7db3b0a7f0e41518b4bf10df437a873f78592a6c9013142c97bf4a0c0e84b0ab

Analysis

max time kernel
52s
max time network
153s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 23:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

BlueStacksInstaller_5.14.10.1008_native_596bd36a922f0b056d615bdb2e64d6cd_MzsxNSwwOzUsMTsxNSw0OzE1.exe
Size

900KB
MD5

dad453501214475057b5e4963eade103
SHA1

887a480f6cae6b3fc216fc8b26be844483613b72
SHA256

7db3b0a7f0e41518b4bf10df437a873f78592a6c9013142c97bf4a0c0e84b0ab
SHA512

9f50e2d5d66abba4d407c3cef1eeb2d8b412cc8607c8c35e9e07c762ec074c8469a7fa1dde3906afd88e723b1722a29d0d99c2ba0d1ca6fbe53a67e6c95ab449
SSDEEP

24576:yivtCXWeGKiFGMO0UtscdyY14dMM+gTM2Ozm0:3tCXWPnc8Iyo4dMa0

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
1492	BlueStacksInstaller.exe
2300	chrome.exe
2736	HD-CheckCpu.exe

Loads dropped DLL 4 IoCs

pid	Process
2664	BlueStacksInstaller_5.14.10.1008_native_596bd36a922f0b056d615bdb2e64d6cd_MzsxNSwwOzUsMTsxNSw0OzE1.exe
2664	BlueStacksInstaller_5.14.10.1008_native_596bd36a922f0b056d615bdb2e64d6cd_MzsxNSwwOzUsMTsxNSw0OzE1.exe
2664	BlueStacksInstaller_5.14.10.1008_native_596bd36a922f0b056d615bdb2e64d6cd_MzsxNSwwOzUsMTsxNSw0OzE1.exe
2664	BlueStacksInstaller_5.14.10.1008_native_596bd36a922f0b056d615bdb2e64d6cd_MzsxNSwwOzUsMTsxNSw0OzE1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies system certificate store 2 TTPs 6 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	BlueStacksInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	BlueStacksInstaller.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1492	BlueStacksInstaller.exe
2032	chrome.exe
2032	chrome.exe
1492	BlueStacksInstaller.exe
1492	BlueStacksInstaller.exe
1492	BlueStacksInstaller.exe
1492	BlueStacksInstaller.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1492	BlueStacksInstaller.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 1492	2664	BlueStacksInstaller_5.14.10.1008_native_596bd36a922f0b056d615bdb2e64d6cd_MzsxNSwwOzUsMTsxNSw0OzE1.exe	28
PID 2664 wrote to memory of 1492	2664	BlueStacksInstaller_5.14.10.1008_native_596bd36a922f0b056d615bdb2e64d6cd_MzsxNSwwOzUsMTsxNSw0OzE1.exe	28
PID 2664 wrote to memory of 1492	2664	BlueStacksInstaller_5.14.10.1008_native_596bd36a922f0b056d615bdb2e64d6cd_MzsxNSwwOzUsMTsxNSw0OzE1.exe	28
PID 2664 wrote to memory of 1492	2664	BlueStacksInstaller_5.14.10.1008_native_596bd36a922f0b056d615bdb2e64d6cd_MzsxNSwwOzUsMTsxNSw0OzE1.exe	28
PID 2032 wrote to memory of 2044	2032	chrome.exe	30
PID 2032 wrote to memory of 2044	2032	chrome.exe	30
PID 2032 wrote to memory of 2044	2032	chrome.exe	30
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2816	2032	chrome.exe	32
PID 2032 wrote to memory of 2256	2032	chrome.exe	33
PID 2032 wrote to memory of 2256	2032	chrome.exe	33
PID 2032 wrote to memory of 2256	2032	chrome.exe	33
PID 2032 wrote to memory of 1552	2032	chrome.exe	34
PID 2032 wrote to memory of 1552	2032	chrome.exe	34
PID 2032 wrote to memory of 1552	2032	chrome.exe	34
PID 2032 wrote to memory of 1552	2032	chrome.exe	34
PID 2032 wrote to memory of 1552	2032	chrome.exe	34
PID 2032 wrote to memory of 1552	2032	chrome.exe	34
PID 2032 wrote to memory of 1552	2032	chrome.exe	34
PID 2032 wrote to memory of 1552	2032	chrome.exe	34
PID 2032 wrote to memory of 1552	2032	chrome.exe	34
PID 2032 wrote to memory of 1552	2032	chrome.exe	34
PID 2032 wrote to memory of 1552	2032	chrome.exe	34
PID 2032 wrote to memory of 1552	2032	chrome.exe	34
PID 2032 wrote to memory of 1552	2032	chrome.exe	34
PID 2032 wrote to memory of 1552	2032	chrome.exe	34
PID 2032 wrote to memory of 1552	2032	chrome.exe	34

