6fb5b5f3c98740730b1586998e139edb2663dd412840e1abf56e6efdfb7a9ec9

Analysis

max time kernel
95s
max time network
95s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18-04-2024 08:17

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

BlueStacksInstaller_5.21.150.1024_native_b5d758d6571811d18e53bdfe55b20f8e_MDs1LDM7MTUsMTsxNSw0OzE1.exe
Size

910KB
MD5

a79a5198e121abce4acf2ae9b6d11999
SHA1

0cbf9d8b85d17112cf5555862d13d2ed1ab75718
SHA256

6fb5b5f3c98740730b1586998e139edb2663dd412840e1abf56e6efdfb7a9ec9
SHA512

3fb62bec31d66bcfd08adfe140f5dc60e741a02cf4d159b1142894495533f73f0d2d66de3df31cf477d3c5e7e886731a864563c10189148a42969ceb9f8c1f49
SSDEEP

12288:BivtCXQd0gjKX7zuqGKhD779TxgE98I17YpNgc8gJ68Va02CGTdeeflae1PcuBYW:BivtCXWeGK59Txt9OkcR8fQeaSz2BYaQ

Score

6^/10

discovery evasion

Malware Config

Signatures

Downloads MZ/PE file

Modifies Windows Firewall 2 TTPs 4 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
8164	netsh.exe
7684	netsh.exe
7460	netsh.exe
7436	netsh.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\BlueStacks X\config.json	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\MyGames\pre_enable.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\resources\qtwebengine_resources_100p.pak	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\te.pak	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\Qt5Svg.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\family\Rubik-Medium.ttf	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\account\edit.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\MyGames\Card_Elliptical_gradient.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\sl.pak	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qt_fa.qm	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\www\css	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\cef\locales\lt.pak	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\minimize_normal.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\web3.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\translations\qt_gd.qm	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\www\index.html	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\api-ms-win-crt-private-l1-1-0.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\cef\swiftshader\libEGL.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\xplugins\CommandLinePlugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\account\Choose_img5.png	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\www\localization\index.js	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_chroma\libyuy2_i420_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_output\libcaca_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\BSX.7z	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\www\offline.html	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\access\libaccess_mms_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libaudiobargraph_a_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libkaraoke_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libhqdn3d_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\liboldmovie_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\green.vbs	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\close_hover.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\services_discovery	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\boot_bg.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Gallery\pre_hover.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\Tutorial\PremiumGames\Icon_tip2.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libgrain_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libpostproc_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_output\libdrawable_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\position\qtposition_serialnmea.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\language\ja.qm	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\ja.pak	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qt_ar.qm	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\codec\libvorbis_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\ucrtbase.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\cef\locales\sk.pak	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\cef\locales\sv.pak	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\CloudMode\Icon_CloseTips_hover.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\settings\Jump.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\MyGame_hover.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\nl.pak	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libbluescreen_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\cef\locales\ru.pak	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\CloudMode\Icon_no_downloading.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\el.pak	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\cef\locales\da.pak	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\dialog\min_hover.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Search\SearchResult_CS.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\api-ms-win-core-xstate-l2-1-0.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\mux\libmux_asf_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libgaussianblur_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\CloudMode\Icon_CloseTips.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\ro.pak	BSX-Setup-5.14.22.1003_nxt.exe

Executes dropped EXE 7 IoCs

pid	Process
2900	BlueStacksInstaller.exe
2052	HD-CheckCpu.exe
928	BlueStacksMicroInstaller5.14.22.1003_native_b5d758d6571811d18e53bdfe55b20f8e.exe
2436	BlueStacksInstaller.exe
784	HD-CheckCpu.exe
1620	HD-CheckCpu.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe

Loads dropped DLL 64 IoCs

pid	Process
2204	BlueStacksInstaller_5.21.150.1024_native_b5d758d6571811d18e53bdfe55b20f8e_MDs1LDM7MTUsMTsxNSw0OzE1.exe
2204	BlueStacksInstaller_5.21.150.1024_native_b5d758d6571811d18e53bdfe55b20f8e_MDs1LDM7MTUsMTsxNSw0OzE1.exe
2204	BlueStacksInstaller_5.21.150.1024_native_b5d758d6571811d18e53bdfe55b20f8e_MDs1LDM7MTUsMTsxNSw0OzE1.exe
2204	BlueStacksInstaller_5.21.150.1024_native_b5d758d6571811d18e53bdfe55b20f8e_MDs1LDM7MTUsMTsxNSw0OzE1.exe
928	BlueStacksMicroInstaller5.14.22.1003_native_b5d758d6571811d18e53bdfe55b20f8e.exe
928	BlueStacksMicroInstaller5.14.22.1003_native_b5d758d6571811d18e53bdfe55b20f8e.exe
928	BlueStacksMicroInstaller5.14.22.1003_native_b5d758d6571811d18e53bdfe55b20f8e.exe
928	BlueStacksMicroInstaller5.14.22.1003_native_b5d758d6571811d18e53bdfe55b20f8e.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 11 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon	BSX-Setup-5.14.22.1003_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open	BSX-Setup-5.14.22.1003_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\	BSX-Setup-5.14.22.1003_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command	BSX-Setup-5.14.22.1003_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command\ = "\"C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe\" -open \"%1\""	BSX-Setup-5.14.22.1003_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX	BSX-Setup-5.14.22.1003_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\ = "URL:BlueStacksX Protocol Handler"	BSX-Setup-5.14.22.1003_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\URL Protocol	BSX-Setup-5.14.22.1003_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon\ = "C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe,0"	BSX-Setup-5.14.22.1003_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell	BSX-Setup-5.14.22.1003_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\	BSX-Setup-5.14.22.1003_nxt.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BlueStacksInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	BlueStacksInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	BlueStacksInstaller.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2900	BlueStacksInstaller.exe
2900	BlueStacksInstaller.exe
2900	BlueStacksInstaller.exe
2900	BlueStacksInstaller.exe
2900	BlueStacksInstaller.exe
2436	BlueStacksInstaller.exe
2436	BlueStacksInstaller.exe
2436	BlueStacksInstaller.exe
2436	BlueStacksInstaller.exe
2436	BlueStacksInstaller.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe
1656	BSX-Setup-5.14.22.1003_nxt.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2900	BlueStacksInstaller.exe
Token: SeDebugPrivilege	2436	BlueStacksInstaller.exe
Token: SeSecurityPrivilege	1656	BSX-Setup-5.14.22.1003_nxt.exe

