328cc1ada1bc88ecf8ffa10525069123ac5b027121326fc51aaf6798f09636c5

Resubmissions

10-07-2023 07:24

230710-h8s42shb68 8

10-07-2023 07:18

230710-h5fdsahb56 8

10-07-2023 07:14

230710-h2x5eshb49 8

Analysis

max time kernel
31s
max time network
143s
platform
windows7_x64
resource
win7-20230705-en
resource tags

arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system
submitted
10-07-2023 07:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlueStacksInstaller_5.12.105.1006_native_e873a0c9e8bece18687d4057ffbcafc9_MDs1.exe
Size

897KB
MD5

f7e5464eb87a09f9831e5154512004b6
SHA1

04a35bfd2bd2dd96da428df3de78d5d22fe30271
SHA256

328cc1ada1bc88ecf8ffa10525069123ac5b027121326fc51aaf6798f09636c5
SHA512

500795616e448b34b3d608d4dd897a35891eda5f85d3ce189d7a58245a903ef177a81ee01e7a35052504fb5d3bc8a7935ecf20a6e2f453f72f1567b3b0e158d5
SSDEEP

12288:GivtCXQd0gjKX7zuqGKhFGPDy1xBVG2xsvNdeuCad2YteFph8iMeKMD7pY4JqG76:GivtCXWeGKhFGCG2xs6eQGGpTlNbJq6i

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2036	BlueStacksInstaller.exe
2872	HD-CheckCpu.exe
2420	HD-CheckCpu.exe

Loads dropped DLL 4 IoCs

pid	Process
3012	BlueStacksInstaller_5.12.105.1006_native_e873a0c9e8bece18687d4057ffbcafc9_MDs1.exe
3012	BlueStacksInstaller_5.12.105.1006_native_e873a0c9e8bece18687d4057ffbcafc9_MDs1.exe
3012	BlueStacksInstaller_5.12.105.1006_native_e873a0c9e8bece18687d4057ffbcafc9_MDs1.exe
3012	BlueStacksInstaller_5.12.105.1006_native_e873a0c9e8bece18687d4057ffbcafc9_MDs1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2036	BlueStacksInstaller.exe
2036	BlueStacksInstaller.exe
2036	BlueStacksInstaller.exe
2036	BlueStacksInstaller.exe
2036	BlueStacksInstaller.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2036	BlueStacksInstaller.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2036	3012	BlueStacksInstaller_5.12.105.1006_native_e873a0c9e8bece18687d4057ffbcafc9_MDs1.exe	27
PID 3012 wrote to memory of 2036	3012	BlueStacksInstaller_5.12.105.1006_native_e873a0c9e8bece18687d4057ffbcafc9_MDs1.exe	27
PID 3012 wrote to memory of 2036	3012	BlueStacksInstaller_5.12.105.1006_native_e873a0c9e8bece18687d4057ffbcafc9_MDs1.exe	27
PID 3012 wrote to memory of 2036	3012	BlueStacksInstaller_5.12.105.1006_native_e873a0c9e8bece18687d4057ffbcafc9_MDs1.exe	27
PID 2036 wrote to memory of 2872	2036	BlueStacksInstaller.exe	28
PID 2036 wrote to memory of 2872	2036	BlueStacksInstaller.exe	28
PID 2036 wrote to memory of 2872	2036	BlueStacksInstaller.exe	28
PID 2036 wrote to memory of 2872	2036	BlueStacksInstaller.exe	28
PID 2036 wrote to memory of 2420	2036	BlueStacksInstaller.exe	30
PID 2036 wrote to memory of 2420	2036	BlueStacksInstaller.exe	30
PID 2036 wrote to memory of 2420	2036	BlueStacksInstaller.exe	30
PID 2036 wrote to memory of 2420	2036	BlueStacksInstaller.exe	30

