\MicroInstallerNative.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\MicroInstallerNative.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:596
- - C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\BlueStacks-Installer_2.5.43.8001.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\BlueStacks-Installer_2.5.43.8001.exe" /in:blue.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1152

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\7ZS45C8.TMP\LATO.TTF

Filesize
617KB

MD5
5d14391995929c6799688d83c870794a

SHA1
3e9518722d3c00a43ff0de25c2c95e14ddb7e0fa

SHA256
56d6ac1edfb2e32a8f506eab100d52f36f19a359842e1336597b2c9febdaab6b

SHA512
86a0342fe69f092c044c04c42e906628674b71b71332f262ee77f5688814155556411a390380502b1ec930dfda77681ae42f43045292685046bfe4e5d0553d52

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\BlueStacks-Installer_2.5.43.8001.exe

Filesize
995KB

MD5
cd2c5728051bcbf47b9b9af996d8b286

SHA1
a81890d85e5a09fafa443940edefcc574b824b88

SHA256
4a7099760ddde023991b1451f32aab66d640ca7357241d63275a99c7066d72be

SHA512
d02a2271a473685f47e2c9be857b58979204059180b7d5ab79c2010713b1108e8edea4221e79bf332217e5f76812d8d99a74f044951d43aeb0aed58d17e7d188

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\BlueStacks-Installer_2.5.43.8001.exe

Filesize
995KB

MD5
cd2c5728051bcbf47b9b9af996d8b286

SHA1
a81890d85e5a09fafa443940edefcc574b824b88

SHA256
4a7099760ddde023991b1451f32aab66d640ca7357241d63275a99c7066d72be

SHA512
d02a2271a473685f47e2c9be857b58979204059180b7d5ab79c2010713b1108e8edea4221e79bf332217e5f76812d8d99a74f044951d43aeb0aed58d17e7d188

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\BlueStacks-Installer_2.5.43.8001.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\Cursor.cur

Filesize
4KB

MD5
2d274883962409c27cca3f1a741e1114

SHA1
3fe9011420fa9ffb84d92bc38de077d4aee35b29

SHA256
e7d973bffd7c966b677f05b51f322679abdb5a9373cc4a2a2821c839bc56bbbe

SHA512
53dbc4bc749618b30bc851b34ce6082ba9ad73394505553b6b16344cc12ac85014b1ed3fc5640e6fc43b8acafa54024a8276bad621d04eba0458fcd2d41c93de

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\HD-Logger-Native.dll

Filesize
241KB

MD5
1576c9e7d1b926624be8443e2e79a675

SHA1
e79eaeee8ac112d05ff22935b8edc0200a860e06

SHA256
c09cb356a60eda016be02e6d42e1909df2c76e5523c105ee88fd111c93029f5d

SHA512
bf5dccabce47850420b9f830d83c4b0ceea7c617e30c3a3d36a1f4293bc48aabe6df8074778c8d22d83fbcf18017d24d6428ed1111411886a730e2b83caa3b60

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\MicroInstallerNative.exe

Filesize
235KB

MD5
bc581f12e98c150aa6a073f6b0954b54

SHA1
7e106a91b964a3d84215761c42da8d02c4326dee

SHA256
b5f6b416bbd2ed7a372f69d9711530515acdac508426bb10ff2fdc75acc608ab

SHA512
7b65054e1100b9ae1eb86703a542ebb0431c40a33b467698cbc746049a6f6c5b133a086f610c02ded77b5d8a9f82608e3bff99a44746a05d621c29daa6712139

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\MicroInstallerNative.exe

Filesize
235KB

MD5
bc581f12e98c150aa6a073f6b0954b54

SHA1
7e106a91b964a3d84215761c42da8d02c4326dee

SHA256
b5f6b416bbd2ed7a372f69d9711530515acdac508426bb10ff2fdc75acc608ab

SHA512
7b65054e1100b9ae1eb86703a542ebb0431c40a33b467698cbc746049a6f6c5b133a086f610c02ded77b5d8a9f82608e3bff99a44746a05d621c29daa6712139

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\Oem.cfg

Filesize
3KB

MD5
22a6300c56a9463ed2e7b4facb55fc1c

SHA1
1d057376e94b529a010fd51d99245949eaabd345

SHA256
7d187cba39b6927c2df2e03aa5f9ea757cc8b036584bacda6995de168a578cdc

SHA512
694c43105427c18bb7e298d5f5d102af1fccb6f86b08183a60dd0fa238b1152afa64b9b88dc85d30b2dc976a9fb62a5882428e911819f2f1b80ca5ad599da7c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\BluestacksGameManager\Assets\Em\Default\tool_close.png

