44caliber | faeb588f777f567d3990e76a941cf406dc11f7079764325ebfee78cd7ffede29

Analysis

max time kernel
119s
max time network
140s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
24-09-2023 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlueStacksXsetup.exe
Size

1.1MB
MD5

6df424c55004064f017e0b39a2253448
SHA1

30182c240002c1bcfedb0d3b44b0e2c57a13a2db
SHA256

faeb588f777f567d3990e76a941cf406dc11f7079764325ebfee78cd7ffede29
SHA512

a09d3f7f9d173b176ad15e9ef94571dfac6783b6786258b300ff0ab83fcf16100c1ffbf1153648d9ff3de7b13bb967b59794f921f21285028be98411bd9e607f
SSDEEP

24576:+b69qHDABLqjL1M0HpccZoW6eq/oF5HPGys:5AtX60HpccGWRqwvGN

Score

10^/10

44caliber spyware stealer

Malware Config

Extracted

Family

44caliber

https://discord.com/api/webhooks/1155120137612034188/cdy5wHbWmzOOyiX6nZbn5OlBuBidB8er7f1281hl7JRUP1iVFGnh9s57SwGqJtsdtgrx

Signatures

44Caliber
An open source infostealer written in C#.
stealer 44caliber

Executes dropped EXE 5 IoCs

pid	Process
2424	BlueStacks.exe
2312	Yandex.exe
2552	BlueStacksInstaller.exe
1028	HD-CheckCpu.exe
1976	HD-CheckCpu.exe

Loads dropped DLL 12 IoCs

pid	Process
1964	BlueStacksXsetup.exe
1964	BlueStacksXsetup.exe
1964	BlueStacksXsetup.exe
1964	BlueStacksXsetup.exe
1964	BlueStacksXsetup.exe
1964	BlueStacksXsetup.exe
1964	BlueStacksXsetup.exe
1964	BlueStacksXsetup.exe
2424	BlueStacks.exe
2424	BlueStacks.exe
2424	BlueStacks.exe
2424	BlueStacks.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
2	freegeoip.app
3	freegeoip.app

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	Yandex.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	Yandex.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
2312	Yandex.exe
2312	Yandex.exe
2312	Yandex.exe
2552	BlueStacksInstaller.exe
2312	Yandex.exe
2552	BlueStacksInstaller.exe
2552	BlueStacksInstaller.exe
2552	BlueStacksInstaller.exe
2552	BlueStacksInstaller.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2312	Yandex.exe
Token: SeDebugPrivilege	2552	BlueStacksInstaller.exe

Suspicious use of WriteProcessMemory 23 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 2424	1964	BlueStacksXsetup.exe	28
PID 1964 wrote to memory of 2424	1964	BlueStacksXsetup.exe	28
PID 1964 wrote to memory of 2424	1964	BlueStacksXsetup.exe	28
PID 1964 wrote to memory of 2424	1964	BlueStacksXsetup.exe	28
PID 1964 wrote to memory of 2424	1964	BlueStacksXsetup.exe	28
PID 1964 wrote to memory of 2424	1964	BlueStacksXsetup.exe	28
PID 1964 wrote to memory of 2424	1964	BlueStacksXsetup.exe	28
PID 1964 wrote to memory of 2312	1964	BlueStacksXsetup.exe	29
PID 1964 wrote to memory of 2312	1964	BlueStacksXsetup.exe	29
PID 1964 wrote to memory of 2312	1964	BlueStacksXsetup.exe	29
PID 1964 wrote to memory of 2312	1964	BlueStacksXsetup.exe	29
PID 2424 wrote to memory of 2552	2424	BlueStacks.exe	30
PID 2424 wrote to memory of 2552	2424	BlueStacks.exe	30
PID 2424 wrote to memory of 2552	2424	BlueStacks.exe	30
PID 2424 wrote to memory of 2552	2424	BlueStacks.exe	30
PID 2552 wrote to memory of 1028	2552	BlueStacksInstaller.exe	32
PID 2552 wrote to memory of 1028	2552	BlueStacksInstaller.exe	32
PID 2552 wrote to memory of 1028	2552	BlueStacksInstaller.exe	32
PID 2552 wrote to memory of 1028	2552	BlueStacksInstaller.exe	32
PID 2552 wrote to memory of 1976	2552	BlueStacksInstaller.exe	34
PID 2552 wrote to memory of 1976	2552	BlueStacksInstaller.exe	34
PID 2552 wrote to memory of 1976	2552	BlueStacksInstaller.exe	34
PID 2552 wrote to memory of 1976	2552	BlueStacksInstaller.exe	34