Suspicious use of WriteProcessMemory 58 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2900	2204	BlueStacksInstaller_5.21.150.1024_native_b5d758d6571811d18e53bdfe55b20f8e_MDs1LDM7MTUsMTsxNSw0OzE1.exe	28
PID 2204 wrote to memory of 2900	2204	BlueStacksInstaller_5.21.150.1024_native_b5d758d6571811d18e53bdfe55b20f8e_MDs1LDM7MTUsMTsxNSw0OzE1.exe	28
PID 2204 wrote to memory of 2900	2204	BlueStacksInstaller_5.21.150.1024_native_b5d758d6571811d18e53bdfe55b20f8e_MDs1LDM7MTUsMTsxNSw0OzE1.exe	28
PID 2204 wrote to memory of 2900	2204	BlueStacksInstaller_5.21.150.1024_native_b5d758d6571811d18e53bdfe55b20f8e_MDs1LDM7MTUsMTsxNSw0OzE1.exe	28
PID 2900 wrote to memory of 2052	2900	BlueStacksInstaller.exe	31
PID 2900 wrote to memory of 2052	2900	BlueStacksInstaller.exe	31
PID 2900 wrote to memory of 2052	2900	BlueStacksInstaller.exe	31
PID 2900 wrote to memory of 2052	2900	BlueStacksInstaller.exe	31
PID 2900 wrote to memory of 928	2900	BlueStacksInstaller.exe	34
PID 2900 wrote to memory of 928	2900	BlueStacksInstaller.exe	34
PID 2900 wrote to memory of 928	2900	BlueStacksInstaller.exe	34
PID 2900 wrote to memory of 928	2900	BlueStacksInstaller.exe	34
PID 2900 wrote to memory of 928	2900	BlueStacksInstaller.exe	34
PID 2900 wrote to memory of 928	2900	BlueStacksInstaller.exe	34
PID 2900 wrote to memory of 928	2900	BlueStacksInstaller.exe	34
PID 928 wrote to memory of 2436	928	BlueStacksMicroInstaller5.14.22.1003_native_b5d758d6571811d18e53bdfe55b20f8e.exe	35
PID 928 wrote to memory of 2436	928	BlueStacksMicroInstaller5.14.22.1003_native_b5d758d6571811d18e53bdfe55b20f8e.exe	35
PID 928 wrote to memory of 2436	928	BlueStacksMicroInstaller5.14.22.1003_native_b5d758d6571811d18e53bdfe55b20f8e.exe	35
PID 928 wrote to memory of 2436	928	BlueStacksMicroInstaller5.14.22.1003_native_b5d758d6571811d18e53bdfe55b20f8e.exe	35
PID 2436 wrote to memory of 784	2436	BlueStacksInstaller.exe	36
PID 2436 wrote to memory of 784	2436	BlueStacksInstaller.exe	36
PID 2436 wrote to memory of 784	2436	BlueStacksInstaller.exe	36
PID 2436 wrote to memory of 784	2436	BlueStacksInstaller.exe	36
PID 2436 wrote to memory of 1620	2436	BlueStacksInstaller.exe	38
PID 2436 wrote to memory of 1620	2436	BlueStacksInstaller.exe	38
PID 2436 wrote to memory of 1620	2436	BlueStacksInstaller.exe	38
PID 2436 wrote to memory of 1620	2436	BlueStacksInstaller.exe	38
PID 2436 wrote to memory of 1656	2436	BlueStacksInstaller.exe	45
PID 2436 wrote to memory of 1656	2436	BlueStacksInstaller.exe	45
PID 2436 wrote to memory of 1656	2436	BlueStacksInstaller.exe	45
PID 2436 wrote to memory of 1656	2436	BlueStacksInstaller.exe	45
PID 2436 wrote to memory of 1656	2436	BlueStacksInstaller.exe	45
PID 2436 wrote to memory of 1656	2436	BlueStacksInstaller.exe	45
PID 2436 wrote to memory of 1656	2436	BlueStacksInstaller.exe	45
PID 1656 wrote to memory of 8372	1656	BSX-Setup-5.14.22.1003_nxt.exe	46
PID 1656 wrote to memory of 8372	1656	BSX-Setup-5.14.22.1003_nxt.exe	46
PID 1656 wrote to memory of 8372	1656	BSX-Setup-5.14.22.1003_nxt.exe	46
PID 1656 wrote to memory of 8372	1656	BSX-Setup-5.14.22.1003_nxt.exe	46
PID 8372 wrote to memory of 8120	8372	WScript.exe	48
PID 8372 wrote to memory of 8120	8372	WScript.exe	48
PID 8372 wrote to memory of 8120	8372	WScript.exe	48
PID 8372 wrote to memory of 8120	8372	WScript.exe	48
PID 8120 wrote to memory of 8164	8120	cmd.exe	50
PID 8120 wrote to memory of 8164	8120	cmd.exe	50
PID 8120 wrote to memory of 8164	8120	cmd.exe	50
PID 8120 wrote to memory of 8164	8120	cmd.exe	50
PID 8120 wrote to memory of 7684	8120	cmd.exe	51
PID 8120 wrote to memory of 7684	8120	cmd.exe	51
PID 8120 wrote to memory of 7684	8120	cmd.exe	51
PID 8120 wrote to memory of 7684	8120	cmd.exe	51
PID 8120 wrote to memory of 7460	8120	cmd.exe	52
PID 8120 wrote to memory of 7460	8120	cmd.exe	52
PID 8120 wrote to memory of 7460	8120	cmd.exe	52
PID 8120 wrote to memory of 7460	8120	cmd.exe	52
PID 8120 wrote to memory of 7436	8120	cmd.exe	53
PID 8120 wrote to memory of 7436	8120	cmd.exe	53
PID 8120 wrote to memory of 7436	8120	cmd.exe	53
PID 8120 wrote to memory of 7436	8120	cmd.exe	53

C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_5.21.150.1024_native_b5d758d6571811d18e53bdfe55b20f8e_MDs1LDM7MTUsMTsxNSw0OzE1.exe
"C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_5.21.150.1024_native_b5d758d6571811d18e53bdfe55b20f8e_MDs1LDM7MTUsMTsxNSw0OzE1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Users\Admin\AppData\Local\Temp\7zSC989FF06\BlueStacksInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\7zSC989FF06\BlueStacksInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2900
- - C:\Users\Admin\AppData\Local\Temp\7zSC989FF06\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zSC989FF06\HD-CheckCpu.exe" --cmd checkHypervEnabled
    3⤵
    - Executes dropped EXE
    PID:2052
- - C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksMicroInstaller5.14.22.1003_native_b5d758d6571811d18e53bdfe55b20f8e.exe
    "C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksMicroInstaller5.14.22.1003_native_b5d758d6571811d18e53bdfe55b20f8e.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:928
  - - C:\Users\Admin\AppData\Local\Temp\7zS0A3CF766\BlueStacksInstaller.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS0A3CF766\BlueStacksInstaller.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\7zS0A3CF766\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A3CF766\HD-CheckCpu.exe" --cmd checkHypervEnabled
        5⤵
        Executes dropped EXE
        