C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_5.14.10.1008_native_596bd36a922f0b056d615bdb2e64d6cd_MzsxNSwwOzUsMTsxNSw0OzE1.exe
"C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_5.14.10.1008_native_596bd36a922f0b056d615bdb2e64d6cd_MzsxNSwwOzUsMTsxNSw0OzE1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Users\Admin\AppData\Local\Temp\7zS86A3E846\BlueStacksInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS86A3E846\BlueStacksInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1492
- - C:\Users\Admin\AppData\Local\Temp\7zS86A3E846\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS86A3E846\HD-CheckCpu.exe" --cmd checkHypervEnabled
    3⤵
    PID:2300
- - C:\Users\Admin\AppData\Local\Temp\7zS86A3E846\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS86A3E846\HD-CheckCpu.exe" --cmd checkSSE4
    3⤵
    - Executes dropped EXE
    PID:2736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1ab9758,0x7fef1ab9768,0x7fef1ab9778
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1348,i,1103075013752114606,1234428561897871821,131072 /prefetch:2
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1404 --field-trial-handle=1348,i,1103075013752114606,1234428561897871821,131072 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1556 --field-trial-handle=1348,i,1103075013752114606,1234428561897871821,131072 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2264 --field-trial-handle=1348,i,1103075013752114606,1234428561897871821,131072 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1552 --field-trial-handle=1348,i,1103075013752114606,1234428561897871821,131072 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1696 --field-trial-handle=1348,i,1103075013752114606,1234428561897871821,131072 /prefetch:2
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3208 --field-trial-handle=1348,i,1103075013752114606,1234428561897871821,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3456 --field-trial-handle=1348,i,1103075013752114606,1234428561897871821,131072 /prefetch:8
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3512 --field-trial-handle=1348,i,1103075013752114606,1234428561897871821,131072 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3728 --field-trial-handle=1348,i,1103075013752114606,1234428561897871821,131072 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3724 --field-trial-handle=1348,i,1103075013752114606,1234428561897871821,131072 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 --field-trial-handle=1348,i,1103075013752114606,1234428561897871821,131072 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3980 --field-trial-handle=1348,i,1103075013752114606,1234428561897871821,131072 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2416 --field-trial-handle=1348,i,1103075013752114606,1234428561897871821,131072 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3636 --field-trial-handle=1348,i,1103075013752114606,1234428561897871821,131072 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4072 --field-trial-handle=1348,i,1103075013752114606,1234428561897871821,131072 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4340 --field-trial-handle=1348,i,1103075013752114606,1234428561897871821,131072 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4168 --field-trial-handle=1348,i,1103075013752114606,1234428561897871821,131072 /prefetch:8
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4180 --field-trial-handle=1348,i,1103075013752114606,1234428561897871821,131072 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4300 --field-trial-handle=1348,i,1103075013752114606,1234428561897871821,131072 /prefetch:8
  2⤵
  PID:3004

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c9d7dab6b756abba67dac0b49e493d9

SHA1
c7a77fcd2c7deff4b65b8fc6855051357682707b

SHA256
d78c5b5adcaecdb9a135b1cb1930d1b6f6812ac027aa0fa0064c539039d23557

SHA512
3cc1a30743188d5926cc53aff0ad303f8ba1e07e3c24550328a56ffc8108fc155f0a4e8509ea70cf9fedd0711f0547b1996334ae35d5d44e02199429fb53f586