C:\Users\Admin\AppData\Local\Temp\BlueStacksXsetup.exe
"C:\Users\Admin\AppData\Local\Temp\BlueStacksXsetup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Users\Admin\AppData\Local\Temp\BlueStacks.exe
  "C:\Users\Admin\AppData\Local\Temp\BlueStacks.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2424
- - C:\Users\Admin\AppData\Local\Temp\7zS879CB466\BlueStacksInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS879CB466\BlueStacksInstaller.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\7zS879CB466\HD-CheckCpu.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS879CB466\HD-CheckCpu.exe" --cmd checkHypervEnabled
      4⤵
      Executes dropped EXE
      PID:1028
  - - C:\Users\Admin\AppData\Local\Temp\7zS879CB466\HD-CheckCpu.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS879CB466\HD-CheckCpu.exe" --cmd checkSSE4
      4⤵
      Executes dropped EXE
      PID:1976
- C:\Users\Admin\AppData\Local\Temp\Yandex.exe
  "C:\Users\Admin\AppData\Local\Temp\Yandex.exe"
  2⤵
  - Executes dropped EXE
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0137a5fa0b94d7cf0431237b1549aa4c

SHA1
30b213650678b91289ec8ce63ce2190482fda112

SHA256
3e4a4d9dbe17f4e8807bc9bbff9a811ede1ad3097517ebcfb8b4b761e9146633

SHA512
175df4b1f186c2c228a8a18b03bb68adec0f51fb7dbc2f45acd6fd1b701f8fcbcd5e509406dacdb810d3a9ff76063ac56a851d6462c4d756d03a853659bfe509

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0722b594c14fc4a73dba869662f9a342

SHA1
7a4e76bed258968e40810430720c6f7a7273b033

SHA256
1218b68a370e51423ac9427ab63c8fca35bd1c86890a5c555327aed8e2b6e4aa

SHA512
67d4d20fac402bba9571d0c4ca49169062aaf6fc32bf13177c29c494bf80f157038af0fd00511d69d70b359aa84936a3dbf13278666916706cde01ad20c9c1f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e770beff61afd0a9203784fabe3d5939

SHA1
da2c28ddcb2f6283cdd3cba3feb9e90d9474d9de

SHA256
f204da63ecffd72f7941790b0fa1d8ec2420084a96994c0c10623d7662a3a4ea

SHA512
40bc614754be280bb599d48b4cf99da7552d47e5fcfa31795a96fd812848be5e32aa977b5f913c14e03463c4d7c8290153fc069116fd3ce31266a3db6e243838

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
888962deb8125c7cddc099336e986493

SHA1
711bf95913dfd118a54258db350ab19c379662cb

SHA256
68c8721d06072d65e5c176c4c43859a78d0baf09a02c900aa70693d82cea391a

SHA512
c7d831552e3ee467a0c5fd2e5fcac87d2daca6d0ad3d525f9a9fecb66678b7cfd81f3e366b94e0f2109c6322f93feb5a600e7033f47849ed40901fc92211c3ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2934a76b6d3837a52a4e9f567fdc8ac

SHA1
bd8d5033ec865103683a1d9ceca241aabf253dfb

SHA256
0ea2d797a5d9e69fe5e1c64ca29e451d9a2e141dc273c6adb320a8166a095f74

SHA512
a10fe776e23b8c374a08dd7de97528c7f3b373b870f22d65a69ab43c2c2f8468e6c67b35f68971970651ac2ec6755e71d686c6904970b0733e7fa8dc19c31f5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d3c7d9889418069ecad42856914831c

SHA1
8a01481d6f4964ac73cad5e5884b41145f772eb5

SHA256
7ed96b2ee9a8f5551fad3deb9fb2b8c23d6f745dcdf2e61925622051123592dd

SHA512
595cd0f0a060a70c579d9c8a4201897a8519585bf799c03736dd30e907646a1678b301a169c99e17bd1e557af324935d331c4fbb3eb3b23f6d6c27f73dc21e86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a0da6523d7e7e1d7290240f4d7e9c78