C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_5.12.105.1006_native_e873a0c9e8bece18687d4057ffbcafc9_MDs1.exe
"C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_5.12.105.1006_native_e873a0c9e8bece18687d4057ffbcafc9_MDs1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\BlueStacksInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\BlueStacksInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2036
- - C:\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\HD-CheckCpu.exe" --cmd checkHypervEnabled
    3⤵
    - Executes dropped EXE
    PID:2872
- - C:\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\HD-CheckCpu.exe" --cmd checkSSE4
    3⤵
    - Executes dropped EXE
    PID:2420

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d82cd7af6d2cb2c90203f65a21453fa

SHA1
cd1fb8961c4f84685e55910c5bdff82ea7e6946d

SHA256
edce9a4dd9fc2624b2e9f81e9a0ddc385a42c66138f44cccd28170cf9c335441

SHA512
510fa3c1fe324c3e0a92c90a33fecb47e3eb5d39398a5d6b173200f8959594da376ded552fd99efc2713ca5968ff29f9c2c7aedad8b54666a2ee6c92bc1d2bd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
414238b695457b25b44a6840809ab027

SHA1
484f23364c07e4347c52079a816a2ffe78a02b82

SHA256
6f81d93458e5276311c37c6ba108c1b76fa62f086108fe4a75ed70b8821e7728

SHA512
3401d660b11c6597165accf30f51c16e637f5dfa46a1a47c0a50158826b0f59338a4e0a0de6f0c8a369d89ff78a4e6c2209c4ff4fa7836f4861182ae8e033742

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a0f1885290e89c1880c1cd89e4ecd56

SHA1
4efb321865f100621ee2dbbb4c854386e3c535c7

SHA256
889ba3a01149c13209be265b0ba6229d6751441cdc905539ed851ef7e48926b8

SHA512
4549a1dee4b2b3430d62bbf43261fa066611160a9b6e5d2279369bb1ac266d797c0f5be35b7beed7dce4b7f902770d180fc46af501b214d03698217a37d672de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df45e56baf731924fc56d78ce02cb272

SHA1
d9763973765e1074a53674e0341b9c95459dcd63

SHA256
c742bbaca4565de226f979378273cc6ffc571bed30d80de9ad55abd6907f22ee

SHA512
e655b042ec9a17b8b30432b77b3679d1fd3d7b593f3d30d3d04e24b23b1303ce64d6269831e56722a2f2d97efb8d8d99894a0394baf7f11983b7ea01fc08fdb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef59eee5110c5bcd8394700ea1c2abf4

SHA1
aaef63261461df84d66ba691e56bd586ce16bf39

SHA256
1e13ac41827994beff9854b4e4214efe061dd756e4bb1912a83e994247f0c6f7

SHA512
231b63862f07c38b91f96e74612beb618189bfa9c568895238d8f97bf61f0d9011a69039b7017d893c0f16da8e542094c56daa1a34fe9c0676e61a50f5357428

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c25b068ef40610da0bd1acbf9b42e96

SHA1
a20f975e1dbc4b3a8953f2597e2967f1cd8eef34

SHA256
35d280477f820c5055b01b83446e4c941f5a5f41e9853321489191cb394b2c2f

SHA512
05ef82c6771711028c53a7386beccc64de42bdaa74e060442a850f77ceb46c3f71592589abea9076ed259d55ec888489de5ce0abe710fd559b25748cff9f9095

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a39d4da9a4e852d2186df7c980a8c403

SHA1
947d18ea93169a1f336ae9196db71f6068992f58

SHA256
ad7fed758d761ac4e1b75a296229709522aca34cb43e216ccf6708dedb002c3a

SHA512
f4c297ecd296742f86a321e3881b7fc3ec80f3efacca3884577cad7e301f4d4068ba4b959f38935d67f30bf0ca296315b528cf6d9302193df308d622619bb7d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce9d40d366284ca46800ebe3b1d9214c