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30b1c6d9c578f84f13f44815887c76b9

SHA1
1e65a9aad5d71db40817f5fec73e4a37943d71b3

SHA256
e892a5a37df5a8c006164c0124a9f16f121404224b2d11ed4afd5cb7c64400aa

SHA512
9c9225226ebf8d7b33b1bcbfaddfd951a699dd758b19f1af546c86f1a3b834ad0446e20f6edd787fe203eadbf9547b8e76109eeb80825db7f440eb46213f937a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2704a70d2f3341b8912e637470a2065e

SHA1
c6868c43be28ba730bd8f8a7c3788e572a6b7cba

SHA256
530f07aabab673a33083378a38f0e18524f9e90a1af71494e7aaf80b607de64c

SHA512
dfd7815390a9dd49b2295a3b863832915872c24bb5b6b52e95bd68e7a4e143f65223f78750d3cff003e43fd61423184e595b94a9cbc165f4dc35e9c8230f9459

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1702c50a56f68d0e2439451340c8a15e

SHA1
4c8f343f8bd0b96b3f94d69368bea5401d366f1b

SHA256
15260420a869a39b5389e0bf18e5c7f1cdaa0db6d9063ce5f6a75e577a0b6688

SHA512
8883d9e30faec89a28de2f9b00dcaff241c4f2324a24fd20b3fbdfb7d13a93afc48ba8ecc78b519cc2fe0898f55fc3926b8907d19d3f39e79c725903d07d1f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c0f8e92366447bb825267bb45bf8c8f

SHA1
e9275840b132f72efdc86385108aa2cb9be3f728

SHA256
8b7d2b469f8de62f7583777b16f01507e039f7219d2a4f846ce1caa9b0b6ea3d

SHA512
696e8f786f735d864170dde7751ea293b38d1d517131414c7e06627543afff9b1a5f689d41a73a5e7c00a3ed9bc6ee937a6be40cdb1c733f67c0253a25c52553

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9ffdb6613ac7309fdd03160e06507c2

SHA1
3575e826a735cc97d680e34e66ab9246d7c054a8

SHA256
49b5aa69fc1206bbc3af2c4ffc053f2805ba0e29b24c6e4b7d0daff7c4b8d286

SHA512
152efc998c435e42f0801e19511e4b8e6b61044866f5720af1923af5f053c7c9aaf9e9fee8f2abbc5dd20566670b663ddc62aa142a082eeafe700a9303f71c1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
723dbef9229d0ff17f8929b1ebdfafc4

SHA1
04f6d8769bab75758c22a4b81bbbf6a7bb7a8395

SHA256
039f48784ae7e5fac59600fbacf7ac29367583c1d68c46414a4719cbcd2fdd45

SHA512
e036e034971788eb00f27157f0475472d7ea4ac5364bbf860f4f58596fc4ed60ad37ffd9699d7592d25ef6ef047ee3662db1bd3feee3d854c23276c5318284db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dae645830790d8cd7d42b449f97d7350

SHA1
7b88cc89c1385efffe125962046c0351f2368f89

SHA256
15d6a19a13de0a75deef89eabbc94a6f0ae23536281c615866520bf79bae6656

SHA512
340e895e0963825c24cbc383f196e760d0b3face30f71e6cfa70584e400c922d90fd74a7f6909e705a862ee3a57a4d688d33598cc425421a9e6ea024accf1ec8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
948f7d77f6afe033ea18683b891bc20c

SHA1
29dc1de130c73493d2d10b0036e61e078e17d0c8

SHA256
14cc1a88b4ca5502ce2fe6a9d66ec07526494d29f7fe45a17a29e0928d2c94e4

SHA512
5abf29e64ae6678fdf83e638e2be3e5534e7f066fd5b0d271048e20ca7dde7deef11ac08379229b93c722160d7c71d61ae2ff5aea6d9e05a72c3d270d046d78a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15080cc5549b08b89d4766de1f0352b9