Filesize
1KB

MD5
1d5c1eadf74e6c3043bf010373d08b72

SHA1
a93f798272318c5bf6c6195914228e6a6699edd3

SHA256
713e22ccc9dd0b42096ecfadb9b43cdb1cc71694da2c4d69c18d6c5ecd2defc3

SHA512
03477132cf26c2eb7ad86e9244c01eb492aeb5aa14ec23d84112a31eec6251e07373ff5d7bca339f2b53b04dfa1b0dc9403e5754c50a712deebe1a1a832a3b5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\BluestacksGameManager\Assets\Em\Default\tool_close_click.png

Filesize
1KB

MD5
7fa6c033651034b4cf3281917900c581

SHA1
58c8d707b27e3da4ac2d67048039be808d9d2c0a

SHA256
1d3534f89de59741993b3a8b840c8d4cb0d1184093deacae8924eb6049d5f15f

SHA512
32d847996207cd7227a3500c160067ecd19db8fa1f208f538af30cd3c636259c25d4e39e015a23bde54be4736137ca1577811c614b7350fd83503da2ed0e7b16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\BluestacksGameManager\Assets\Em\Default\tool_close_hover.png

Filesize
1KB

MD5
9ff025e3214b099ee687e111349a1383

SHA1
23cdf4b73b55ac91c27a28ae2d9b18d2b1382449

SHA256
ea92cd390048a54020ee42f433415d13f9a827f0f03a2d71b84abb94a7b46638

SHA512
a2f1e27f7677ed9ff91522dc955ccaebf8b1980f38a6457389f39b16a75825a94e2c09146040b20ccbf35e21e74e2fb742c366aefd324120e8aa745a2874dba3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\BluestacksGameManager\Assets\Em\Default\tool_minimize.png

Filesize
1KB

MD5
bbceafbb3ad558ef10487c7c20b36d6e

SHA1
314989ae01f8348a375b7de95af680cde7ec6cb3

SHA256
8ed90006e0a4db1efba3f31d3aedd84e79961c0a9419bfd5d411736ef8b2551c

SHA512
af6f8f6e1797828840ad3374da0e246a9d0d81fb5892f8c2aca5d27dfb11d60df507a4328a8781ddb317d582a5ba0031249d1c4cfb8cea98fa2777f84c45b173

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\BluestacksGameManager\Assets\Em\Default\tool_minimize_click.png

Filesize
795B

MD5
270f1c99677be18e51861e855b9af1e4

SHA1
bca6e29cb9c0365ab050b4df254ef03da22a0c19

SHA256
a70f5497efcae041e8397e51b00df89f3a6988c7bdc52661205d0b4351896da5

SHA512
aaeb38d2906c8ec56ce8f87721d2b18eb80f31df9086ff05bc93e91d7f9b83739e4cc297f84a2c68ebae146d9c89ca9cec4bb4b6506299accde36c3c46b12870

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\BluestacksGameManager\Assets\Em\Default\tool_minimize_hover.png

Filesize
801B

MD5
a1ec17825ba1ac007c9d3558e6c7db66

SHA1
18271fef2d1590a5fa58f1fa10d2a7a9b48ec253

SHA256
6ec517e51c453157e90b66d5488d8984e4ccb17d64c1a428115e3c736a3c9b3d

SHA512
d68d4146995125f8e8dd1003344fad65d95c772e4b0c47559d2b124850d3f558974d573d45306b35b4a55b2ba4d94cc4924d81e5b5485304241e8320d7fdf9fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\BluestacksGameManager\Assets\Toob\Default\Cursor.cur

Filesize
4KB

MD5
2d274883962409c27cca3f1a741e1114

SHA1
3fe9011420fa9ffb84d92bc38de077d4aee35b29

SHA256
e7d973bffd7c966b677f05b51f322679abdb5a9373cc4a2a2821c839bc56bbbe

SHA512
53dbc4bc749618b30bc851b34ce6082ba9ad73394505553b6b16344cc12ac85014b1ed3fc5640e6fc43b8acafa54024a8276bad621d04eba0458fcd2d41c93de