        PID:784
    - - C:\Users\Admin\AppData\Local\Temp\7zS0A3CF766\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A3CF766\HD-CheckCpu.exe" --cmd checkSSE4
        5⤵
        Executes dropped EXE
        
        PID:1620
    - - C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.14.22.1003_nxt.exe
        
        "C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.14.22.1003_nxt.exe" -s
        5⤵
        Drops file in Program Files directory
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1656
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\BlueStacks X\green.vbs"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:8372
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c green.bat
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:8120
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall delete rule name="BlueStacksWeb"
        8⤵
        Modifies Windows Firewall
        
        PID:8164
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall delete rule name="Cloud Game"
        8⤵
        Modifies Windows Firewall
        
        PID:7684
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall add rule name="BlueStacksWeb" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe"
        8⤵
        Modifies Windows Firewall
        
        PID:7460
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall add rule name="Cloud Game" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\Cloud Game.exe"
        8⤵
        Modifies Windows Firewall
        
        PID:7436

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2168

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3020

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2620

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:7140

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:6924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe

Filesize
475KB

MD5
62e4a0fff6c786b95c6ef4808e3e64b8

SHA1
da5be7cf6a5858c8afdffd716c966b561cb17942

SHA256
217a85a670f12953bd4039ab0b89180b46e32b3ebe820877cf587e6bfcef0bbd

SHA512
19e72fbba7ae7aaafbef30658d3e66ccb6200a56dd6ffaeee1d476ddc1d8ea71ea01da2804e98605e819367b53681747f6129d1be332248c49134b909d1ae2ed

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_disabled.svg

Filesize
569B

MD5
e7fdf6a9c8cae1fc1108dc5a803a1905

SHA1
2853f9ff5e63685ebb1449dcf693176b17e4ab60

SHA256
8ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e

SHA512
a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_hover.svg

Filesize
653B

MD5
76166804e6ce35e8a0c92917b8abc071

SHA1
8bd38726a11a9633ac937b9c6f205ce5d36348b0

SHA256
1bca2e912184b8168ee8961de68d1d839f4f9827fde6f48ab100fb61e82eff90

SHA512
93c4f1af7e9f89091a207ab308e05ddd4c92406c039f7465d3b8aca7e0cc7a6c922a22e1eee2f5c88db5e89016ef69294b2a0905d7d6a90fd32835bc11929005

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_normal.svg

Filesize
569B

MD5
3221ac69d7facd8aa90ffa15aea991b0

SHA1
e0571f30f4708ec78addc726a743679ca0f05e45

SHA256
92aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537

SHA512
5e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_pressed.svg

Filesize
653B

MD5
dfddf8d0788988c3e48fcbfb2a76cd20

SHA1
463bb61f0012289e860c32f1885a3a8f57467f2e

SHA256
9585f41eb6202e89f2087266fa31852d7f41ca8cc659b907c96753fe165f937d

SHA512
e708c5114c60f7574589d6a56c9faedda26ee4a40f0eeb25f5e12eadcf790f24fdbf393fa0aa6ad449b5337d625b092d6f8822472fa8a6ce1339aca59c50c3ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
8cdaabdbec782049c4480c307bf7c490

SHA1
f34dbc931e1b64ef7878bbeae5cd3ca062831b24

SHA256
0d89be51982588e4c8afe7200f1f24921e86319e8931deb5e862eb850c9c77b3

SHA512
1cd39d5762d4418b7e41bedfae628f42c4915d98032b25d5b822a6278b154475239dc820658087123497c2007b0eb2b78ae5c8cfdde367fd75f1e97d9bd9928f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe38194e7611eb896c1ca77909b51f65

SHA1
0950cd5159b84cd629862e643c38e322149ba9e8

SHA256
d95b2f06397e5483c177da2ba7677643cddfe059600e7cbfaab6dc71a66566fe

SHA512
949f0c5b3de5363f540e33789ced39bc28ee3620219fcbdd4cfefa85afe66b8d7bc0279e25997d18370678423aa8ca9435d8984190b1954af093c6b9cec9e864

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cbc95d14ca00e2d39ce2d54b003650ac