SHA1
808eb553a4de09bd0c25f447a11c1f1c10ef8057

SHA256
9cd7f1e7406c036cccc39b3c03cec8a990265e459fdd70ba7df61c7121b39420

SHA512
28c1b9d4f4e52eaa42a6988b86ff087f00706354c5b983cc91adb635f33b4eadb95e90020568fa707ba3e017bea100577ae620b5726e32c73bcb1eb361e9b3d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8dce4a4a9bdc4b12a26aede18589542

SHA1
8b1a3aeb1a0b2ae86db183543fb6a5b7aad9b378

SHA256
2e836a547504b2790be66af99186e123ec37fa31debc069f336db6d1914d7276

SHA512
4f246a4dd2d59757e0bd2cf4f4d59440f3442de4e0095f2539145c85ede85ac0b273c57db3f5be320f70b5c3bd014fc82b645c0f1e799bb492bf38b72c138f75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae4215de056fed4ce44d47f5d05ee464

SHA1
a033b0434367d6ed4485e5a526b4cce7779173da

SHA256
a9c91535c9b80b6b5d4a752a949eab976ca65bf23a97a77ea9cdec7a23e15b5f

SHA512
37f1584472eb41fef5c6384c47b297877c6c1f5b83a8899af485fc2f05b16d82c571e926f644100d7bd792b30750ebeabff6de47c7b496668e4136e0c2a88ec5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa3e218159b26b09b60014a844aa587b

SHA1
54e15bfb7914bf2d98cf86800ec79aaa0f7dd405

SHA256
6241b644b788ae6b3856a65904833010a9e6333dff475c840bbfb3570f6de6a4

SHA512
40c409a36662b10656eab5732a647fb9d8c45f4c09567a87eaa765d3af38700c72fa45cd6e3cfe3e7db981afce9de78c340c1e8707105ab3e20190e8b1364bfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0aa371465f3faeffc6bcd35efa410d9e

SHA1
48a633f7a19520fcd6f6c13ddb283cedd0f2c2d6

SHA256
cf033b02b87708c1627ea6dc58118c51a85a3a158d797b80ed8604445f3e69a9

SHA512
60c6a9b8d6c968c652427ccfdd42562a3dd368f0374636702877dd92e9422fc03e96b84472353ec9d487b3f2cf47f3401806d014859645bf16d08dd74be0aee0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5047f256f3c2835cb38353d3ee798461

SHA1
8650bea265b08b39e02a3efe3b15ba7f31da90ec

SHA256
79bfdbbf75506128a7f1e19c9c81516d017132f3ab44705a1d31fb1ed9bc7ea3

SHA512
8344cac24d6ba30ce635a439d98eb64b8574e3eb8eeacb0abf561b0331419b8521cf74d5dfd0dce251b540dd3a444fcca4ae193d5a4e94aa8df7ac4ae935cce1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51093c0fe5d91bc398cfcb8545b93b6d

SHA1
46fe0f00a6540aab53a99a67f876709237aafce7

SHA256
002e1d73b03f0d8f3f0e065a43fdc25da34df62bf8704b9d5fc8bb93f6e18f82

SHA512
265e8be994ed42805c1516ba58b15a74631b94ec56304a3531f85a0b7165e5f5fdc8fbbd5cfaf052c9bdedf70644874dc3d911965d2e4f3529424ca336dbd927

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0bae4f5b42e80ac308952b8c51a31b1a

SHA1
16372565e6b43d38d7c3d3e80642c3a175ed2f73

SHA256
26764501937bb227f5d8f35c15bd8cb8f555ff12db379c96bfacc2d8e08db441

SHA512
ec9e3ebbb7f78aad1275327f5be156c775cce82a6c5e368140667a07a49962cdde6c63146c027b6f58d3bfd3ea8d19f30b025d21ea585d78c55c4baaaadb7abb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
566cbd4bcf8f65d53ec5ebc961d62cc6

SHA1
d28c77132d465dc387b7d8b96c34fe5a0f3f5f22

SHA256
c9012225e8bd98bd76ece320ee9d22e91c4954416f1dc663d53be7ab85d989ea

SHA512
5d7002107dc574496ebc38b80b4ca1356603c90c0d1bc27edd6e7f102a52df80c126ba59ea23c67a22069a160831568acca5e5fa832b4da9171598edd85d4639

