831d7190c4b86d6b8993de26780c212ab692e0f37886a324331c69ed4748b2f5

Analysis

max time kernel
118s
max time network
139s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
04/11/2023, 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlueStacksInstaller_5.13.220.1001_native_2bfcec35496fac01d35f2efd2b58195a_MzsxNSwwOzUsMTsxNSw0OzE1.exe
Size

899KB
MD5

9193390ffd1ee47e585750079c2d61b4
SHA1

49887df7b513c4cdeec369a38b0917af0024c5b9
SHA256

831d7190c4b86d6b8993de26780c212ab692e0f37886a324331c69ed4748b2f5
SHA512

499c5a78e139ebfae40c9860325fa2dfc0dc5f8040e91d95a46b2d1497e653923b975482a051eb6d36952164a004fff8dcc9b1d75b037d8da3070c1114d83cdd
SSDEEP

24576:LivtCXWeGKhFGXFmUbAq/gGpBPbvNKPAz:utCXWPEc1mIAq/ggTVhz

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
1308	BlueStacksInstaller.exe
1624	HD-CheckCpu.exe
2396	HD-CheckCpu.exe

Loads dropped DLL 4 IoCs

pid	Process
1984	BlueStacksInstaller_5.13.220.1001_native_2bfcec35496fac01d35f2efd2b58195a_MzsxNSwwOzUsMTsxNSw0OzE1.exe
1984	BlueStacksInstaller_5.13.220.1001_native_2bfcec35496fac01d35f2efd2b58195a_MzsxNSwwOzUsMTsxNSw0OzE1.exe
1984	BlueStacksInstaller_5.13.220.1001_native_2bfcec35496fac01d35f2efd2b58195a_MzsxNSwwOzUsMTsxNSw0OzE1.exe
1984	BlueStacksInstaller_5.13.220.1001_native_2bfcec35496fac01d35f2efd2b58195a_MzsxNSwwOzUsMTsxNSw0OzE1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1308	BlueStacksInstaller.exe
1308	BlueStacksInstaller.exe
1308	BlueStacksInstaller.exe
1308	BlueStacksInstaller.exe
1308	BlueStacksInstaller.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1308	BlueStacksInstaller.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 1308	1984	BlueStacksInstaller_5.13.220.1001_native_2bfcec35496fac01d35f2efd2b58195a_MzsxNSwwOzUsMTsxNSw0OzE1.exe	28
PID 1984 wrote to memory of 1308	1984	BlueStacksInstaller_5.13.220.1001_native_2bfcec35496fac01d35f2efd2b58195a_MzsxNSwwOzUsMTsxNSw0OzE1.exe	28
PID 1984 wrote to memory of 1308	1984	BlueStacksInstaller_5.13.220.1001_native_2bfcec35496fac01d35f2efd2b58195a_MzsxNSwwOzUsMTsxNSw0OzE1.exe	28
PID 1984 wrote to memory of 1308	1984	BlueStacksInstaller_5.13.220.1001_native_2bfcec35496fac01d35f2efd2b58195a_MzsxNSwwOzUsMTsxNSw0OzE1.exe	28
PID 1308 wrote to memory of 1624	1308	BlueStacksInstaller.exe	29
PID 1308 wrote to memory of 1624	1308	BlueStacksInstaller.exe	29
PID 1308 wrote to memory of 1624	1308	BlueStacksInstaller.exe	29
PID 1308 wrote to memory of 1624	1308	BlueStacksInstaller.exe	29
PID 1308 wrote to memory of 2396	1308	BlueStacksInstaller.exe	31
PID 1308 wrote to memory of 2396	1308	BlueStacksInstaller.exe	31
PID 1308 wrote to memory of 2396	1308	BlueStacksInstaller.exe	31
PID 1308 wrote to memory of 2396	1308	BlueStacksInstaller.exe	31