SHA1
3a9c21b45b419fc655de46f5b3dd9a3922f1903a

SHA256
a9b0f74b55ce49f9b298e0930c9d90abcb002f59cb5f1a5bc9f588e01d416352

SHA512
290f78b64007d9a0b9433ab718c707178b6daef34d8c5c9b9053a0af3808c4227d0ca0025ae47941a051c608db3cb46ec3128885a16e73b0cb60d437ef45578e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b76ffba635ab5c7e6c75e7bba9d5cf3

SHA1
ef88c9a973ca22b0312806909d842fb864abad9e

SHA256
21f4580fc09e0b6bf96ff7b86d15f3baaa9c460852b920ea86802cb3b74f3eeb

SHA512
95b5b65a87aef320155930903b5762edaf906ff88d14d0dba6b37043f02b0847b8b4c0db0e87b70203266818cc3b5b0a584973aaf018152c642f2b0e785269ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e23650a82101997ecacd31a1f9c82adf

SHA1
c9156617dfb740a068b0c1fb30e4a7a7bb190538

SHA256
510ac48e1a6ea4cfd7e1822084b9a3fd4dc61e7f8c7c29701f26426b777e0014

SHA512
ddd774f0b95fc57f1c02e3ddfa50813c7199e2cc216c1556cdbd97489d6e4bc60518ca5a147a062a0b44372e4cf88197fd7a0674571b9f92f55e003a0ae9bad0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aece66325e36a91ddb4b961433c8b0dc

SHA1
2c1723f8c66762b519ae9c3d8dda7d52c89b7d89

SHA256
096a20754659356c726d0b92f40419bbed71555f13d635a5548d0ca5ac3c0754

SHA512
6ec8dda5c4c8c5dc6ddf0abc715cc521e172119f0b2054f621c21a7314338fa9b42b270bcabed51707d8d32b3fa50119e6801b8f2a66cab58cf60a5912890833

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e963b31a273877ed29478fc0b2cba1d

SHA1
a331d40024acb45ac6b93b7854ab27124635c234

SHA256
837590dd6b50f513239d0af3bc54af869a282ef8d7a8b0aafbb716fe7ed4572a

SHA512
911088d2b27e482d8ba68b8fa2c27d5f94350716b05a0fcde150f3db8755ae561d6abf42896e1dfa543fa6daff35759d144f304490b851afef80b4b165405e75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1672f3e87a2e4a81f401491788e8c383

SHA1
74cfd110b60f95a0cb16fe21ef97a9f673627c1a

SHA256
af92d92ccfaea36ec891afc0b093e5810cd46c138afe170aa3d0459c0e772763

SHA512
2922ca9ba9dcc046fb0904e4fe051a8d6116aa9c695ee524832cdc4d37efcca6322e532a3bfbf0d0c53c4b318c5b549dc04ff0ef285760033a5d720f171f87cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c9493a9796a4ebbd2f44e6362606bb4

SHA1
4cd370833d9fdc26eeab7c38838859d25b3c874b

SHA256
2924a64d88d68bfc3d8b2a4d1b6257b5fae4e09a846e9ac285b677a5c6eca27a

SHA512
0ff80acd49f12c9a103500f9e7ddd442f86fc8f1dd9e8ea9c7538314ac6c1e5e973888b63e38a36ba2ceb34b8f066be278451fbe9b57182153225687289a5d75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24a03201e31ba7bd16e0361575890808

SHA1
d79eadce7b0061903ea3057b2be0c2d83f53bc7c

SHA256
aa1fd2c45d886d6b6be2798647b1c430221533ac1cbab94a95aeed1c36875479

SHA512
773ad716341d958786ce3cdd80560e36d6a5668f703124364f1f15706e9f0da09a423676c28d4ce9dc124fc2ddde3751dbf4bf9903314508cc4d621b916bac8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9a45d05acfb56ec87630def02422894

SHA1
cc0646a307938de396be899d04aa83d5a7edd5dd

SHA256
dfaccf1db2e78a1a139ccc0de5971ca6f3ab1e3f051695a2ff0232c4b9d88e52

SHA512
d6dc42233abdd43fa7f5bbf43996bda72891fa58fc7d8243e62021e207ad0327d2605ffd549eef147bc7a16b4158abc9df0b590db4dee71d6f2cf017ba73ee71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8bdb50c170ce4442fbfb40d57ae69b77