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f328bcbf596670402e86d58fc20bd211

SHA1
380ad8e451d1ec76cd8b4a10486b79cd906870cb

SHA256
d6e52d1cba9cce415fc0d260ea6d7596163f90ba21563b0ece30e9feb92f30be

SHA512
8773bf8f6f8f7634bc01334d258288310b8e5a561f83cdb79131db18a2aca7aabcb133cef6e3c20025c7174302a84dbc89eae4656ba4c9e21a77fa9dfc6c341b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe419d73c9715c991f7e86fd1cb93816

SHA1
b256e61915fc898c37360527e1e38f804b9ddae0

SHA256
27b68ea3b900ebf9ec31801a8e1531a27b26803b8376cef6b6433ac579bd80de

SHA512
d03144b05d6b9b5fc60896ff686b649c2d5718e4569dcf1039cee06ac2245bb5f8486abe58e715a647ab20e3ebe25910f7a51834f6837cb3bf3123c03f6bcb6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f50474a85309f9e17c9b982fde74526

SHA1
5d6ac2ed0b79d62234b79446777047e8d060bab4

SHA256
c8be385ba3b1ad4058871d53519f024b6cb375a8fd95a6499b9ad9fa4d5081f2

SHA512
f1efa3f9e9d93185d5575047450191c524bd20bb116d97e2fee5ce33fe8d5fa9fe100bd7835b8685f8502ceeb1d784f2552ecdbf25074412d28f789b44919ad0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
214519191fbf744c62246f0896019130

SHA1
d1ed139ea8b22360da868a36f55245d6ebd50ee8

SHA256
6627f8f47ded6418b604449001f8a7c17348beccf92df1d4e1ec583b115a0e8d

SHA512
a61cc0f4405adb30c5b4e2e7f85c30fbf85fa8c356d592ecbeaeb38f45714572419fd7e7ca9e3b55b585ad5adf5eecd763a5a6447884c3a2153d73a644fa95db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a33e41a8666baeca3ae558f9c99d1824

SHA1
211423abb916f5dca7b98fc1c3992995de01538e

SHA256
c782ff6f91e77bb5aca6cc48a65b578cac8a114214b3c9bf0f19c9a499ec073f

SHA512
9cdab291821e4fdd3b5897f506911a09acc5d7a050e2470e8898209d80442e7d31064b3e4599bace9e2c178ddea575d3e70003d362a10bb51fc34a4640299d79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19c75d5328ef2669de9254b035cf7c04

SHA1
63e89fad21ffb2240db5f3986a4f43d3270fba0c

SHA256
585bdb3272ab547e68c54d5bec72b7abad39e7023fb2968c338bd5bbc2e18b76

SHA512
0064949c23417d1a8e04bb030be25492a59f730fc56cc89037fd5d60aa99b16e6128435ba000dc132d9b2b179bf511aec76e3377b48d7f84bbed353f075681e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c63f91ddc26c99a0de4f5f0f919b501

SHA1
43fe3875a40d09322590728a536767a43e8607c5

SHA256
55195f0af2c67e9ca74366e82270df10862f8497a674ee3632a6419cac6c6e09

SHA512
d2f50db5dab3b6558f5fd83a1e08e1b59fa796fe5d33dd6ef879c3954a29fee5e1a732a7aedc4810654f840e0abaf31d23f74cd38a2376422bfacc6f3d1a9139

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
59c2a1d001a68d621c35ffe7df9b7fe3

SHA1
39a320e9d1116372515701f81c903c059cba792f

SHA256
1816cd8529e82d14fa98ad4aa447b78a0d2d7b28a71aa7c8d87e34ea3dcb33fc

SHA512
aa7295fa6e5fed27b6d143f87067950514ab115b85a21c264e2f886d229bfcac266b896a4a0af46e26c29e43802440c3d0de47b533ef179b799c59f536abb512

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bca4fa35c189cf822c4373e3583b1d3b