SHA1
3846454c8d44c76f4e9fc5a5a55cf8c5d89f8777

SHA256
be432c425178fe565e23c3660a82789ca2ae4493ae512a30f90d17d70204f422

SHA512
eef7c2ac56f2dd3ca7c8a868420604d02b6fa8ff451a07ccb9f94f33a25bdb22ead743525c0b80bc92582787e2943e743e3842bd51989a17b99d904866124bb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff3ae7d0bfbdde32e5c4224b839aa0d9

SHA1
1e599090551d695cad6b2ccbb019767e253220a7

SHA256
64be19eab7cbcd52c3251b8b1e3a6fe0ff0ea845acacd74459d3284f94e40eee

SHA512
e62cf316e59d7bed18e5b42ac2418780e6ea064c2900107a58d3d88e0fe18f2d3472e33448df3243cfedb965b0c4e94e2a24f8df3e4bbfe6e604c9b1d042042d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f053c0b3d0c4dde9664b12480429522f

SHA1
49b35b4cf6ccdd112a2a8e242fd6144e69f4b5e0

SHA256
bfc28c9c5e0eea679386a8c785300d1544a18585ad1daf81979e050d50c1f1b3

SHA512
5b30f627879f0077926b66f08061ebbb3621aeb73a417df36f94c7b3a227023b758bc880721cbe37e1d16684c4371a55eea543c218cd4350aef84e91edc4913c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
68e526712294f0c8d4bdd33f6a271c33

SHA1
922f73358d614f81fff91eae105135fd01ca2064

SHA256
5f85f90beedb73ba756a11e7f951d63681c1d222f36cf3a077f6de3298aa2312

SHA512
404a45c12c410d02892a26ac6ea5382c9edc5649b059abd20677912c1b21530706f073d4de1cab5eb347f07565ca6f17183a52407d75c0b46630006129832ece

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81bfe36597ad1fa50bb3cf2ef2db76ff

SHA1
dae571307e2711552a393c3c1946bcdee67072e0

SHA256
81350dfd56fbab136522c21798f9f3b109590753955eaf335471ddce47af126e

SHA512
4be91be0e9319f15b0248608b660795caff5ab3f1b4969180e084db4b6df9b4bd25141a434a7e055e1cfe228e37b46fbafe42ce1a3b84ba857ffd994825dafcf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9d95394badc5ea6b5b9b3ab46e02205

SHA1
4e1c4af9c516d2d42e1f294cb96858d922e66bd1

SHA256
f9d8cb75699c9ce56c2315ddf40f0d2dccb93626bfd148b6cb854a9a342baf6d

SHA512
f498b821a1065dbf4da823509ba871789a4b6d731667f45759e04c6e37fd0b79a14ed0f0166ce6fb61a7d5227cb1c2c7870f39d8cc12f6d093501bc17283da40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22f3ed7599fca7d4dfada5f4f69f5aad

SHA1
121ed71e2201181f3102cd599987ad018bb8d4fc

SHA256
8658fea642eda84c0b77b7d31934a3ec34a48bc1c39a1504b83eeef62dfa4ba7

SHA512
1361c70349b9248df848e887d4d5227678a563c42c7f8dc7b7f62a87d4448eb3b96327f5b7c78d6e072787fefd0d12b9eca3933cd98bc3b19c75b8cc1b696bdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a13a21b5013000e34bf694b8c2acbba1

SHA1
6e58a449c708778f588dfe986b2ac21e2dc5d3be

SHA256
9d43b983c510304af954d98bcf338d9edad787e421369487184dea140b25f0f4

SHA512
bdd060a9e6837afc064db581a925adff2ece6642f7c8603ea081367b97726e70e872350e3b1de1ec9b319df69ba50947dbfd4885713d67c9244f35c23e10066a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7034ba568ac8ff3d6057c7cc67d29be

SHA1
bb2263964c11351f69175de5d76afd0ffc23a20a

SHA256
b1617ac937bb10b1eb753239f769f733282a7916299ed8b4db1d2d5f1129c8da

SHA512
3cd6bb5d64c783ae66e706b76e4d184d94240c4e50b18e65b775be184bd955c263b67f23f10d49a6a56a33bb819575efc244e2f815f10a392b3843bc5f976a21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
82a59661546f18f3c92b63f5081e4c39

SHA1
005b6870e362cde17b50dc2dc22094b4aa0399ec

SHA256
defc0309a4e044042f0865999652c3d9d02711ded34612639c90653e030af398

SHA512
b2854ad37a6e13f97abaf00aed4cdb48313abb94b7b2d3c75cecb5a4a0e4c954ae017c29d367635c3366bf3699590d800da60427661727b7131035ffc8da191d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9fc00fd3fa1a4e003316e162154baf05