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\BluestacksGameManager\Assets\Toob\Default\checked.png

Filesize
1KB

MD5
3fbddf2752a84dbc9b933615ad6c6eaf

SHA1
c9490a84983fe6597431a4c40a5c6a2aa79d33a2

SHA256
e278ecd0a92dc52072cb2f50e634c4bb152881ade490173911a031b9587a58c1

SHA512
a00c19dcf7a48cbe2919f956c0d10082736c26ddda11af46db04a7db013b8c2cabb5ca9e48cf857611791656ef030a3c150ae0792b57ebf64b87859690227823

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\BluestacksGameManager\Assets\Toob\Default\unchecked.png

Filesize
1KB

MD5
26b863e961728690590033e99197ae38

SHA1
e291c7339db1a09d0788fd60aa355008777ab7f3

SHA256
c330a6245ee92258b969c3d16f12f160e589e8283bde523eee56ed53fc567b21

SHA512
d3414113e1df353f4f36230ebbbec6afa8d7d3e822c1cb1d1781607089817adac59ff0b00ed0272358f4fce33c3944248742c8ab5af703a10f311165f3594c28

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\BluestacksGameManager\OBS\plugins\CLRHostPlugin\CLRBrowserSourcePlugin\d3dcompiler_43.dll

Filesize
2.0MB

MD5
1c9b45e87528b8bb8cfa884ea0099a85

SHA1
98be17e1d324790a5b206e1ea1cc4e64fbe21240

SHA256
2f23182ec6f4889397ac4bf03d62536136c5bdba825c7d2c4ef08c827f3a8a1c

SHA512
b76d780810e8617b80331b4ad56e9c753652af2e55b66795f7a7d67d6afcec5ef00d120d9b2c64126309076d8169239a721ae8b34784b639b3a3e2bf50d6ee34

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\BluestacksGameManager\UserData\Home\filters\theme\com.nianticlabs.pokemongo\gotcha\assets\Supercell-magic-webfont.ttf

Filesize
69KB

MD5
041095d75b7382e8ca3c04320f515d2a

SHA1
60742d559eb5124ce1873e5e9ce5f40f11e07c50

SHA256
44f3cd1738b08bdb2f811da4d6af4244b871e1d3d29529c384eabf55e6c0e774

SHA512
689ebee55cc8d3d1c80227cc4c00d0d3a28f828ec10fb9328fb8fe36e78c6f9f0bbff8be28ec58333287200f5fd726f004aa9e331b6fe16141d7260e354b9f24

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\BluestacksGameManager\UserData\Home\filters\theme\com.nianticlabs.pokemongo\pika\assets\Pokemon_Hollow.ttf

Filesize
41KB

MD5
6e5393a64ca23c455e8568d409e82da6

SHA1
0d9951d3380b31319e2de9546dfd96a399b56f71

SHA256
91b3f10172a2b3a583b4bf510c52332bd7badee4d08160da9768b03e6a6189d2

SHA512
b21944eb0b7875f9a8b23f74337a3181f9f7f811eb425f7dbd25b4478db6743edc17439621acee5da9107b0fe5872e92bb41d8b40ca2d15e8739530be1e167ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\BluestacksGameManager\UserData\Home\filters\theme\com.nianticlabs.pokemongo\pika\assets\Pokemon_Solid.ttf

Filesize
24KB

MD5
36d26dbcd032a9d91d891c9f22dfdec6

SHA1
604b78675e244487f0efd80662ac5b899353b80e

SHA256
a8e23ded5f1942e735c6040c75b96a6cf90c8fcdda6b1ba1f87006d999203f6b

SHA512
a1ddf84e33b6becd6f3bbb99a766b4b3d8dbec54042b6c0a26a76ec42a0cc51c83c8fa0bae52dcac9f007cf98e87917c91cdf4574e1d4f73da9d1a50f49e0584

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\BluestacksGameManager\UserData\Home\filters\theme\com.nianticlabs.pokemongo\pika\assets\twitch_icon_seestream.png

Filesize
756B

MD5
c069f24b0c8b4f502e21f0eed1657c1c

SHA1
f69c031754d50d7116c326b71b79eae6917293d8

SHA256
52561adab7729bc05612223f5dc988dbe4f82f1e86c7de869111fda156c033b1

SHA512
c1f34ae929ff1ecd10cecfa11f8811ca86981da20efea1a4003c9b5686a34aecea7274d3ab803f58b9ec3c76b86e451345934cdbb281f7bba3104c75cb8367d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\BluestacksGameManager\UserData\Home\filters\theme\com.nianticlabs.pokemongo\pika\main.js