SHA1
e84a2ddb95d3393ce2039800728e3be246a2cdad

SHA256
3b2b51f2e69f673603b196b9c585a01cad41aa44ff716bfb5d369f669c86d946

SHA512
052d5216a6357cb4ead1502cd619c33d3f280773b74c650291579386eae46d2dbc8ef8997bfbdc802c5d6c0603e2c6003e367beff82b1fd525df12e4da2e14f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06a480eaeb808a6d3b299d05ea5ba2ca

SHA1
9077474510d2242af05adff9c7cfa6b22399d76e

SHA256
610e690719623d1186b30ab08e08914ea0ea953941c37daf02b7039b3d7b9235

SHA512
fb61c395a87580d1e95fac94b999913ddc2d1fcfef0c81b7cca62b1a228f020588ec783dee4c24a52c33cb65acf0731b9e8f61a5d9f29a9fa0e59e4c492fe488

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c08c43694673caed2d696184c9f8866

SHA1
6d6d03d1837e64af5786eb02ebfadde3b46f5b3e

SHA256
b95d5a405e287d93392bca015b45a8537387823fa768d5b326bbbbe8bb4638c7

SHA512
72560c9763326f489fbf6387189042f32b59897fa9d7def4c1b89695ab74c58a98bc05cda17d10bd1ea16dbb4e84796c042915716c39c76f42ece4e54064853c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae0529c62ed33107b2e0c4e54e2e3c0f

SHA1
f75964ba39c54637c47fae358e290fa98c25654a

SHA256
ed394ecbc1b7538ec53e5d85a28ae7eb5c2bca91548f20a23c0650acce6d3f41

SHA512
0e2de4bd67a23922eb13be0fcad87f23149602aa288ade3a2db3888df9e663bf5b192f96e6f3faab333706b532ad8fe7b6a85ccd4a6d0635a95dbba1e8450fdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
770b82c1f21dfc6995b591f2cbe2adea

SHA1
dc0f6e39cc19202a6a93507e6bfef783dae44b2f

SHA256
4241f1195b2a63f212aeaa7d32ea2cd5a29dbc6f581eb98cafe30e8d3bc86393

SHA512
faa3b9995827753f38b5ff3edb8f04ab0cbb594626d1b8210a72a4b4a9098076d6fba28d0d4ff5f344177822e97eea0b6e4834467a3b2a0c1c3fa79f0a15aafa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4799ad26bb78299175ced4ccc1f5ed2f

SHA1
75ef8040ab11779714e525c9ac5319059e643385

SHA256
fa84b493ca3ce559a1706b0e273bc5fcecb674b04f5decc9c5f8c8d0f7d75709

SHA512
ae09b42790cc870de68c885455c1be7e85c801c89bd275d6b4f578a6e4f051718ca8ab969f8ffd4cab856f6fe905796f745640e5f092c0c13812b22f56871856

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\258b1b9f-ab16-4c05-ba1a-9e15ea7e3a7e.tmp

Filesize
5KB

MD5
bed54abe7ac8cc12d946c143538fe943

SHA1
3cae3fdae09e624ff304d668bbd1c292456f4c61

SHA256
e9428c9d6382026a5c6437f0a349917831db9434d10d1935286f84b3bc05b610

SHA512
9e71361e3ca04fe4faf71941c6e6feac9b9dd1c67d63989da8975bc8e9844713ed90fa417294c270622451da0ab1b2006d887f560fdc3e56e42f9388ed9de66a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
40KB

MD5
1128652e9d55dcfc30d11ce65dbfc490

SHA1
c3dc05f00453708162853a9e6083a1362cc0fc26

SHA256
b189ff1f576a3672b67406791468936b4b5070778957ba3060a7141200231e4e

SHA512
75e611ba64a983b85b314b145a6d776ed8c786f62126539f6da3c1638bf7e566c11daf18d1811b07656de47ff8b50637520cf719a2cacc77a9d27393fc08453b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT~RFf771c86.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
33b930f617e06bd4c71abb4ee920d9d4