SHA1
54d360abd7fbe0e733be05295c2ae34726d6f8d1

SHA256
564c294a821d4a7597a9347af682cf7abcea3612f45261d8fdd1e15b6e26c10b

SHA512
02452f5b5f99137d6874397a7004f4b9d4f94be14ec980cfeb2e61b399a03c3265d189e790214760d1df683031dd8e42a4d18021e4a4e01d5966fe2df4647e38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d46ebf68d187845dd8c5a93aea495d2

SHA1
0f155dcefc2edb73d89e256a93633ff2992c2676

SHA256
d80bd7980ddfa4f50b6865460e594ab0a40ff81f58955d6c7e58f893bc47d001

SHA512
170d423bff75191481d69e7d4d0f3634a767ccf8e6fe74092846b03ee66432c31d053c202aaeafb5b8b8ff210da1e3afda661d0d92a81e3e06c7d999ed356804

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\Assets\exit_close.png

Filesize
670B

MD5
26eb04b9e0105a7b121ea9c6601bbf2a

SHA1
efc08370d90c8173df8d8c4b122d2bb64c07ccd8

SHA256
7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

SHA512
9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\Assets\loader.png

Filesize
279B

MD5
03903fd42ed2ee3cb014f0f3b410bcb4

SHA1
762a95240607fe8a304867a46bc2d677f494f5c2

SHA256
076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1

SHA512
8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\Assets\minimize_progress.png

Filesize
212B

MD5
1504b80f2a6f2d3fefc305da54a2a6c2

SHA1
432a9d89ebc2f693836d3c2f0743ea5d2077848d

SHA256
2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

SHA512
675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\BlueStacksInstaller.exe

Filesize
604KB

MD5
8fb32dffe84b6282e1e67296c4380510

SHA1
7dc43dbb76df9c681b4c9e331c0f1377505104bf

SHA256
c4fa55342169789e601314813369c8ad49c802d32d0ab9c7e343bdc4e13d8a63

SHA512
d1437fe1e459b7f84f40628b5d5c902ab9b7a86f517935f225a114dcc106ff9ebba82f5ef78fc249422a73a38ed7aefbacaefca31a613accd8c2a97c4754ca96

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\BlueStacksInstaller.exe

Filesize
604KB

MD5
8fb32dffe84b6282e1e67296c4380510

SHA1
7dc43dbb76df9c681b4c9e331c0f1377505104bf

SHA256
c4fa55342169789e601314813369c8ad49c802d32d0ab9c7e343bdc4e13d8a63

SHA512
d1437fe1e459b7f84f40628b5d5c902ab9b7a86f517935f225a114dcc106ff9ebba82f5ef78fc249422a73a38ed7aefbacaefca31a613accd8c2a97c4754ca96

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\BlueStacksInstaller.exe

Filesize
604KB

MD5
8fb32dffe84b6282e1e67296c4380510

SHA1
7dc43dbb76df9c681b4c9e331c0f1377505104bf

SHA256
c4fa55342169789e601314813369c8ad49c802d32d0ab9c7e343bdc4e13d8a63

SHA512
d1437fe1e459b7f84f40628b5d5c902ab9b7a86f517935f225a114dcc106ff9ebba82f5ef78fc249422a73a38ed7aefbacaefca31a613accd8c2a97c4754ca96

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\BlueStacksInstaller.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\JSON.dll

Filesize
411KB

MD5
f5fd966e29f5c359f78cb61a571d1be4

SHA1
a55e7ed593b4bc7a77586da0f1223cfd9d51a233

SHA256
d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

SHA512
d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\Locales\i18n.en-US.txt