SHA1
23c2bc44c4be94dee5a8416c247c2be77ef9e154

SHA256
f76cf2e96bb6e3ee6fc04eb1675f5c5c2650905bd1530faf013b6c802853d4e6

SHA512
946de8689de20321b39655fad294d4e4ac2e6601842c63bdb261588120c8470f5538b6d744e711132d217c19b1cd9620ff7a4a05a0ba013ac9d17bca5132fe5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
070636ecaf52908ba21fac3bc5bca3d9

SHA1
102f712eb590026d659bc42b5a70e137bcc56f1d

SHA256
d86085da3b4beb6619b20b215e2fe352fc964411f5a3abf7b448e23ee6a06036

SHA512
63b5b837b195aebb22158de5e6d2755a6c8ede48afad9c8b0201750cf3cd97db1e8aabe1eff9ddac4327b944b5bd12f4eef8f47a6984b8b3e4fa2826548fecb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35ca02f48d0a44bb5535f15b15374b3a

SHA1
e6a77813934fb4528485816f5f0ff294a4a78fd0

SHA256
f19fa77db2ef6f040b153ac9c97f8709d20c44d9d07e042dfc77a4a9f2d980d7

SHA512
d3f6e5fef1169f598b62cf7c6de01b046373a35686ecacfb16ea1a9c8c868633660aeeab006378e91717e4abd02cd5fbc2fce9af614ec8a9b42c1ed0e51148df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba1e5772042b91a888c6b8e9c09b8ab6

SHA1
ab93bdc07ab317d546f06973464d70d7350716a7

SHA256
f5e208a45fdfd728d84a5f4cbd406d9ea8d99ec88163d1f1c63eb3e94538ee63

SHA512
3b919953e0d0e94c73505198e1e9a131c06317a3615ac031b4dc8ef86e7be51315debb109e47c9a1555e699ebc42401cca87fa01ac92b47572a34a126be7891b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3cbd35841853657790f72f0be37c29eb

SHA1
4d59e8aebd14ce9f2cad5ecf5510462d978bba54

SHA256
dac11e98eee0cddd04b3e835df4495e2dea5a08a25aff371241b2e104811605e

SHA512
f803a4d2e03f72271e8ec7cc8c5ee65f4a3c85eb3b288ffe60d805418e21c48f32059ae5c1b14149467eb85b54d5966402f17c80001835a1f37eba3cccc218b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8dbd30466f2b537cea06a07b7cc85e34

SHA1
f51421428b7af075b9637c08d98b63067f9ab85f

SHA256
8b03c3d3941bee9ce2ca3856533fedab1b4436b387e7166b6d2a4d4430d9a00f

SHA512
43f66355abc256b756c10fed50aee5b45902b258fedd533817462bac4d3757e8cb76df230bb713ceca934a9ddbac45a7b3c363a3c3b4c8d4fe7bfe3ff367259f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
639c4229add775f4e5328a14e30db941

SHA1
25df89a48b16feefdcb97969f91c2a3717d2fe7f

SHA256
a94d713b131873257c626a7944a910c849b76178675b2d58785c26893547a80e

SHA512
3201691f9aeaeed9644e97709887d731263cf314706e29218c083e2c753f0581d64cecfa4188326eb0cb0d2e5ddb9a6761fdc62f5eb07c5c5e989ec3218c3b7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd0f78d478e5e62572c4a60d5c8f0fd8

SHA1
ee9a1471daf3cad16db115e4356fb304f56ad903

SHA256
e01c6b400c96db1a00d8ad8c11b19a31f045858452405b530e842c700a5bc358

SHA512
f41c666495df311e8b3e62f441f484bcc1f191b4834d7e9ba206ad9ae408fd93a5095f539d34916f0306e53fa4e44d82cdc4720e908ddb14db50945e43da5d30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe43c1efc8d7f3ae218cf258150479fb

SHA1
e83026424f6db6bb69daf60fd6948fc1d5a8a2c0

SHA256
e8054aebb1365172ec1c19a6301207c7e1db4435ceb61f041ecefcd487f005d5

SHA512
5d3c07b8500a6d17b4d37bf879c0aa1ef818b6fa68e56e2b01aaf0cf8c1c3c53e58f6c6d5d7cf44a36e2f617cfea0d058b8df486673b24336645ed5ccbab1eb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0fe279ebb4c09f249b029cc808a41402