SHA1
c5c85a5d20a61ab373d113219bade0e14b754a13

SHA256
f32cced23e3c5601177617257c160bd2850a1b9ca0be2e3a40a8a2042984e791

SHA512
7b79ae410f366b4af4c84fbfe3fa1eb2b5438e39db4fb0519005b340e100e23b7c7fdab70d0805d9de20416b38fc6a50752502ab912036519d61d1ba2429e429

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41c65eed3baed98b8214ed0483f6ce8d

SHA1
b16f6f4d9bc315fb2269064c440dd6af5457b0ff

SHA256
dc57aba71c064ccfe3dde354d4020c37996deee12db29886e28bd7d59e3d764c

SHA512
b185a7e0280a36c03885825034c68eae72fb86b3a9fbed13d01a34ca616f6d505a80738723af76ae162cc5cf9384d8d238912c16d11b1a6f9aa7f043e78f322a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19eb624d14bf3d9d0bb2f634baaba5e0

SHA1
f0a4990e3e3fcc65ffd57f1c7eca68ca76db8ca5

SHA256
786e2a52239abfa74ca5a2a08e2e7e9b22b8da4dea02fdd314a76b9bf27971df

SHA512
ee4a0f387498e81c7f376d31854961b8e9db8c544aaa94db9cdafe4f87d6ab82c926b336076769bc58f1b5b36ab9fc235a1265c7b19df5365c7201b2008796a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
437bb63a84d79402bca32ee8221609eb

SHA1
1cc2dfb208307d0a4564bc9100b40f0ba68f1d06

SHA256
19b655af143dee13e56e1680676c2e2685aaaca26741baf9f57e83271b120bd2

SHA512
3e9bdccc73ed410805a5e45efe5ecb039a9f5d066e6e4d30557239ca7600f9774d800ceb9db6dc04149f65f48819d09546ee51cb7db1aa5193233f8925d8104c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96fc1770fb72968f2bf30705bab626cb

SHA1
981163b8299771e802d71a94d0de8d7324ae7f61

SHA256
ab30712c7449d241394231842a1a2e49f19aee2712279bb2bd8f61da41080321

SHA512
41657b42985f23f3ac06de6eebdcffa2f051fed64851335720c4cb9476ce5d02db1f270aac9bf453ac67af4c291124fc3956fe30e0e6cd90ba9a5f0bfddcb757

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2eedd4058b9de53c959b24c539175d6

SHA1
022f9f0594b3f918ecb403d595631cff64a5c80c

SHA256
33b371977e9e0caf59289ed3e11d0a7780d327d248ceece34d9b01481abfff0e

SHA512
7975654028b6a4965fc6a2f22de8620eb8bd1e4af427f5b12e7c0863ac2a7391bb1ef42cf88ecbd00ae59b86f8a0f5e98dabaef70bbb101dcb63574f12af58af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00ebae9851dfa10f4d37def4038ff25a

SHA1
a89235b89da206a93aa0b73513e95c9ae3113415

SHA256
071bda389d5e41b02cb2952d69b565a0a7e1a7e57031f1f245de125d3105a954

SHA512
0a61841ee04d8c239ddca60d339b3d6128979ff4b985fde4df59c1dc62f917beaa13fd3374ace5bc3ce97c8e64976788f017afb04e4b648cc092f68b4d6eb410

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1f467df5e1ec830a9e1495d39c45b6c

SHA1
c221b48778eb40e82178df24c28f16802e3dae4c

SHA256
c0b4bd5989aff3f3a4892da0875fff143cb8a070b2e91c7325798855bd9c65c1

SHA512
c322545e169d97a075a21bd2fd2a989458af63323661e67190de643e8dcddf8980d67b1ec750216403901d115b39cb0674b0a4f05d114fdf59185cd2791d3750

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df4c6c0e225338a0bf1fb28fd0f61339

SHA1
a9a731f030182d7a14916485a4f45a1fa13e1a80

SHA256
59542c46522a3d8d926227aa7f6ffe22a7834934095a58bab1492ed54f27b964

SHA512
582868f013bcefdd1ef50b08475d16e6621dba587ae3b3b241399a477b58ac5cd99b55ad48b8a99105a89f2280db94e4446669249ac6ec241ff4a7905f820b09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc32ef0bdc59b17cd99ab6add1dfbbbc

