44caliber | faeb588f777f567d3990e76a941cf406dc11f7079764325ebfee78cd7ffede29

Analysis

max time kernel
298s
max time network
303s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
24-09-2023 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlueStacksXsetup.exe
Size

1.1MB
MD5

6df424c55004064f017e0b39a2253448
SHA1

30182c240002c1bcfedb0d3b44b0e2c57a13a2db
SHA256

faeb588f777f567d3990e76a941cf406dc11f7079764325ebfee78cd7ffede29
SHA512

a09d3f7f9d173b176ad15e9ef94571dfac6783b6786258b300ff0ab83fcf16100c1ffbf1153648d9ff3de7b13bb967b59794f921f21285028be98411bd9e607f
SSDEEP

24576:+b69qHDABLqjL1M0HpccZoW6eq/oF5HPGys:5AtX60HpccGWRqwvGN

Score

10^/10

44caliber spyware stealer

Malware Config

Extracted

Family

44caliber

https://discord.com/api/webhooks/1155120137612034188/cdy5wHbWmzOOyiX6nZbn5OlBuBidB8er7f1281hl7JRUP1iVFGnh9s57SwGqJtsdtgrx

Signatures

44Caliber
An open source infostealer written in C#.
stealer 44caliber

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

BlueStacksXsetup.exeBlueStacks.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Control Panel\International\Geo\Nation	BlueStacksXsetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Control Panel\International\Geo\Nation	BlueStacks.exe

Executes dropped EXE 5 IoCs

Processes:

BlueStacks.exeYandex.exeBlueStacksInstaller.exeHD-CheckCpu.exeHD-CheckCpu.exe

pid process

1564 BlueStacks.exe
5000 Yandex.exe
3772 BlueStacksInstaller.exe
4876 HD-CheckCpu.exe
3784 HD-CheckCpu.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

46 freegeoip.app
47 freegeoip.app
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
1564	BlueStacks.exe
5000	Yandex.exe
3772	BlueStacksInstaller.exe
4876	HD-CheckCpu.exe
3784	HD-CheckCpu.exe

flow	ioc
46	freegeoip.app
47	freegeoip.app

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Yandex.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	Yandex.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	Yandex.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

Yandex.exeBlueStacksInstaller.exe

pid	process
5000	Yandex.exe
5000	Yandex.exe
5000	Yandex.exe
5000	Yandex.exe
5000	Yandex.exe
3772	BlueStacksInstaller.exe
3772	BlueStacksInstaller.exe
3772	BlueStacksInstaller.exe
3772	BlueStacksInstaller.exe
3772	BlueStacksInstaller.exe
3772	BlueStacksInstaller.exe
3772	BlueStacksInstaller.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

Yandex.exeBlueStacksInstaller.exe

description pid process

Token: SeDebugPrivilege 5000 Yandex.exe
Token: SeDebugPrivilege 3772 BlueStacksInstaller.exe

description	pid	process
Token: SeDebugPrivilege	5000	Yandex.exe
Token: SeDebugPrivilege	3772	BlueStacksInstaller.exe

Suspicious use of WriteProcessMemory 13 IoCs

Processes:

BlueStacksXsetup.exeBlueStacks.exeBlueStacksInstaller.exe

description	pid	process	target process
PID 4216 wrote to memory of 1564	4216	BlueStacksXsetup.exe	BlueStacks.exe
PID 4216 wrote to memory of 1564	4216	BlueStacksXsetup.exe	BlueStacks.exe
PID 4216 wrote to memory of 1564	4216	BlueStacksXsetup.exe	BlueStacks.exe
PID 4216 wrote to memory of 5000	4216	BlueStacksXsetup.exe	Yandex.exe
PID 4216 wrote to memory of 5000	4216	BlueStacksXsetup.exe	Yandex.exe
PID 1564 wrote to memory of 3772	1564	BlueStacks.exe	BlueStacksInstaller.exe
PID 1564 wrote to memory of 3772	1564	BlueStacks.exe	BlueStacksInstaller.exe
PID 3772 wrote to memory of 4876	3772	BlueStacksInstaller.exe	HD-CheckCpu.exe
PID 3772 wrote to memory of 4876	3772	BlueStacksInstaller.exe	HD-CheckCpu.exe
PID 3772 wrote to memory of 4876	3772	BlueStacksInstaller.exe	HD-CheckCpu.exe
PID 3772 wrote to memory of 3784	3772	BlueStacksInstaller.exe	HD-CheckCpu.exe
PID 3772 wrote to memory of 3784	3772	BlueStacksInstaller.exe	HD-CheckCpu.exe
PID 3772 wrote to memory of 3784	3772	BlueStacksInstaller.exe	HD-CheckCpu.exe