C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_5.13.220.1001_native_2bfcec35496fac01d35f2efd2b58195a_MzsxNSwwOzUsMTsxNSw0OzE1.exe
"C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_5.13.220.1001_native_2bfcec35496fac01d35f2efd2b58195a_MzsxNSwwOzUsMTsxNSw0OzE1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Users\Admin\AppData\Local\Temp\7zS0C75FD46\BlueStacksInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS0C75FD46\BlueStacksInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1308
- - C:\Users\Admin\AppData\Local\Temp\7zS0C75FD46\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS0C75FD46\HD-CheckCpu.exe" --cmd checkHypervEnabled
    3⤵
    - Executes dropped EXE
    PID:1624
- - C:\Users\Admin\AppData\Local\Temp\7zS0C75FD46\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS0C75FD46\HD-CheckCpu.exe" --cmd checkSSE4
    3⤵
    - Executes dropped EXE
    PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca3e8bf722f52b5f25fde2e3b7a7607d

SHA1
6ba6249244b0c0130cc799e0d484df2809fc3752

SHA256
437730bab84053053c69b11d7e9d6cae318e46038a861b7bc45f7e9ad6bc9699

SHA512
139baffa73b1cac939582de89b677c065f20dd4b6e8f77eff3e1bec58b39ac16676032a87582bb3ea79d2f79de2205b8ddb84184b2c99cf18128fe4e081d2915

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fabd41a2f8587f46ddf6b67180d53cd2

SHA1
b6f4db022cb340c2dae8a4c18dcf510c023bbee2

SHA256
2f54455b93942c3709d5ebe9668c609dc17ba4f233f9423f6372a80f6c3c33cc

SHA512
5fd0c99f2375df9421cb90baa719ad8e5fb9e3e13a6b10da6f4ef1acd55abd373e8d6c32c4dea2cbde99e557192a4e19452d64d510411f8faba030d33cff3a63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8830d1639f1721a5cb1ea8743a1758ce

SHA1
3b49da96710113319b222c366bd82f41ec4d099e

SHA256
72166cd9adcb08b4f44ee61b305e99752dc941cc2c3cddede826f52966ce824d

SHA512
4dbe6d263d58e40ae51bb7c6c2da5064e6783211fe093b6be69269001160bcef04557fa686da8aa3d61ad46a0eb2c47093ec050c784119062ec0d9588f775a4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e5cb8060bdb709b1e0c9f96947be277

SHA1
6c174d90bb633bdecc415ab3dc1c8c57ae23fd85

SHA256
079119c7d63cabfef0335bb761a6bed3b9fd481de36bc7f3b540e969a5bd6cf9

SHA512
8d15c958b89a98738b8919f54b9a828fc78934a2289f8e8996c02913d86e557d9ca8201a74554c2c53194a71f2cca8403ce847f9e001536044443ee13c71541b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb4be97a385f40d3eed0f997c95c1809

SHA1
3f1193295df9459189b4a46b9cded70cf5f0ec51

SHA256
1dd7053de43bf36545843a72f5330d9f969c8cbf766bf0a611c836956c8cded9

SHA512
cec66a17a1f415fa63b2dc9b8da247551a730cdf489ff03fd38aeb41d7b1e0ba1a09c5dd97d21c1b1b0d236d2b666073b6fc5f43b23e3c935f8833dc67f743d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
feccba27b605a725e5814332621657be

SHA1
d1ca56976b0b9b9b7131b029ffe89dce99519ee2

SHA256
62b82bb4c3f5b3b6f4ac162823c9800e3af3bb0b1a95c9abdae6743dfbf9ad79

SHA512
24cf2db6cdef8b5df25c8fb3614323ef22af89c2db9ad4959085b3ff5ec6fc4e556e79aba0ee9555d95836b1d13e41d4b98b5a3547f769b4907e9241227fd6e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c42555b5ed367e5aa93cbbd60f7065c

SHA1
1f6c89028e38e6a96cdffa49848ed8aa506b0fb2

SHA256
5f7a82fc52d4ea5df407c7922ecd8f8d5f6fead11347f66363ad9a176bda7ee6

SHA512
52e947d01e55f18631ab61f74d9a7fbd290456844580804b018776eeb496d295115e9a3def42342aa5082385762fefaed0b8559e8a899c968083f355b0a48f79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
50d81f172a0da256776a7fb6da6283da