SHA1
390eee65ca8e2fc3195c0b456c3ec91113990043

SHA256
cf36afc04353441442333a88dad95c11570e57f9516329d3a1415348072862ba

SHA512
1d05454d618a8584e6d237107912d1bb79e9f61be7b23f4bda504706991813e0d8b24742cfbcb152c4a19641fcacfa3b42923aabcee77f710cc49cf23e1177e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45c93068aa347d6d0741ccc36ae467ea

SHA1
7d2c829852aa2f9b98048b4bd9add40be50f81fa

SHA256
dd58bddd7b657bb54113d6857e81faed65eb65b64253763bbda3d77aa44c3588

SHA512
235093e8b98619ceb1966d19f7406f0c6918fd606f9d17f1120dc355b20ef37bd17b1488f9b2b9817300f79f64a137f1893befff7548ba1e80b8a551edc898af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
544d7fbbe4c57888b19b900f79a81b25

SHA1
eae82ab946f8cb798dd36e069bb8d3c3a62d2adb

SHA256
10acebf9ce242db105407b522783e68e4ee9a975514a8c1099d8de2c60957726

SHA512
f8c2eff98d09d4a8a8c00a468895f70181a3c2d1c1f31073bdf5133d73a15bc6f9c2fc2a89003e14fd56d7605ae3a38d3e91e026e8acd1f15a3f684602dc71da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ae34302266450d95c10d6b2a8cabd06

SHA1
71d5301c7f65c53b6e691e9d50030458cbb0c443

SHA256
07661e0bb032360607ffc8bb3b86f5efacd136fdbeed4a920040d5fbc7f65778

SHA512
c736fd6527be74e134c966fd5ce56b462e8fd0cd1dd9c1755c5ee3df7cfd9df3f99fad27be6bd5c0bbaa5fffb85c24be174f029c624cc4e0cf9e8d35e2d2ab69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7392d0485c0291f8bd7c4a854cf15519

SHA1
63635f18a17cc23e323b6826fe0ff18ec9866923

SHA256
f57b621a912027614c9bf16f07e21f26cf0983f57ced4fc1ecc620714e280c84

SHA512
46493e4eea31d5cc37e6ce04a366f29bd89350336fcaf733acbc5fc58baa9d16d71e6d5f9442d138d4e38fb56c0aa11e0064c5f61a3b9fd42b0785920b0d6618

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a92b9f0d509d39c88a5ac9c0897eb1e6

SHA1
5b50aa0dd67b3f70d0aff59e3a8cf0bf1f814aa2

SHA256
2a0fec2c85fa2f0ae1dcf68f97204c22eaff05c582dd085814839d3187d2c8c7

SHA512
faf323bca31cb213a0beaabe0e954122ff1c5afcbb91a33a56df296a4bb2516ec0e35bbdc6bc02eb8eeb170a2cbd98717b09502562207556eae0cf552f457f3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d9e3d2a1dfc83b1fda3cc08e46b9bd6

SHA1
0ca7e391cd773620716e3f6fd16045e332ef70a0

SHA256
87ee7b82abce717273856484b0f33276d0021894aea386ab60b00f2d3af75dda

SHA512
993a876cfbd4d83c9c28f256d09a39d94fd1313be50c482e9971abcd815ed0520b4f49d3db14b8071c51c1918fc5df7650fbdc446a7399ba1e69b1296707d540

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca4f61160bbdb7a39fb80e3a4433ee34

SHA1
8d03f601a36b0992af6e986c82d7d9c5eaecbcd4

SHA256
bb5d089b041a97bc954aeec79820c959bd60b763c448942b2d7b87d5fa9927a2

SHA512
d221edebb37c1eda5f86e3d1019411b362157046573a55cc823f3faf2d32c47041c3919ded6c0d912d6083ad5227dfd2b69d4aea778e5a7ccb15e9e1bbabfcf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b6cde5ff5e05a3fdfd2fb37c2ce9330

SHA1
f4f8b67cd3a05fdca2b835cb5e48ad93eb80f30b

SHA256
81712f8c29c286da7c8637fcca5bc649d4b763bc00b1b9c6b1b6a9a536675728

SHA512
08261f34312bc35b21fec3df67ea57c3e4bde89dd8c4b6ca12bc1ce2aa8c7d0dd80d87118b5ce5d69aeb8f859bd4a126677a8864ef2a3470b2fe56aa23140688