C:\Users\Admin\AppData\Local\Temp\BlueStacksXsetup.exe
"C:\Users\Admin\AppData\Local\Temp\BlueStacksXsetup.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4216

C:\Users\Admin\AppData\Local\Temp\BlueStacks.exe
"C:\Users\Admin\AppData\Local\Temp\BlueStacks.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1564

C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\BlueStacksInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\BlueStacksInstaller.exe"
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3772

C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\HD-CheckCpu.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\HD-CheckCpu.exe" --cmd checkHypervEnabled
4⤵
- Executes dropped EXE
PID:4876

C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\HD-CheckCpu.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\HD-CheckCpu.exe" --cmd checkSSE4
4⤵
- Executes dropped EXE
PID:3784

C:\Users\Admin\AppData\Local\Temp\Yandex.exe
"C:\Users\Admin\AppData\Local\Temp\Yandex.exe"
2⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5000

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
1⤵
PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\Assets\backicon.png

Filesize
15KB

MD5
7ff5dc8270b5fa7ef6c4a1420bd67a7f

SHA1
b224300372feaa97d882ca2552b227c0f2ef4e3e

SHA256
fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1

SHA512
f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\Assets\checked_gray.png

Filesize
538B

MD5
ce144d2aab3bf213af693d4e18f87a59

SHA1
df59dc3dbba88bdc5ffc25f2e5e7b73ac3de5afa

SHA256
d8e502fab00b0c6f06ba6abede6922ab3b423fe6f2d2f56941dabc887b229ad3

SHA512
0f930edd485a0d49ef157f6cc8856609c087c91b77845adeb5cc8c8a80ebc7ec5416df351ffa1af780caad884dbb49dcc778b0b30de6fb7c85ffef22d7220ebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\Assets\close_red.png

Filesize
15KB

MD5
93216b2f9d66d423b3e1311c0573332d

SHA1
5efaebec5f20f91f164f80d1e36f98c9ddaff805

SHA256
d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb

SHA512
922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\Assets\custom.png

Filesize
17KB

MD5
03b17f0b1c067826b0fcc6746cced2cb

SHA1
e07e4434e10df4d6c81b55fceb6eca2281362477

SHA256
fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b

SHA512
67c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\Assets\installer_bg.jpg

Filesize
78KB

MD5
3478e24ba1dd52c80a0ff0d43828b6b5

SHA1
b5b13bbf3fb645efb81d3562296599e76a2abac0

SHA256
4c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904

SHA512
5c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\Assets\installer_logo.png

Filesize
14KB

MD5
e33432b5d6dafb8b58f161cf38b8f177

SHA1
d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a

SHA256
9f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183

SHA512
520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\Assets\installer_minimize.png

Filesize
113B

MD5
38b539a1e4229738e5c196eedb4eb225

SHA1
f027b08dce77c47aaed75a28a2fce218ff8c936c

SHA256
a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2

SHA512
2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\Assets\loader.png

Filesize
279B

MD5
03903fd42ed2ee3cb014f0f3b410bcb4

SHA1
762a95240607fe8a304867a46bc2d677f494f5c2

SHA256
076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1

SHA512
8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\Assets\setpath.png

Filesize
15KB

MD5
b2e7f40179744c74fded932e829cb12a

SHA1
a0059ab8158a497d2cf583a292b13f87326ec3f0

SHA256
5bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b

SHA512
b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\Assets\unchecked_gray.png

Filesize
192B

MD5
e50df2a0768f7fc4c3fe8d784564fea3

SHA1
d1fc4db50fe8e534019eb7ce70a61fd4c954621a

SHA256
671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396

SHA512
c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\BlueStacksInstaller.exe

Filesize
604KB

MD5
edde1fbbd7c9815f1834c1d8aa1a2e2b

SHA1
70f79dabc7996ace79543ae97dd1d0d612d87ab6

SHA256
44d5555b29b7fc9df8bad33f20777a18135274b2c96e6b121734d126b46fd246

SHA512
2ddd1be7c0e402e6833ecbd2a53dba85c014134d3a640b2b57d81201cbb71c6d4975c1975e53b04b12fea6c69af20168bcd89adbab87d99370af5749cf6970fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\BlueStacksInstaller.exe