SHA1
e43126d3e81b5dd2d6318ccafaf06c722d5357a8

SHA256
dbdca1765fc84e5daee625e8da6a4034d8a683b1c49ccdc7be807d73cc576f25

SHA512
b45cbb070e625df507d3834fd95926a601fca4ba29939581ab8854d2e92eab89d1b2305c2d8bffc81206f2378fee18550ba34e56e70e227fcfffb20838ea90ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a0a3c969a5d6572d0b691a7593ee793

SHA1
74f98e377a6904dbff61b3d0b40f3ca8b4da8d50

SHA256
ba47fb77ba2d877e9da36168d03bcd56fcd4bda75e18fd110e5ddab359a22ff6

SHA512
8257a4e8c77d3c0f1417d1c6546c301bf7ad3b35721ef3b830f879e807da66f55dd0e151334745711b73f5d1e04802ff3f89ade4df97b810d2a66baa3af49f2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6465e86b7da845c912f775b524a68898

SHA1
4bc9130b3d7f741e1350c544d619f160c39d6ab2

SHA256
833228bce849b02467ef7ff9ae0333e0ec7b9bce9e50ac44d5aef63a282d043a

SHA512
1f6c31c068bb6d4dc4c6476be29f3d8afe2d384685a4b19b12d1426d8a221846be3fc96a8d1de65b06f5eec20664f1aa4c37c27c0b8463986d976a0b20eea051

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9fea29501c3ebcb5ee47abba2998343e

SHA1
1a57a03d5ab57ded5df9bbb9523185d8c8e74a53

SHA256
bdc1da55a99488b67204b98d0360837fbeb22dec2d2282e339a1da233659e34a

SHA512
e4a77d135382ec8c888a00ebdfa2e7315323b9eb4b9021277cf65effac8497ff340b59298d2c4c45d1707099d0af6d3e256623acbceeaefd2353616841733e5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7911627dfd4525e7158c28ef08e8383b

SHA1
5171ee5815dafe1e20ef371328c80ad4980e7108

SHA256
0f1a9bfd31d0c5dce9a28329ef07cb92adf908704d9770d2fd45417b538280f6

SHA512
d8a95cbffc6222d0065bad0f400b6a890817a80d17ef47d58a43fd9250600590d66ddfcba2cd5592f39d16381b0b251b51a400a434708d69e6d488d9e4902803

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0adc4e27005c3dff6cd243855e8d9145

SHA1
9219f0bb472c736d804cb5d4efe19084cf7c4fea

SHA256
1253e7aadd7b007dd667a819d8c6839379a7b0a9f9bf1ecaff714a2f39fdd31d

SHA512
50398cd767a5e60f7222c72e8d93c08bc813748ed8859e99afd81e76918cae582c02c139452c00ba61bc0150d95cd8b41032498375c661fd7171a9f1f3e441d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
452cf48aa20c396616e80dcd72343649

SHA1
39cf25bd7817014a63fd2e5f8e14326855f71cc9

SHA256
af5cba719ced75da1ea34c58241b18b9f204d95d3e818e42a74103a857669e40

SHA512
bc81a5e98665eb633d0104118ec7c7d1d3a6eb2277a24d1a765d674b358b70033ab6fb7d43c2ee73e378b7aa47c6ec7b169de48200f084838bda6b79efa7ae71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b8ee2575febde78831d745f211066ce4

SHA1
c67c2ddac98fc79f8494e38190ce1c9f965b7d5d

SHA256
ef6d6a5976f19158d4ab0b3ea29eb5d84ac92db00cc829e3a4c39e1e4e27aabe

SHA512
1231c02bcceb900d8b86f5d07d9fb56e9aedc8ebfece58eb11d48375da98f4a70cba9c50b28c6f4ff0ee7b16b4ff22b8fae74ed993188a189d79b748e3758686

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d01d57a5626da3efb7f439dcc370bd7

SHA1
860d52381e2f8ba745a8d7b952d9b8de6d79b527

SHA256
b47a5a474c7cfd0b0ea45c03d28b8db19985207dbbb67ee442badf68e0e62c52

SHA512
fa0583a13b710d3b14bcbf81ca24ccf5ef7cbad7f919c017e832b0992f4f954b61bcd42358700d47353371ad52a26f2f2e640319d7b2086d205dcaf945565f8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f4fe0f9af359ad265e76006c8569ba5