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a213e490e5f97d039d13a44fec03f46

SHA1
1c73801a38f3eac0e384dda05425a4d4c94e2a92

SHA256
ed6fe4cf5421e764ee495c878fa66449d72466afac0165a43a8b6a5b55deb15e

SHA512
7dcb8d2f0eeec6365910167086bc98ab013ea688740e248d17bca139e30279e32ab8b8acbde652a243e23c2ecbaf61ea04aefc9c791bb8fe60c5400fcb38f7a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS879CB466\Assets\exit_close.png

Filesize
670B

MD5
26eb04b9e0105a7b121ea9c6601bbf2a

SHA1
efc08370d90c8173df8d8c4b122d2bb64c07ccd8

SHA256
7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

SHA512
9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS879CB466\Assets\loader.png

Filesize
279B

MD5
03903fd42ed2ee3cb014f0f3b410bcb4

SHA1
762a95240607fe8a304867a46bc2d677f494f5c2

SHA256
076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1

SHA512
8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS879CB466\Assets\minimize_progress.png

Filesize
212B

MD5
1504b80f2a6f2d3fefc305da54a2a6c2

SHA1
432a9d89ebc2f693836d3c2f0743ea5d2077848d

SHA256
2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

SHA512
675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS879CB466\BlueStacksInstaller.exe

Filesize
604KB

MD5
edde1fbbd7c9815f1834c1d8aa1a2e2b

SHA1
70f79dabc7996ace79543ae97dd1d0d612d87ab6

SHA256
44d5555b29b7fc9df8bad33f20777a18135274b2c96e6b121734d126b46fd246

SHA512
2ddd1be7c0e402e6833ecbd2a53dba85c014134d3a640b2b57d81201cbb71c6d4975c1975e53b04b12fea6c69af20168bcd89adbab87d99370af5749cf6970fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS879CB466\BlueStacksInstaller.exe

Filesize
604KB

MD5
edde1fbbd7c9815f1834c1d8aa1a2e2b

SHA1
70f79dabc7996ace79543ae97dd1d0d612d87ab6

SHA256
44d5555b29b7fc9df8bad33f20777a18135274b2c96e6b121734d126b46fd246

SHA512
2ddd1be7c0e402e6833ecbd2a53dba85c014134d3a640b2b57d81201cbb71c6d4975c1975e53b04b12fea6c69af20168bcd89adbab87d99370af5749cf6970fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS879CB466\BlueStacksInstaller.exe

Filesize
604KB

MD5
edde1fbbd7c9815f1834c1d8aa1a2e2b

SHA1
70f79dabc7996ace79543ae97dd1d0d612d87ab6

SHA256
44d5555b29b7fc9df8bad33f20777a18135274b2c96e6b121734d126b46fd246

SHA512
2ddd1be7c0e402e6833ecbd2a53dba85c014134d3a640b2b57d81201cbb71c6d4975c1975e53b04b12fea6c69af20168bcd89adbab87d99370af5749cf6970fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS879CB466\BlueStacksInstaller.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS879CB466\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS879CB466\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS879CB466\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS879CB466\JSON.dll

Filesize
411KB

MD5
f5fd966e29f5c359f78cb61a571d1be4

SHA1
a55e7ed593b4bc7a77586da0f1223cfd9d51a233

SHA256
d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

SHA512
d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS879CB466\Locales\i18n.en-US.txt

Filesize
18KB

MD5
34405af4ef073eebfaa23df0ba5555c0

SHA1
2024caf7834505097673287739f881d64f79e9b1

SHA256
f0c241cbc4175898b7bd568fc69ec02323c12faeeb752e8e43355fadcd05dd5f

SHA512
e7fc8cb7380ea15f366f867679a52f21ea1c14373f1042061e6d42ef64f8db61f110b9ba61c08e6ac6811621f3b26679e7c2778008ddc39b51956034a738fa10