Filesize
604KB

MD5
edde1fbbd7c9815f1834c1d8aa1a2e2b

SHA1
70f79dabc7996ace79543ae97dd1d0d612d87ab6

SHA256
44d5555b29b7fc9df8bad33f20777a18135274b2c96e6b121734d126b46fd246

SHA512
2ddd1be7c0e402e6833ecbd2a53dba85c014134d3a640b2b57d81201cbb71c6d4975c1975e53b04b12fea6c69af20168bcd89adbab87d99370af5749cf6970fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\BlueStacksInstaller.exe

Filesize
604KB

MD5
edde1fbbd7c9815f1834c1d8aa1a2e2b

SHA1
70f79dabc7996ace79543ae97dd1d0d612d87ab6

SHA256
44d5555b29b7fc9df8bad33f20777a18135274b2c96e6b121734d126b46fd246

SHA512
2ddd1be7c0e402e6833ecbd2a53dba85c014134d3a640b2b57d81201cbb71c6d4975c1975e53b04b12fea6c69af20168bcd89adbab87d99370af5749cf6970fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\BlueStacksInstaller.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\JSON.dll

Filesize
411KB

MD5
f5fd966e29f5c359f78cb61a571d1be4

SHA1
a55e7ed593b4bc7a77586da0f1223cfd9d51a233

SHA256
d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

SHA512
d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\Locales\i18n.en-US.txt

Filesize
18KB

MD5
34405af4ef073eebfaa23df0ba5555c0

SHA1
2024caf7834505097673287739f881d64f79e9b1

SHA256
f0c241cbc4175898b7bd568fc69ec02323c12faeeb752e8e43355fadcd05dd5f

SHA512
e7fc8cb7380ea15f366f867679a52f21ea1c14373f1042061e6d42ef64f8db61f110b9ba61c08e6ac6811621f3b26679e7c2778008ddc39b51956034a738fa10

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC16C2DD7\ThemeFile

Filesize
80KB

MD5
c3e6bab4f92ee40b9453821136878993

SHA1
94493a6b3dfb3135e5775b7d3be227659856fbc4

SHA256
de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6

SHA512
a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

Download Submit
C:\Users\Admin\AppData\Local\Temp\Assets\installer_bg_1.jpg

Filesize
89KB

MD5
d5521b02ccbe5e1716de2922e5a663f4

SHA1
e850ab791b7aa465c0d676a0bcf17e4ca60ea1bd

SHA256
427039f8968a4e518c37bddde86de314b476d55a52a0cdaa8f45e6266a8ed08b

SHA512
025d3bdaa02e93e309d187a34a3b1fdaada262b444363d5d36eba5888f0449efbbe118622cfeee09123693b783844ee094078ad243fd8c070a670126dd08c8c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Assets\installer_bg_2.jpg

Filesize
121KB

MD5
2f0acb01bbfd565f803eff0e12d4f74f

SHA1
521f2cde14fa7be049ba11336cd344ce335b487f

SHA256
7cc477b38d05c7002621a51d04d2c2d9f943be5115abae1d8bcbd2def49de54e

SHA512
c3c97c7a2d66bd6c5f901ba06282fbc1c7cbf8a62d9b3e5c1f63882113addcfc9dfefcf03c6abe96c52bc4c2c4e09939e35a1e8cb9615a82024e0d50d9dd5eef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Assets\installer_bg_3.jpg

Filesize
99KB

MD5
1d5e7e72dcb6d1141976c6519ed381ea

SHA1
b478ad52c2d116c121d4a95b150790975d6b34bc

SHA256
e5488121a3155d4d770105ab35d2d50270cc8fe0e71db4c46b4aec72580357f1

SHA512
04857e8b9735bdcd876a8cdae0857a7700403c83cb069156b0db0d23851f5a3af2e632a6ecda5291bc7c06427c905ce2b6db74ea427a8b3047812533b2105dd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Assets\installer_bg_4.jpg

Filesize
94KB

MD5
29c1bfef2bda9451a54554492d56a66b

SHA1
644788f16bf137546fddec47bdf6596dfb5e32fa

SHA256
3ff5f2fe5659543e141f0abb835e9e3d21adac4f36206ec6454d0d182dd64443

SHA512
cc1f640f36a2907c9ba133be6a5214c49e912bd0b0e7c54d59a7d67938c79a2a5d9d047eb9c92680fb657a22da8a3ddc9a48c5983399f8ad4406108c37755e87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Assets\installer_bg_5.jpg