SHA1
b8b36020eaae26e324682df2ebed949e6c82d799

SHA256
e8ad9ef7182136f8f7fd4b44e3d73b8c9d2dd5581f38955a7f88b706db4f505b

SHA512
16ce6261de9744e19888cc1db3c109bae9aa0cf4d0269feeaa582dc95679828d5aa96c100b632a5b04d9b8ef77f18c62fd23f393cc58e498921de3470a341b02

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C75FD46\Assets\exit_close.png

Filesize
670B

MD5
26eb04b9e0105a7b121ea9c6601bbf2a

SHA1
efc08370d90c8173df8d8c4b122d2bb64c07ccd8

SHA256
7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

SHA512
9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C75FD46\Assets\loader.png

Filesize
279B

MD5
03903fd42ed2ee3cb014f0f3b410bcb4

SHA1
762a95240607fe8a304867a46bc2d677f494f5c2

SHA256
076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1

SHA512
8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C75FD46\Assets\minimize_progress.png

Filesize
212B

MD5
1504b80f2a6f2d3fefc305da54a2a6c2

SHA1
432a9d89ebc2f693836d3c2f0743ea5d2077848d

SHA256
2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

SHA512
675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C75FD46\BlueStacksInstaller.exe

Filesize
604KB

MD5
e0c9e5ab58dd36824eb0a1ba23149a2b

SHA1
51dbf4922abf513a6e9d6745440b456c23b53a9f

SHA256
0eaff52f5875027fe49faf6e6475420fff55d0d50342415d735b2ae5dbc708da

SHA512
73cadf7261cee9570e5d0423a37d9f2b95e5382b03b5819b2f1d3b5b6d16621879495ac744d5b72b4b233abdc1d3f494174524a153292b1079d19fa6a8c8ea4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C75FD46\BlueStacksInstaller.exe

Filesize
604KB

MD5
e0c9e5ab58dd36824eb0a1ba23149a2b

SHA1
51dbf4922abf513a6e9d6745440b456c23b53a9f

SHA256
0eaff52f5875027fe49faf6e6475420fff55d0d50342415d735b2ae5dbc708da

SHA512
73cadf7261cee9570e5d0423a37d9f2b95e5382b03b5819b2f1d3b5b6d16621879495ac744d5b72b4b233abdc1d3f494174524a153292b1079d19fa6a8c8ea4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C75FD46\BlueStacksInstaller.exe

Filesize
604KB

MD5
e0c9e5ab58dd36824eb0a1ba23149a2b

SHA1
51dbf4922abf513a6e9d6745440b456c23b53a9f

SHA256
0eaff52f5875027fe49faf6e6475420fff55d0d50342415d735b2ae5dbc708da

SHA512
73cadf7261cee9570e5d0423a37d9f2b95e5382b03b5819b2f1d3b5b6d16621879495ac744d5b72b4b233abdc1d3f494174524a153292b1079d19fa6a8c8ea4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C75FD46\BlueStacksInstaller.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C75FD46\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C75FD46\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C75FD46\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C75FD46\JSON.dll

Filesize
411KB

MD5
f5fd966e29f5c359f78cb61a571d1be4

SHA1
a55e7ed593b4bc7a77586da0f1223cfd9d51a233

SHA256
d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

SHA512
d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C75FD46\Locales\i18n.en-US.txt

Filesize
18KB

MD5
34405af4ef073eebfaa23df0ba5555c0

SHA1
2024caf7834505097673287739f881d64f79e9b1

SHA256
f0c241cbc4175898b7bd568fc69ec02323c12faeeb752e8e43355fadcd05dd5f

SHA512
e7fc8cb7380ea15f366f867679a52f21ea1c14373f1042061e6d42ef64f8db61f110b9ba61c08e6ac6811621f3b26679e7c2778008ddc39b51956034a738fa10

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C75FD46\ThemeFile

Filesize
80KB

MD5
c3e6bab4f92ee40b9453821136878993

SHA1
94493a6b3dfb3135e5775b7d3be227659856fbc4

SHA256
de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6

SHA512
a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab734E.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar73BE.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
\Users\Admin\AppData\Local\Temp\7zS0C75FD46\BlueStacksInstaller.exe