SHA1
d41994334ab27c24318652cbac796adbba310f92

SHA256
6f620e3ddf445b51ace6ddd8cd3b968a8a8f2c5a1cb6fdac670732a8d80889e4

SHA512
14484b481e2be1f50f6191536fb88c185c42c477e437de4d548f3cf97b3efb9b16cf5f0a473f9f3322cdb11e1110d839a07edc1ac764654540d7461f9f30d02f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d8e1ec22f09ee0f5cda7453f4db5975

SHA1
ca9a88b1509cdc4d22234ecc74140a470e787ecf

SHA256
04805bfab29a1161e1be40ab7a4e2832f8a8600b80cc98ca8bdc2c0b7c9213d3

SHA512
261b74d8fbd3112b00598f94adbeae2aacf19237042260cf72f00eba5d67d37b59ff5636dd69ef9ffde944afc1db700bb1b6f5c4c70b51769c5630dc73beefaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47eb5f408d8e43963e1a87f90de189a9

SHA1
7bf5c11610d010e11674582ba2de2bfeb28db63b

SHA256
1d1e40a54a6aeab1a93fee23f77f5a25e56bdf5b35efbfcf7f08132c7e3a151e

SHA512
5da701afa95542f64f605fc71a62d173ab6e9b7bcfaf5e7709a6d75755b5168e8a1f631a24d06da52360d93998c9b0deadb298baf9702552c1e6256ed761c94c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6a5e7c1aa212023f8722bc6033a4604

SHA1
1d838b75f813b28df6ad0f3566767140eb47577a

SHA256
775ce9f2d1fadcba572d7b18bb3276ca2f7a98ede404744ec9d432ba616842dd

SHA512
da66ec8ea967e4888b3ea03ad028a2212e31195d4a73cd6504f82e26c25cc535b687dc1d2f091e9c44a733b1796281fa6c77243d0dd7dc2557a8586e7703e175

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c1e16bdfe85998388590a64f540ba7a

SHA1
a17b46814031a477a13656e3578480732c30f4d0

SHA256
0b5ba3c1918e4e9fafd464db5809a76ae86d8af4f96d3d7794063dd1a00661fe

SHA512
cf6de61ae6918045ec5de623505a0507b5558263f994c59e3c377a5648f2ad2b5b95f367a26ca5df360f650a988ee409ca74fc9c0e52c6b250f9df0b256cc4cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de618076960863ac3d45052aeabf2d20

SHA1
c1f52753566e9b29ce7c1bbe6706748ad52593c9

SHA256
f6a831b4f24628e4b1572d6fdd54dd81332baa26d17fb1c4a6cb8579dde5a2ed

SHA512
bc297825a1faf39f82b680a20237b90dedb9c8464d48944235ed2d5cfcada5298ee43828f4023d6c0217505ac2ce3314204f32debb028dc852e01d71b9506b8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b68f7b3c940e73ac0866e2e936b93dfa

SHA1
890fec07ecbd1dbab5ced854c8addf04ed8623c9

SHA256
6f3da18e697ce5ec597b7e6b147d3c56b3472f569419d6a242296630a28f827d

SHA512
771dbf8ec3c962aa84e4bac907fdace3dc361ad6e242f2781dd0f99eecdaf6270c85d73675ba6496e8fe9ab5682b383ef26a345b424c78b5aa1cb4803f6f4c63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7fb90791432da4fc821451a57062dd21

SHA1
b12b7efa1bf89a0e7ee2a989db17f1a61cab4904

SHA256
5935ecbb0e0e66098886eac635674847ac53a8639fd5a284a395b4c24c4bced6

SHA512
6a9c6a92b027912d7c5d392646db8e3c6655145c7e1acc164d8585f4029c16717f7cfa4db9bee8bd9b6dd3bfb8407cd6b13ebab3459c3c6691741b74922b4fae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a2bff8414739febe2c1175b06b9d144

SHA1
9e4d5dfd83fe51f58632bc4f52ad861eac94ae83

SHA256
88f1e4bb7b3bdfde07a6f5587f51c03fe260f7c46ee0c0c29c3cb46126db98d5

SHA512
a7277c5fb81d042e94643023e81529d82e3f8df135eeb6fcc6177754b7b9c07bc5bf2be6f22ca57569bc206d4faf2a72b20d9b02eb07af022c55c83e3b76be2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97b1058a57ab82270f8b8a33f20e32d9