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS879CB466\ThemeFile

Filesize
80KB

MD5
c3e6bab4f92ee40b9453821136878993

SHA1
94493a6b3dfb3135e5775b7d3be227659856fbc4

SHA256
de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6

SHA512
a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

Download Submit
C:\Users\Admin\AppData\Local\Temp\BlueStacks.exe

Filesize
899KB

MD5
a75bdb37011d54af5db5a326ffe2062f

SHA1
9c903297253cb3ec2a9c8c34ceaa422061353e24

SHA256
3e2de2b63b4ac450d6be26220f54dffaf8bcc8cd34d1fb425fa00e07779ec018

SHA512
80d0f61605fc3ece734cd2d0e5cab61a8bae07c1167e2db2df84a2cf6ea62fb45fc25926e4ce56f64e1cb2be5a4b474ebdd896adae5b9d2e1a5350c55841b0ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\BlueStacks.exe

Filesize
899KB

MD5
a75bdb37011d54af5db5a326ffe2062f

SHA1
9c903297253cb3ec2a9c8c34ceaa422061353e24

SHA256
3e2de2b63b4ac450d6be26220f54dffaf8bcc8cd34d1fb425fa00e07779ec018

SHA512
80d0f61605fc3ece734cd2d0e5cab61a8bae07c1167e2db2df84a2cf6ea62fb45fc25926e4ce56f64e1cb2be5a4b474ebdd896adae5b9d2e1a5350c55841b0ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\BlueStacks.exe

Filesize
899KB

MD5
a75bdb37011d54af5db5a326ffe2062f

SHA1
9c903297253cb3ec2a9c8c34ceaa422061353e24

SHA256
3e2de2b63b4ac450d6be26220f54dffaf8bcc8cd34d1fb425fa00e07779ec018

SHA512
80d0f61605fc3ece734cd2d0e5cab61a8bae07c1167e2db2df84a2cf6ea62fb45fc25926e4ce56f64e1cb2be5a4b474ebdd896adae5b9d2e1a5350c55841b0ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab536F.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar53A1.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Yandex.exe

Filesize
274KB

MD5
40e3881d6c0898f6a5c24940b54a69a2

SHA1
f3da392ee4fb703255eff7ee8a83f23c2bb02987

SHA256
d5c05da57fa20048e35e6ef498b3dd0bcb92eaea3997e8a7009b38b8a15c4e86

SHA512
9013a696cda9be776f0a5ee66aece8716662121e69c5be056c8567eabed8fea91641e50714962438efb57da1b1ff1d4a2c3211e65be10a9e7833e647f700eb8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Yandex.exe

Filesize
274KB

MD5
40e3881d6c0898f6a5c24940b54a69a2

SHA1
f3da392ee4fb703255eff7ee8a83f23c2bb02987

SHA256
d5c05da57fa20048e35e6ef498b3dd0bcb92eaea3997e8a7009b38b8a15c4e86

SHA512
9013a696cda9be776f0a5ee66aece8716662121e69c5be056c8567eabed8fea91641e50714962438efb57da1b1ff1d4a2c3211e65be10a9e7833e647f700eb8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Yandex.exe

Filesize
274KB

MD5
40e3881d6c0898f6a5c24940b54a69a2

SHA1
f3da392ee4fb703255eff7ee8a83f23c2bb02987

SHA256
d5c05da57fa20048e35e6ef498b3dd0bcb92eaea3997e8a7009b38b8a15c4e86

SHA512
9013a696cda9be776f0a5ee66aece8716662121e69c5be056c8567eabed8fea91641e50714962438efb57da1b1ff1d4a2c3211e65be10a9e7833e647f700eb8b

Download Submit
C:\Users\Admin\AppData\Roaming\44\Process.txt

Filesize
416B

MD5
b79f35cac310d680bfa9dec4f66c2f87

SHA1
a41b600372ee6627eb7fc937f4b8b0b83a631833

SHA256
b1a2a9986cd030ec4aebca71d45f471f7f9604d8f6ffd9fc75e1e1ed806b89b2

SHA512
b2d7367c90ba90187196c28293e9008998f38576e1a44eb2ca5d0172553ae9e43949360966b89f8bbfe613246b20868aa3d05e9fc2b9788ef4b1bcf3566e2ef8

Download Submit
\Users\Admin\AppData\Local\Temp\7zS879CB466\BlueStacksInstaller.exe

Filesize
604KB

MD5
edde1fbbd7c9815f1834c1d8aa1a2e2b

SHA1
70f79dabc7996ace79543ae97dd1d0d612d87ab6

SHA256
44d5555b29b7fc9df8bad33f20777a18135274b2c96e6b121734d126b46fd246

SHA512
2ddd1be7c0e402e6833ecbd2a53dba85c014134d3a640b2b57d81201cbb71c6d4975c1975e53b04b12fea6c69af20168bcd89adbab87d99370af5749cf6970fc