Filesize
87KB

MD5
ffa3db7ab9e75972e5e8ba1f9f2b61de

SHA1
4229e04326e71bd1eae100377316e6b3c6206901

SHA256
423dba72b462e2595f608bc6e66bfe35869aa5b240791a30432b89b3ab0547ba

SHA512
2afed67571e384f79d3d15ce154166f27c4e5c12f36e8f1a4f497d0d2de1b64d0795692a7ab48bcb71278b3ed67dcb97520ec79932560e348c1d4a59ca8e2d90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Assets\installer_bg_6.jpg

Filesize
101KB

MD5
fd5577e8af1f1c05f24ec84b503d5161

SHA1
334a43f4601802e0b3fc48e3f9ab1bc2f4185a59

SHA256
9d97256abf52aab13fdaecac6addfb999a27abce3023a70c77664e68663c6fc9

SHA512
3617d78682ebf6f814f6e6d7ee6907c924f4bde36f0def24b947b2eba2310678be28ac56af5e9948080a0277ccddaa34157768144e5778875ba697bed767c6bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Assets\installer_bg_7.jpg

Filesize
104KB

MD5
55324be215073dbb15e94c8badac14df

SHA1
175679549fba2d1fe5cde27462165e31464cab01

SHA256
1ab4953190aeb9e7e5c2cb7d58aa13508906d982c2a8435ba50c709cd6b597c8

SHA512
fb60240ed1d7dc2735a5f458ef2f4361521d8c1ea9e583280bb0c29d10e5a66afbf63113e5b794b559d1db7b29dd32e0d403f971bfe4740c5a68c942455acf9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Assets\installer_bg_8.jpg

Filesize
93KB

MD5
3510f0529819708a1594e65e90148be6

SHA1
0d14b8237d35a17e97135ea6eef03e4851b00b6f

SHA256
3c947b7946c9e92318880bb5d31fb600b9d32476fade9ed0ee9c9c7c714f6a57

SHA512
53441e7bf99d462a62cf50c1151bb73702fe14bfa638630995aa1e119498c23cb11ff5bbef8e46310215515ed3284d6d64687a18a2427b40e212409cbad9daef

Download Submit
C:\Users\Admin\AppData\Local\Temp\BlueStacks.exe

Filesize
899KB

MD5
a75bdb37011d54af5db5a326ffe2062f

SHA1
9c903297253cb3ec2a9c8c34ceaa422061353e24

SHA256
3e2de2b63b4ac450d6be26220f54dffaf8bcc8cd34d1fb425fa00e07779ec018

SHA512
80d0f61605fc3ece734cd2d0e5cab61a8bae07c1167e2db2df84a2cf6ea62fb45fc25926e4ce56f64e1cb2be5a4b474ebdd896adae5b9d2e1a5350c55841b0ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\BlueStacks.exe

Filesize
899KB

MD5
a75bdb37011d54af5db5a326ffe2062f

SHA1
9c903297253cb3ec2a9c8c34ceaa422061353e24

SHA256
3e2de2b63b4ac450d6be26220f54dffaf8bcc8cd34d1fb425fa00e07779ec018

SHA512
80d0f61605fc3ece734cd2d0e5cab61a8bae07c1167e2db2df84a2cf6ea62fb45fc25926e4ce56f64e1cb2be5a4b474ebdd896adae5b9d2e1a5350c55841b0ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\BlueStacks.exe

Filesize
899KB

MD5
a75bdb37011d54af5db5a326ffe2062f

SHA1
9c903297253cb3ec2a9c8c34ceaa422061353e24

SHA256
3e2de2b63b4ac450d6be26220f54dffaf8bcc8cd34d1fb425fa00e07779ec018

SHA512
80d0f61605fc3ece734cd2d0e5cab61a8bae07c1167e2db2df84a2cf6ea62fb45fc25926e4ce56f64e1cb2be5a4b474ebdd896adae5b9d2e1a5350c55841b0ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Yandex.exe

Filesize
274KB

MD5
40e3881d6c0898f6a5c24940b54a69a2

SHA1
f3da392ee4fb703255eff7ee8a83f23c2bb02987

SHA256
d5c05da57fa20048e35e6ef498b3dd0bcb92eaea3997e8a7009b38b8a15c4e86

SHA512
9013a696cda9be776f0a5ee66aece8716662121e69c5be056c8567eabed8fea91641e50714962438efb57da1b1ff1d4a2c3211e65be10a9e7833e647f700eb8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Yandex.exe