SHA1
13a0ca0229280d406d2aa912aeb837dabcd7eab0

SHA256
bef0b614ef97995743634903ddd51384447d1e02ce40133d2c4bfa84bb08ba47

SHA512
81578f68e621a23985059c654763aa47476764813bf4167862b846222c7d164ded3174d446112d699b356e649d29eea19a26c09000b094e353d9897d18e754ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
46d1f2eea1fb8e0909a123aa0178b22c

SHA1
4928cb5d526e87541ec7c5ee1201a78633e70342

SHA256
3c9199a3f9ae0744678d55903a0e99d045644ba152b1ff901a257c1a1b904910

SHA512
f83c373c46494f035888f97a33f56b044e8aa7df22bd4f0f2efbda647743e4c31ce838fcd05af0809d1c404e4e92551033a96e9f03a9d1cb375f2233e168174d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d76c776f43da6e0b9c3332079c13bda3

SHA1
d5a45239465f1595f7a989506b3c5cb56524417b

SHA256
46912ac4614d5e6e77244112257c01e7c76406d57f42267d5438b5adb0872589

SHA512
1f262c11873827057b4fa44020955b91cf8db185a5841b3c08e653904a4ee2590d89bdc67a09e89150a0d295efcaf41eb4a3a39946dfcdaf7df570e2a147aa8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d132ffedf7be1a9a857d8146a672db30

SHA1
e51129e35da4503f81d64cab03541e40b76a58f7

SHA256
7beb611c0ab53ce11e62a0d24f00d4265ec8d035ea5000cce930a7805613d625

SHA512
f2ea8a435513ce7442a4a8d200f4dda9be663ddbf855a6cdbcb178e13c628a0a32e0fffea96d4de0de38f3a6db2368674562c00167a2452b47d3cc167210f2d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ceab70d1f83ce335cf60cd608f6850b9

SHA1
3b25181127fa209ecad9cb7d0caab718bcf95456

SHA256
45560b4c2f76ba3a9d3cd1611993baa3fd793a92df8ad90c201b3683bbf02de6

SHA512
d9da37e856ef4df48df2911dc30ef09d2a43f7d69273cdfb4f2597f60f41485cdefc2d7a5d311a85fc74b7ababcec81d8d92eea209d85486728c3543d86dcaef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
d59af252cccc81d5a3989738645b3615

SHA1
938c17c40b55c4386c72279c2637e72eef9c347f

SHA256
9d6babe7970854ab6a6179df030eb51d1a51130f6fd96cd3cc571168144667d3

SHA512
08612ff80531253c0a92dfa526e0002b3f4424b9f7c8ed45e84ba8b89f76a846cd83abae93bc29a717e0f4f52467e2783a2234ccb9fddbc33b0362b50d7f5b1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
20429298ae5814172a1c52a3ec05da07

SHA1
6edc4ef41dec4ca6c1ecc2ce19e7aba516edf72c

SHA256
7156a75d0e7bc70184f1c757efd4ac3100cb494504c2e01ea0be0cd435cf0a22

SHA512
d3dcbe84f7555f94fccd3465dd26850a2c9ada74a067ba8a7d71f66e2c58fb9f62a0f9c7f06b2911dde9831cc3522e51d1d54d4880a793d4605849b4bac5094f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ccea830584b310a69ad46e7454590e74

SHA1
b7c18d5722a9f6929b089944866005e98cec1362

SHA256
43e983e71a278689a21ab0b641961a38eca029261cb6dd1b55d14c0fcede93dd

SHA512
5b8ab24e9e827ba4e555705b9682ed595a9618c2e58e1f907f2ffba5712c18340e9262d8f3d98dfca9a6fb6fb0f71dd2b4d290fece9c6866010048e4c16ed427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
fdab095afeb503858b15ee5e1ca9e6b4

SHA1
e6577e8bd26c0bc46f51850590756e7d39f78e18

SHA256
701115afad5f8ec32655cf9373d3dd98f0caef55bd42e8bfc725d33a034b529f

SHA512
556f854bbb1d71235e6b9f26d38b08cbb693d5c95eb58f0079ebe7c0f97f387b9a5cb73809bb29fb8ab31def8649735886cf25ec228cbd93205d6890b9d2884f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS86A3E846\Assets\exit_close.png