Download Submit
\Users\Admin\AppData\Local\Temp\7zS879CB466\BlueStacksInstaller.exe

Filesize
604KB

MD5
edde1fbbd7c9815f1834c1d8aa1a2e2b

SHA1
70f79dabc7996ace79543ae97dd1d0d612d87ab6

SHA256
44d5555b29b7fc9df8bad33f20777a18135274b2c96e6b121734d126b46fd246

SHA512
2ddd1be7c0e402e6833ecbd2a53dba85c014134d3a640b2b57d81201cbb71c6d4975c1975e53b04b12fea6c69af20168bcd89adbab87d99370af5749cf6970fc

Download Submit
\Users\Admin\AppData\Local\Temp\7zS879CB466\BlueStacksInstaller.exe

Filesize
604KB

MD5
edde1fbbd7c9815f1834c1d8aa1a2e2b

SHA1
70f79dabc7996ace79543ae97dd1d0d612d87ab6

SHA256
44d5555b29b7fc9df8bad33f20777a18135274b2c96e6b121734d126b46fd246

SHA512
2ddd1be7c0e402e6833ecbd2a53dba85c014134d3a640b2b57d81201cbb71c6d4975c1975e53b04b12fea6c69af20168bcd89adbab87d99370af5749cf6970fc

Download Submit
\Users\Admin\AppData\Local\Temp\7zS879CB466\BlueStacksInstaller.exe

Filesize
604KB

MD5
edde1fbbd7c9815f1834c1d8aa1a2e2b

SHA1
70f79dabc7996ace79543ae97dd1d0d612d87ab6

SHA256
44d5555b29b7fc9df8bad33f20777a18135274b2c96e6b121734d126b46fd246

SHA512
2ddd1be7c0e402e6833ecbd2a53dba85c014134d3a640b2b57d81201cbb71c6d4975c1975e53b04b12fea6c69af20168bcd89adbab87d99370af5749cf6970fc

Download Submit
\Users\Admin\AppData\Local\Temp\BlueStacks.exe

Filesize
899KB

MD5
a75bdb37011d54af5db5a326ffe2062f

SHA1
9c903297253cb3ec2a9c8c34ceaa422061353e24

SHA256
3e2de2b63b4ac450d6be26220f54dffaf8bcc8cd34d1fb425fa00e07779ec018

SHA512
80d0f61605fc3ece734cd2d0e5cab61a8bae07c1167e2db2df84a2cf6ea62fb45fc25926e4ce56f64e1cb2be5a4b474ebdd896adae5b9d2e1a5350c55841b0ae

Download Submit
\Users\Admin\AppData\Local\Temp\BlueStacks.exe

Filesize
899KB

MD5
a75bdb37011d54af5db5a326ffe2062f

SHA1
9c903297253cb3ec2a9c8c34ceaa422061353e24

SHA256
3e2de2b63b4ac450d6be26220f54dffaf8bcc8cd34d1fb425fa00e07779ec018

SHA512
80d0f61605fc3ece734cd2d0e5cab61a8bae07c1167e2db2df84a2cf6ea62fb45fc25926e4ce56f64e1cb2be5a4b474ebdd896adae5b9d2e1a5350c55841b0ae

Download Submit
\Users\Admin\AppData\Local\Temp\BlueStacks.exe

Filesize
899KB

MD5
a75bdb37011d54af5db5a326ffe2062f

SHA1
9c903297253cb3ec2a9c8c34ceaa422061353e24

SHA256
3e2de2b63b4ac450d6be26220f54dffaf8bcc8cd34d1fb425fa00e07779ec018

SHA512
80d0f61605fc3ece734cd2d0e5cab61a8bae07c1167e2db2df84a2cf6ea62fb45fc25926e4ce56f64e1cb2be5a4b474ebdd896adae5b9d2e1a5350c55841b0ae