Filesize
12KB

MD5
98f31e4166044fcd44f647ac8b6ffc03

SHA1
b7d8fabaa7953e83295cbb9c6583e35a58118b91

SHA256
06db9dcf7efe94328b0dd3b82cb8790c9254daf84af7551fe1c38a57c8c7c701

SHA512
84ef3a8595276d9fd39526aee88394c21c68cd0679e07448779a1e0e9d1c617fd37dac972741b8f981ecfda6e5d6f7e91402af151b70b4c412f8fef12e8b9a76

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\BluestacksGameManager\UserData\Home\filters\theme\com.supercell.clashroyale\bonepit\assets\btv_logo.png

Filesize
152KB

MD5
b6962bbe3e48050dfed391fe9fd8c366

SHA1
d971d058b32d9bcc55fd84e3fa2be1fb077e250f

SHA256
80d3c4cf5377872b55c8559dd9e63123b14090f85949c7f18e39e1cec853097a

SHA512
b7e40de3634f6cdc3e66c76ebb44a29cec542b0d15633c7fa3dd7122defb22191db1188308b0774693fae02708e7315992fee167982d790be4ef925642169e8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\BluestacksGameManager\UserData\Home\filters\theme\com.supercell.clashroyale\bonepit\assets\scene.png

Filesize
1006KB

MD5
dfc678eefb0e876374ea3f1c445808c1

SHA1
2008b7d4d8582e650d300805e7233a718a65132e

SHA256
563023b5b5649f87c050c964b9a670faa9ef472334ecaa2c2aa764b3cf2fb641

SHA512
835482a2685448facbc276d39c01d1f1e571bd93d7d799f2e51b6f7c43f97e0b6f9a4fe8ee5b6bc68dc63cf9bddd9e72a483320247e1034fb0099269d1c66fe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\Locales\ProblemCategories\ReportProblemCategories.Json

Filesize
6KB

MD5
d6ade1984db694c7a9f04d6d8ba4fbf9

SHA1
52cd4096a35c0307500859d1143e8b1e16dfde18

SHA256
b129ee6df37dfc4a90329fe4c2d90b6e60fbec1d04b7faaa15c0f3c4b0e2e698

SHA512
15e953ff90927717f8f5227db921fff72d9c35fe63eaace095f19817ff86929f9eb21f3ce5f27940342971cb3ca8a5ee5b5bbe7d14dac4ba23a6ffc11d45b86c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\Locales\i18n.en-US.txt

Filesize
23KB

MD5
57528ee71616051f210f506c08ab7061

SHA1
b9ce883813c26fbfcb3bb3dfbfbabc718813c5ce

SHA256
c24e4a1ac5650d6c85656a03039cfe5ea8511d88bf8c66b2099ef6adc3978719

SHA512
cf92e1614aa4f3c8d52a771bc776453a3f8d6cf18626465a7ba78b28b05fa3060304286b34a07a2208164ecf4002c00b6af194ad1ea61916da19c6786d55b129

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\UserData\InputMapper\com.bigfishgames.google.mcfr2rgoogfull.cfg

Filesize
332B

MD5
574bc971e6e826ea299ed283f9bb0db8

SHA1
625caf23c6074803ef2a8d2767a9c5a8181df53f

SHA256
2ff35b65bdccf40c2f857cf3c37b54c9d61291394704f57291b25706ec7048d2

SHA512
f31a8504a28eaba3a4b821f3e79f05291d4fbc07e1d28be7a1e25bc2f8bb861221f5011e1d4724516658d3a9a4ec8e7db3c3fdb61228d9c9be4053f50ec5f202

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\UserData\InputMapper\com.chillingo.happydinos.android.rowgplay.cfg

Filesize
397B

MD5
7b0223945bedfbed64ba6a46f9b16167

SHA1
080007c82584f1ce82b98fb337ac56a3e8eb7f9d

SHA256
a6aef91ca6e42c477c3f2546c58a96c0f88146aa8692e01a4f1012d19867400b

SHA512
520e2cf292a4e5009cf63ce77838e0d28b92a36d74d5311899bfae9d5892eec4e89454aefc2558a7b1400b4ade96aa0d06d479762478505d6eb9ba92057b5d7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\UserData\InputMapper\com.floppy.cfg