Filesize
274KB

MD5
40e3881d6c0898f6a5c24940b54a69a2

SHA1
f3da392ee4fb703255eff7ee8a83f23c2bb02987

SHA256
d5c05da57fa20048e35e6ef498b3dd0bcb92eaea3997e8a7009b38b8a15c4e86

SHA512
9013a696cda9be776f0a5ee66aece8716662121e69c5be056c8567eabed8fea91641e50714962438efb57da1b1ff1d4a2c3211e65be10a9e7833e647f700eb8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Yandex.exe

Filesize
274KB

MD5
40e3881d6c0898f6a5c24940b54a69a2

SHA1
f3da392ee4fb703255eff7ee8a83f23c2bb02987

SHA256
d5c05da57fa20048e35e6ef498b3dd0bcb92eaea3997e8a7009b38b8a15c4e86

SHA512
9013a696cda9be776f0a5ee66aece8716662121e69c5be056c8567eabed8fea91641e50714962438efb57da1b1ff1d4a2c3211e65be10a9e7833e647f700eb8b

Download Submit
C:\Users\Admin\AppData\Roaming\44\Process.txt

Filesize
949B

MD5
9489f37a136a88265dbbf5839e33cd00

SHA1
cbdc46b05af46de4b30578a37c78130e2e442118

SHA256
e3d023164f93089e817fde4680cfab58cf3ddf0bf3090887c665c074ba6c0ad3

SHA512
fa4acda9020af0feeb427f4aa28f0343ca00830e1aeb59fbc344a3ff05942e7ce300d599565f9a9483192e55a9f78d4b39044fc037cff0a3e67768c07ccaac73

Download Submit
C:\Users\Admin\AppData\Roaming\44\Process.txt

Filesize
1KB

MD5
88a9b77e3400ddb54b629ddf02ddf2e8

SHA1
3a36a62fd7bf21a7b6e707d5b57e6ceb790cdcd4

SHA256
cc363640d1e8a959cc586844bf4c7d4719795151f30d5d62707e7ca34016fc6c

SHA512
fac90b31868aa3808527c2e50ceafaa49ae1886dbf7c8cdd6ed2cd20c5fd97b360b4d298fcdf2ebc5f615861a4fbc2aa34ed8eae597b15b5c49d0f29a8f86b92

Download Submit
memory/3772-172-0x0000000000B40000-0x0000000000BDA000-memory.dmp

Filesize
616KB

Download
memory/3772-314-0x0000000001440000-0x0000000001450000-memory.dmp

Filesize
64KB

Download
memory/3772-173-0x00007FF912550000-0x00007FF913011000-memory.dmp

Filesize
10.8MB

Download
memory/3772-285-0x000000001C450000-0x000000001C45E000-memory.dmp

Filesize
56KB

Download
memory/3772-284-0x000000001CCA0000-0x000000001CCD8000-memory.dmp

Filesize
224KB

Download
memory/3772-283-0x0000000001440000-0x0000000001450000-memory.dmp

Filesize
64KB

Download
memory/3772-300-0x0000000001460000-0x0000000001468000-memory.dmp

Filesize
32KB

Download
memory/3772-281-0x000000001CD60000-0x000000001D288000-memory.dmp

Filesize
5.2MB

Download
memory/3772-311-0x00007FF912550000-0x00007FF913011000-memory.dmp

Filesize
10.8MB

Download
memory/3772-312-0x0000000001440000-0x0000000001450000-memory.dmp

Filesize
64KB

Download
memory/3772-313-0x0000000001440000-0x0000000001450000-memory.dmp

Filesize
64KB

Download
memory/3772-270-0x000000001B9E0000-0x000000001BA48000-memory.dmp

Filesize
416KB

Download
memory/3772-316-0x0000000001440000-0x0000000001450000-memory.dmp

Filesize
64KB

Download
memory/3772-276-0x0000000001440000-0x0000000001450000-memory.dmp

Filesize
64KB

Download
memory/3772-275-0x0000000001440000-0x0000000001450000-memory.dmp

Filesize
64KB

Download
memory/3772-271-0x0000000001440000-0x0000000001450000-memory.dmp

Filesize
64KB

Download
memory/5000-290-0x0000017FB3DD0000-0x0000017FB3F79000-memory.dmp

Filesize
1.7MB

Download
memory/5000-291-0x00007FF912550000-0x00007FF913011000-memory.dmp

Filesize
10.8MB

Download
memory/5000-150-0x0000017FB3A30000-0x0000017FB3A40000-memory.dmp

Filesize
64KB

Download
memory/5000-142-0x00007FF912550000-0x00007FF913011000-memory.dmp

Filesize
10.8MB

Download
memory/5000-128-0x0000017F99560000-0x0000017F995AA000-memory.dmp

Filesize
296KB

Download