Download Submit
\Users\Admin\AppData\Local\Temp\BlueStacks.exe

Filesize
899KB

MD5
a75bdb37011d54af5db5a326ffe2062f

SHA1
9c903297253cb3ec2a9c8c34ceaa422061353e24

SHA256
3e2de2b63b4ac450d6be26220f54dffaf8bcc8cd34d1fb425fa00e07779ec018

SHA512
80d0f61605fc3ece734cd2d0e5cab61a8bae07c1167e2db2df84a2cf6ea62fb45fc25926e4ce56f64e1cb2be5a4b474ebdd896adae5b9d2e1a5350c55841b0ae

Download Submit
\Users\Admin\AppData\Local\Temp\Yandex.exe

Filesize
274KB

MD5
40e3881d6c0898f6a5c24940b54a69a2

SHA1
f3da392ee4fb703255eff7ee8a83f23c2bb02987

SHA256
d5c05da57fa20048e35e6ef498b3dd0bcb92eaea3997e8a7009b38b8a15c4e86

SHA512
9013a696cda9be776f0a5ee66aece8716662121e69c5be056c8567eabed8fea91641e50714962438efb57da1b1ff1d4a2c3211e65be10a9e7833e647f700eb8b

Download Submit
\Users\Admin\AppData\Local\Temp\Yandex.exe

Filesize
274KB

MD5
40e3881d6c0898f6a5c24940b54a69a2

SHA1
f3da392ee4fb703255eff7ee8a83f23c2bb02987

SHA256
d5c05da57fa20048e35e6ef498b3dd0bcb92eaea3997e8a7009b38b8a15c4e86

SHA512
9013a696cda9be776f0a5ee66aece8716662121e69c5be056c8567eabed8fea91641e50714962438efb57da1b1ff1d4a2c3211e65be10a9e7833e647f700eb8b

Download Submit
\Users\Admin\AppData\Local\Temp\Yandex.exe

Filesize
274KB

MD5
40e3881d6c0898f6a5c24940b54a69a2

SHA1
f3da392ee4fb703255eff7ee8a83f23c2bb02987

SHA256
d5c05da57fa20048e35e6ef498b3dd0bcb92eaea3997e8a7009b38b8a15c4e86

SHA512
9013a696cda9be776f0a5ee66aece8716662121e69c5be056c8567eabed8fea91641e50714962438efb57da1b1ff1d4a2c3211e65be10a9e7833e647f700eb8b

Download Submit
\Users\Admin\AppData\Local\Temp\Yandex.exe

Filesize
274KB

MD5
40e3881d6c0898f6a5c24940b54a69a2

SHA1
f3da392ee4fb703255eff7ee8a83f23c2bb02987

SHA256
d5c05da57fa20048e35e6ef498b3dd0bcb92eaea3997e8a7009b38b8a15c4e86

SHA512
9013a696cda9be776f0a5ee66aece8716662121e69c5be056c8567eabed8fea91641e50714962438efb57da1b1ff1d4a2c3211e65be10a9e7833e647f700eb8b

Download Submit
memory/2312-511-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download
memory/2312-151-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download
memory/2312-153-0x000000001B0F0000-0x000000001B170000-memory.dmp

Filesize
512KB

Download
memory/2312-136-0x0000000000150000-0x000000000019A000-memory.dmp

Filesize
296KB

Download
memory/2552-288-0x00000000005C0000-0x00000000005CA000-memory.dmp

Filesize
40KB

Download
memory/2552-152-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download
memory/2552-972-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download
memory/2552-150-0x0000000000080000-0x000000000011A000-memory.dmp

Filesize
616KB

Download
memory/2552-289-0x00000000005C0000-0x00000000005CA000-memory.dmp

Filesize
40KB

Download
memory/2552-454-0x000000001AF30000-0x000000001AF31000-memory.dmp

Filesize
4KB

Download
memory/2552-1135-0x000000001B000000-0x000000001B080000-memory.dmp

Filesize
512KB

Download
memory/2552-1190-0x000000001B000000-0x000000001B080000-memory.dmp

Filesize
512KB

Download
memory/2552-1228-0x00000000005C0000-0x00000000005CA000-memory.dmp

Filesize
40KB

Download
memory/2552-1218-0x00000000005C0000-0x00000000005CA000-memory.dmp

Filesize
40KB

Download
memory/2552-260-0x000000001B000000-0x000000001B080000-memory.dmp

Filesize
512KB

Download
memory/2552-173-0x00000000006D0000-0x0000000000738000-memory.dmp

Filesize
416KB

Download