Filesize
258B

MD5
3e7c01232bedee7ee3ba2e7b02faad23

SHA1
c1d01afbf10feffdf78cf144bc8d2737307b4f95

SHA256
47a21ffc5aee5d2f7301466fa43ec1424351c5aaeb95e50e4265d44a910c738b

SHA512
23b840f50d06c1398c313c691b58ba759735ae15199a20f9f82fb605fd566d9669288c7610c858b9be59b23f77c95bd95b0c882059dbd60305736b0a4fe25359

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\UserData\InputMapper\com.kulfun.cve.cfg

Filesize
414B

MD5
2ad8306b5edb036045cdb0b0c7483bab

SHA1
5bad0ab6b0c078eb1a5b03f3395ee77bbe269ac5

SHA256
4c9bf4390b21d043880f3a0d124914624c347650df8305a40ee8acea0cb5bd01

SHA512
ac84f721923da8931f09b6faa2309c0c432d271e3d27d3f51a68e9caeebedd4eea020bc7ceb24dd922c124dca65bb8abea8798a290757cc3b7fb3f8386b1677a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\UserData\InputMapper\com.ngcreativellc.wbbg.cfg

Filesize
552B

MD5
bbb15d8b2535252959634c350d14cdb0

SHA1
cefdd2e8b47cce0578e908b14bea4e0272e685bb

SHA256
607894fea039fa4c2a27c249ac8c72e5e3ba73349beeeb4669d71867ea337e66

SHA512
80310a71b5a116ba09da209c4836a07881cbd302fece9b51d05dd9b75c63a140587ba25ec33410b2a84c34d537c3f4b5c9364db3db15c58a848c82be206fad2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramData\UserData\InputMapper\com.zynga.swipeoutzombies.free.cfg

Filesize
173B

MD5
b54f0971f9acd1f2cc927467fc2457b1

SHA1
f1c9244122a52b3900c8c5f268f81838064c1f50

SHA256
fae4a93ad6d817b037dc26c592d6e192cb337f3aed1aaf8986a6fa098dc06306

SHA512
142a75342179ec74343110117bd6ecec954f1e1104914b1973cc066238a71a6c57d08bc3ee7ffa5594df98f619090e498f85978e46e4c10d63a5a75903a15ced

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramFiles\BlueStacksUninstaller.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramFiles\HD-Logger-Native.dll

Filesize
241KB

MD5
1576c9e7d1b926624be8443e2e79a675

SHA1
e79eaeee8ac112d05ff22935b8edc0200a860e06

SHA256
c09cb356a60eda016be02e6d42e1909df2c76e5523c105ee88fd111c93029f5d

SHA512
bf5dccabce47850420b9f830d83c4b0ceea7c617e30c3a3d36a1f4293bc48aabe6df8074778c8d22d83fbcf18017d24d6428ed1111411886a730e2b83caa3b60

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramFiles\HD-ShortcutHandler.dll

Filesize
125KB

MD5
209e77b259c79b1ef2792f87a72736a9

SHA1
f557a110e269fc2f3d63d100d3c7d2d73cc8eacd

SHA256
e8145b529c81db68b3ea92a690f27436b0ce6b1867feb9ecbb583fe502350d6f

SHA512
e2ace07d88d3af23f836a5a19bdfb81d948f0490b8c452161032887eef34a8c846f2e79c1fd0a62dc7fbf90f05232b54fd875bf2f30d551d7a7384b4bd1c4448

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramFiles\ProductLogo.ico

Filesize
344KB

MD5
63251c717d9bc1e5fc6370671f38eedc

SHA1
887b3e52ee48f304bc8626a7b296e4b163379c64

SHA256
5947201ed9206281d8e6e8b46bf562c78d3c9ee1dd74c0792df18eacad04eae6

SHA512
2ce0f02da6fe4f921755c8090c6df216515d2de97723b5b62555beffa9b1e0f0298bb03bcbf68b775953b0f3f716f33915773237bd099daeedadefc32060a64b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\ProgramFiles\ProductLogo.png