Filesize
670B

MD5
26eb04b9e0105a7b121ea9c6601bbf2a

SHA1
efc08370d90c8173df8d8c4b122d2bb64c07ccd8

SHA256
7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

SHA512
9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS86A3E846\Assets\loader.png

Filesize
279B

MD5
03903fd42ed2ee3cb014f0f3b410bcb4

SHA1
762a95240607fe8a304867a46bc2d677f494f5c2

SHA256
076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1

SHA512
8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS86A3E846\Assets\minimize_progress.png

Filesize
212B

MD5
1504b80f2a6f2d3fefc305da54a2a6c2

SHA1
432a9d89ebc2f693836d3c2f0743ea5d2077848d

SHA256
2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

SHA512
675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS86A3E846\BlueStacksInstaller.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS86A3E846\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS86A3E846\JSON.dll

Filesize
411KB

MD5
f5fd966e29f5c359f78cb61a571d1be4

SHA1
a55e7ed593b4bc7a77586da0f1223cfd9d51a233

SHA256
d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

SHA512
d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS86A3E846\Locales\i18n.en-US.txt

Filesize
18KB

MD5
bc0bfbf0fa8b40c2f72957c2f57afb8f

SHA1
644765340a713413e159ff57f0098501ca8304f4

SHA256
819b673bc98a9aefa9e480b3df2a5f9558033fce38c2a2f5be08d10b9a859e28

SHA512
6e7e88ac28190011c1e1e2a78517e3bb858e35ac90f125882c64bfa26d5a6f7ee6718c558b9446f3aeead0a8fc53c825fca66ad2f6d82819ede19b88ff658e3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS86A3E846\ThemeFile

Filesize
80KB

MD5
c3e6bab4f92ee40b9453821136878993

SHA1
94493a6b3dfb3135e5775b7d3be227659856fbc4

SHA256
de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6

SHA512
a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8BFC.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8C5D.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
\Users\Admin\AppData\Local\Temp\7zS86A3E846\BlueStacksInstaller.exe

Filesize
607KB

MD5
1c2f4d75ff0aac16b18168aca11157f0

SHA1
405061f0838a1b9a22e8231f91f50a4c06c4e345

SHA256
c8df5ba6940be227bf1d5fc86d23e81745b6c09f60e28427e16e9a527f833a14

SHA512
8e6b39a11864fb741b5151f558af0de859adc78bc0bcc5707a0efe79befbd57eaf2584535c61a7826ac34a371abcafc5351535ed54ce46ad20c3e74381e12ed1

Download Submit
memory/1492-1235-0x0000000000510000-0x0000000000590000-memory.dmp

Filesize
512KB

Download
memory/1492-124-0x0000000000450000-0x00000000004B8000-memory.dmp

Filesize
416KB

Download
memory/1492-2084-0x000007FEF5310000-0x000007FEF5CFC000-memory.dmp

Filesize
9.9MB

Download
memory/1492-1559-0x0000000000C40000-0x0000000000C4A000-memory.dmp

Filesize
40KB

Download
memory/1492-118-0x00000000010A0000-0x000000000113A000-memory.dmp

Filesize
616KB

Download
memory/1492-335-0x0000000000510000-0x0000000000590000-memory.dmp

Filesize
512KB

Download
memory/1492-254-0x0000000000510000-0x0000000000590000-memory.dmp

Filesize
512KB

Download
memory/1492-119-0x000007FEF5310000-0x000007FEF5CFC000-memory.dmp

Filesize
9.9MB

Download
memory/1492-303-0x000007FEF5310000-0x000007FEF5CFC000-memory.dmp

Filesize
9.9MB

Download
memory/1492-122-0x0000000000510000-0x0000000000590000-memory.dmp

Filesize
512KB

Download
memory/1492-304-0x0000000000C40000-0x0000000000C4A000-memory.dmp

Filesize
40KB

Download
memory/1492-305-0x0000000000C40000-0x0000000000C4A000-memory.dmp

Filesize
40KB

Download
memory/1492-337-0x000000001A970000-0x000000001A971000-memory.dmp

Filesize
4KB

Download