Filesize
604KB

MD5
e0c9e5ab58dd36824eb0a1ba23149a2b

SHA1
51dbf4922abf513a6e9d6745440b456c23b53a9f

SHA256
0eaff52f5875027fe49faf6e6475420fff55d0d50342415d735b2ae5dbc708da

SHA512
73cadf7261cee9570e5d0423a37d9f2b95e5382b03b5819b2f1d3b5b6d16621879495ac744d5b72b4b233abdc1d3f494174524a153292b1079d19fa6a8c8ea4b

Download Submit
\Users\Admin\AppData\Local\Temp\7zS0C75FD46\BlueStacksInstaller.exe

Filesize
604KB

MD5
e0c9e5ab58dd36824eb0a1ba23149a2b

SHA1
51dbf4922abf513a6e9d6745440b456c23b53a9f

SHA256
0eaff52f5875027fe49faf6e6475420fff55d0d50342415d735b2ae5dbc708da

SHA512
73cadf7261cee9570e5d0423a37d9f2b95e5382b03b5819b2f1d3b5b6d16621879495ac744d5b72b4b233abdc1d3f494174524a153292b1079d19fa6a8c8ea4b

Download Submit
\Users\Admin\AppData\Local\Temp\7zS0C75FD46\BlueStacksInstaller.exe

Filesize
604KB

MD5
e0c9e5ab58dd36824eb0a1ba23149a2b

SHA1
51dbf4922abf513a6e9d6745440b456c23b53a9f

SHA256
0eaff52f5875027fe49faf6e6475420fff55d0d50342415d735b2ae5dbc708da

SHA512
73cadf7261cee9570e5d0423a37d9f2b95e5382b03b5819b2f1d3b5b6d16621879495ac744d5b72b4b233abdc1d3f494174524a153292b1079d19fa6a8c8ea4b

Download Submit
\Users\Admin\AppData\Local\Temp\7zS0C75FD46\BlueStacksInstaller.exe

Filesize
604KB

MD5
e0c9e5ab58dd36824eb0a1ba23149a2b

SHA1
51dbf4922abf513a6e9d6745440b456c23b53a9f

SHA256
0eaff52f5875027fe49faf6e6475420fff55d0d50342415d735b2ae5dbc708da

SHA512
73cadf7261cee9570e5d0423a37d9f2b95e5382b03b5819b2f1d3b5b6d16621879495ac744d5b72b4b233abdc1d3f494174524a153292b1079d19fa6a8c8ea4b

Download Submit
memory/1308-122-0x0000000000800000-0x0000000000868000-memory.dmp

Filesize
416KB

Download
memory/1308-178-0x0000000000420000-0x00000000004A0000-memory.dmp

Filesize
512KB

Download
memory/1308-197-0x0000000000870000-0x000000000087A000-memory.dmp

Filesize
40KB

Download
memory/1308-120-0x0000000000420000-0x00000000004A0000-memory.dmp

Filesize
512KB

Download
memory/1308-482-0x000000001AAA0000-0x000000001AAA1000-memory.dmp

Filesize
4KB

Download
memory/1308-119-0x000007FEF5B30000-0x000007FEF651C000-memory.dmp

Filesize
9.9MB

Download
memory/1308-998-0x000007FEF5B30000-0x000007FEF651C000-memory.dmp

Filesize
9.9MB

Download
memory/1308-1053-0x0000000000420000-0x00000000004A0000-memory.dmp

Filesize
512KB

Download
memory/1308-1108-0x0000000000420000-0x00000000004A0000-memory.dmp

Filesize
512KB

Download
memory/1308-1163-0x0000000000870000-0x000000000087A000-memory.dmp

Filesize
40KB

Download
memory/1308-118-0x0000000000360000-0x00000000003FA000-memory.dmp

Filesize
616KB

Download
memory/1308-200-0x0000000000870000-0x000000000087A000-memory.dmp

Filesize
40KB

Download
memory/1308-1164-0x0000000000870000-0x000000000087A000-memory.dmp

Filesize
40KB

Download