Filesize
22KB

MD5
d65ee34cf5ae842b0c12a41e759f2487

SHA1
25933291b356c4c724e5e9a2ce65f370f0222971

SHA256
102bcbec514992ad8135c2be6d09e2f7385e3635f52fa4e64f4888869975b458

SHA512
95f91316459de0f5b49d1982695db40cf36316445798f8fd2d58bb2d751fee4500c9cafa6fab69a8a9af809281c2632a185f58662f9a73b155eb236109405e53

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\button.png

Filesize
1KB

MD5
ee48470d6089ebb4c24e5ce7bdd2d83c

SHA1
f71aaa2b599d0af9f3895932d3f4c2227c168a19

SHA256
72a61661c91f615f1d89701e9266558745f19c6f99fdadd369de0dceee280b18

SHA512
fa083effc2fe7d92421288f5f15d1e2afd716dae1701234af7e9f5c13caa986cc6331e4f0e2a4e2f915c4d5a0135223eee4a90f5e374fb7f03adf7a4e52d6095

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\checked.png

Filesize
1KB

MD5
3fbddf2752a84dbc9b933615ad6c6eaf

SHA1
c9490a84983fe6597431a4c40a5c6a2aa79d33a2

SHA256
e278ecd0a92dc52072cb2f50e634c4bb152881ade490173911a031b9587a58c1

SHA512
a00c19dcf7a48cbe2919f956c0d10082736c26ddda11af46db04a7db013b8c2cabb5ca9e48cf857611791656ef030a3c150ae0792b57ebf64b87859690227823

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\goback.png

Filesize
744B

MD5
84436e3e574bce9211064dfa3b32ccb8

SHA1
0ce7e1a51e15d79b100abcf0dcae61b774aa7513

SHA256
21a8b73daa3da32be4512844b94264896e4a136c2d7b4dd20e45237e5e5b0092

SHA512
a4584da3b720a6d3bcc601080a21f61ff8b289f8a5584fb748442ed5e35440e286100d93f9afd1ac2886b92c4d776435726594dfed51cf45fc477fe46b03bba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\logo.png

Filesize
3KB

MD5
a229c6abf84e644f77b4837863b0e6e0

SHA1
c7a996c7b5fce8269f903a0349adcaa574f973e6

SHA256
5be691fad91c630405b21dfe9f1ff5cbee67e6011ed544fd920f5b22d9a3876f

SHA512
fc6a686f5f4b9a5aa2999edf5ff4f35ef187eef8e76e4e5c5ba02fa695437cfcc809af09442a8410d3def9f7237c81332b0ea9f8c0bf3a1b15ce4104af2c029d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\mainImage.png

Filesize
87KB

MD5
9d500ca91f302355f1056e405eeccdc1

SHA1
2c314cee0c195ccba8a232f488cc0e20251b0db8

SHA256
a5959022c09c6085ad808ed92b7f53416eb33490991789ecf79ca18086241fa1

SHA512
35f218240487a46107b6676c4b5af266967f6677c9d99a5b3c808f8e8b3b56fec53ddb882ab4c04ec2c410b5ef5b5c9e7768adf0be73837c4a333f1efb1cc6bc

Download Submit
\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\BlueStacks-Installer_2.5.43.8001.exe

Filesize
995KB

MD5
cd2c5728051bcbf47b9b9af996d8b286

SHA1
a81890d85e5a09fafa443940edefcc574b824b88

SHA256
4a7099760ddde023991b1451f32aab66d640ca7357241d63275a99c7066d72be

SHA512
d02a2271a473685f47e2c9be857b58979204059180b7d5ab79c2010713b1108e8edea4221e79bf332217e5f76812d8d99a74f044951d43aeb0aed58d17e7d188

Download Submit
\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\BlueStacks-Installer_2.5.43.8001.exe

Filesize
995KB

MD5
cd2c5728051bcbf47b9b9af996d8b286

SHA1
a81890d85e5a09fafa443940edefcc574b824b88

SHA256
4a7099760ddde023991b1451f32aab66d640ca7357241d63275a99c7066d72be

SHA512
d02a2271a473685f47e2c9be857b58979204059180b7d5ab79c2010713b1108e8edea4221e79bf332217e5f76812d8d99a74f044951d43aeb0aed58d17e7d188

Download Submit
\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\BlueStacks-Installer_2.5.43.8001.exe