Filesize
18KB

MD5
2e67781c074a702af42f2c2259a9e94d

SHA1
c40ec186835abd9e8cd1976b0005e57e17c672f2

SHA256
858f09be7e462198c0e77b2b84de544158789f53eff200be78eab70a6acadd1a

SHA512
4adbf7cb6f1621ed1d3904beaad55eb5229475c9007c7ba41720d9dcc9b3f63c849b9a5cd9aaf86c5a063693b80c1b39fdf41eb2b026f35cd15a5d92d5ce843a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\ThemeFile

Filesize
80KB

MD5
c3e6bab4f92ee40b9453821136878993

SHA1
94493a6b3dfb3135e5775b7d3be227659856fbc4

SHA256
de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6

SHA512
a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBC31.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBCEF.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\BlueStacksInstaller.exe

Filesize
604KB

MD5
8fb32dffe84b6282e1e67296c4380510

SHA1
7dc43dbb76df9c681b4c9e331c0f1377505104bf

SHA256
c4fa55342169789e601314813369c8ad49c802d32d0ab9c7e343bdc4e13d8a63

SHA512
d1437fe1e459b7f84f40628b5d5c902ab9b7a86f517935f225a114dcc106ff9ebba82f5ef78fc249422a73a38ed7aefbacaefca31a613accd8c2a97c4754ca96

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\BlueStacksInstaller.exe

Filesize
604KB

MD5
8fb32dffe84b6282e1e67296c4380510

SHA1
7dc43dbb76df9c681b4c9e331c0f1377505104bf

SHA256
c4fa55342169789e601314813369c8ad49c802d32d0ab9c7e343bdc4e13d8a63

SHA512
d1437fe1e459b7f84f40628b5d5c902ab9b7a86f517935f225a114dcc106ff9ebba82f5ef78fc249422a73a38ed7aefbacaefca31a613accd8c2a97c4754ca96

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\BlueStacksInstaller.exe

Filesize
604KB

MD5
8fb32dffe84b6282e1e67296c4380510

SHA1
7dc43dbb76df9c681b4c9e331c0f1377505104bf

SHA256
c4fa55342169789e601314813369c8ad49c802d32d0ab9c7e343bdc4e13d8a63

SHA512
d1437fe1e459b7f84f40628b5d5c902ab9b7a86f517935f225a114dcc106ff9ebba82f5ef78fc249422a73a38ed7aefbacaefca31a613accd8c2a97c4754ca96

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4CB13FBD\BlueStacksInstaller.exe

Filesize
604KB

MD5
8fb32dffe84b6282e1e67296c4380510

SHA1
7dc43dbb76df9c681b4c9e331c0f1377505104bf

SHA256
c4fa55342169789e601314813369c8ad49c802d32d0ab9c7e343bdc4e13d8a63

SHA512
d1437fe1e459b7f84f40628b5d5c902ab9b7a86f517935f225a114dcc106ff9ebba82f5ef78fc249422a73a38ed7aefbacaefca31a613accd8c2a97c4754ca96

Download Submit
memory/2036-174-0x0000000000470000-0x00000000004D8000-memory.dmp

Filesize
416KB

Download
memory/2036-778-0x0000000002140000-0x0000000002141000-memory.dmp

Filesize
4KB

Download
memory/2036-378-0x0000000000430000-0x000000000043A000-memory.dmp

Filesize
40KB

Download
memory/2036-370-0x000000001A970000-0x000000001A9F0000-memory.dmp

Filesize
512KB

Download
memory/2036-1113-0x000000001A970000-0x000000001A9F0000-memory.dmp

Filesize
512KB

Download
memory/2036-172-0x00000000009A0000-0x0000000000A3A000-memory.dmp

Filesize
616KB

Download
memory/2036-175-0x000000001A970000-0x000000001A9F0000-memory.dmp

Filesize
512KB

Download
memory/2036-1215-0x000000001A970000-0x000000001A9F0000-memory.dmp

Filesize
512KB

Download
memory/2036-1216-0x0000000000430000-0x000000000043A000-memory.dmp

Filesize
40KB

Download