Filesize
995KB

MD5
cd2c5728051bcbf47b9b9af996d8b286

SHA1
a81890d85e5a09fafa443940edefcc574b824b88

SHA256
4a7099760ddde023991b1451f32aab66d640ca7357241d63275a99c7066d72be

SHA512
d02a2271a473685f47e2c9be857b58979204059180b7d5ab79c2010713b1108e8edea4221e79bf332217e5f76812d8d99a74f044951d43aeb0aed58d17e7d188

Download Submit
\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\BlueStacks-Installer_2.5.43.8001.exe

Filesize
995KB

MD5
cd2c5728051bcbf47b9b9af996d8b286

SHA1
a81890d85e5a09fafa443940edefcc574b824b88

SHA256
4a7099760ddde023991b1451f32aab66d640ca7357241d63275a99c7066d72be

SHA512
d02a2271a473685f47e2c9be857b58979204059180b7d5ab79c2010713b1108e8edea4221e79bf332217e5f76812d8d99a74f044951d43aeb0aed58d17e7d188

Download Submit
\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\HD-Logger-Native.dll

Filesize
241KB

MD5
1576c9e7d1b926624be8443e2e79a675

SHA1
e79eaeee8ac112d05ff22935b8edc0200a860e06

SHA256
c09cb356a60eda016be02e6d42e1909df2c76e5523c105ee88fd111c93029f5d

SHA512
bf5dccabce47850420b9f830d83c4b0ceea7c617e30c3a3d36a1f4293bc48aabe6df8074778c8d22d83fbcf18017d24d6428ed1111411886a730e2b83caa3b60

Download Submit
\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\MicroInstallerNative.exe

Filesize
235KB

MD5
bc581f12e98c150aa6a073f6b0954b54

SHA1
7e106a91b964a3d84215761c42da8d02c4326dee

SHA256
b5f6b416bbd2ed7a372f69d9711530515acdac508426bb10ff2fdc75acc608ab

SHA512
7b65054e1100b9ae1eb86703a542ebb0431c40a33b467698cbc746049a6f6c5b133a086f610c02ded77b5d8a9f82608e3bff99a44746a05d621c29daa6712139

Download Submit
\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\MicroInstallerNative.exe

Filesize
235KB

MD5
bc581f12e98c150aa6a073f6b0954b54

SHA1
7e106a91b964a3d84215761c42da8d02c4326dee

SHA256
b5f6b416bbd2ed7a372f69d9711530515acdac508426bb10ff2fdc75acc608ab

SHA512
7b65054e1100b9ae1eb86703a542ebb0431c40a33b467698cbc746049a6f6c5b133a086f610c02ded77b5d8a9f82608e3bff99a44746a05d621c29daa6712139

Download Submit
\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\MicroInstallerNative.exe

Filesize
235KB

MD5
bc581f12e98c150aa6a073f6b0954b54

SHA1
7e106a91b964a3d84215761c42da8d02c4326dee

SHA256
b5f6b416bbd2ed7a372f69d9711530515acdac508426bb10ff2fdc75acc608ab

SHA512
7b65054e1100b9ae1eb86703a542ebb0431c40a33b467698cbc746049a6f6c5b133a086f610c02ded77b5d8a9f82608e3bff99a44746a05d621c29daa6712139

Download Submit
\Users\Admin\AppData\Local\Temp\7zS45C8.tmp\MicroInstallerNative.exe

Filesize
235KB

MD5
bc581f12e98c150aa6a073f6b0954b54

SHA1
7e106a91b964a3d84215761c42da8d02c4326dee

SHA256
b5f6b416bbd2ed7a372f69d9711530515acdac508426bb10ff2fdc75acc608ab

SHA512
7b65054e1100b9ae1eb86703a542ebb0431c40a33b467698cbc746049a6f6c5b133a086f610c02ded77b5d8a9f82608e3bff99a44746a05d621c29daa6712139

Download Submit
memory/1152-7563-0x0000000004980000-0x00000000049C0000-memory.dmp

Filesize
256KB

Download
memory/1152-7554-0x0000000000060000-0x000000000015A000-memory.dmp

Filesize
1000KB

Download
memory/1152-7569-0x0000000004980000-0x00000000049C0000-memory.dmp

Filesize
256KB

Download
memory/1152-7570-0x0000000004980000-0x00000000049C0000-memory.dmp

Filesize
256KB

Download
memory/1152-7571-0x0000000004980000-0x00000000049C0000-memory.dmp

Filesize
256KB

Download