SHA1
3bf770338eed54814b7988f5e79fd47234b49b47

SHA256
56a94fa06cbbab9c2a347d4e55ede23310929d81b0ab96b410bc7e32fc7669ad

SHA512
ec76e6b705ceda4f307b32bbbcc1af103d6e6f91c6ef4a091695adfc27e4dc199527a75add92cff33e610a40fd57038519565dca6738a909917c4f31af68ecf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f178e6c043af9d0e4cb5db542fb2b34

SHA1
51bdcd365695301a94c28931c32a8c60c0056cd4

SHA256
1f58866eeabebe7bac3a624210f8b8ac267f7c026cf1218616ac9539612c6b37

SHA512
50cc567916e671c8ea97ad63902d039fc64a1b7388928d9cf96fda3c1aed4354bd055ac38565fe3e188542727825155060e86c4941e586db12c747e34ffd1599

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65f9af067b43281ace8bdae9009e244f

SHA1
d447ebfd00cc94fecf3bbe58b3cc82c94cb3e7a7

SHA256
935c842d547231fae522e813a87a1638595be51c249d98acd825ce2fde8861ec

SHA512
3c4ea657157668e6be4581d12e16f16d84699b1034fc59f8fa3d19d4c4923f480ea68d052c59f115cb8f6fa09c13d46d57c383aef6392e8f5f9558b93071e9cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff8c3a35f90632b5e0fa5412abe9e9fd

SHA1
78b333002b0eae1b4744e2bdaed3f9d24f06c62e

SHA256
16f905abe6d89f6d02573e080bc1f50f743a60c0bc7f5ba68b8360ee3863f909

SHA512
766442bfda80e70a944dfc3040c5718aff3bfac90772c54415c22a07ea1bb859ae86cebb523d311bc4bca679f5f805e899a32ed0411e721afdb85bf1754c2a3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2a177ccff3d5a93c0e83e6213dd9e3a

SHA1
0f6f49e62f6b83857c4716e33ece29474ee1fa60

SHA256
f3f8fdd931955236056ff56effa29aba3e41257acb310409c78ce22005e9b4de

SHA512
736da226ccb6cfdd174ded28fba10460f43d5636cbf022f51c1dc4c26356e12c169433deb71473a538af0b901b53d9e57833f871c60f2665ccd19c826ed077fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd99406c6c9094e9904fb3b8c19a9d8d

SHA1
932161c1b42f78757bc1a43d48df54e05f4768a1

SHA256
9258bf4746b2d3524f7274a70cf259543f19f4330ad3fcd90c46474f9905a779

SHA512
ce2f990af9d2f851551638b25f24133a3df8ad637fb6a48be1684e573576a1bcbaaf5a1b0dcdac9fe34918bf3e03cae35c26e04df79c9618a12bfcfaabf42563

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6638ebfed60187141e2e504bb1afe44

SHA1
bc71a4bfb4e3576a5d0ecaac68c513a69cc168eb

SHA256
3ecfbf81b016231f6c55b077000cc925add38e3e61e6a255c400b82a6cd31c95

SHA512
420cc862cfd7a7e0abd2ba8ed27d250aaf5cc603e92987b53e74122c02cc6078bc24bca8b43534e6da2cf1e8095b3d417a30d4ba09a11385e06b21bcaa75b4a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f70286eaa6479b38a993c308a6abefb8

SHA1
517fd15b3b54c4fb4c75a916a5bf637c460936c9

SHA256
add2fb2b1831f5185b032a50aac5a304ffd6f152a86127f3e564c10d81cba84b

SHA512
3fe27fa16f5939c81530ba08a3a9d56d2cca0a02f28720ab880910f19d5e5a1cbbec65f40007024ba8938ef9bcb692bc983a433209c8c56e02920f77f1d73625

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b3bb819dce2923afb0c31e9cd54074c

SHA1
4f9aaf76563802ed088863089fcb7544546f5d88

SHA256
f94fe7b8fa0aed663667d7d697266914f8f371aa22efdb60731f5e7f39ffb516

SHA512
b8e72bf96215d5b0e86bc7d668a19627634e64b6522cfbe64fa5c7b697fcf768a8ecee35032a64157badb8d2a533506d7cce935506a95931329455663d1391f8

Download Submit
C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.14.22.1003_nxt.exe

Filesize
160.0MB

MD5
dbd5fdeee02eaee6360883f7910dafbe

SHA1
0aaedcd44dda1160542d7fb7ee2431d155f1590d

SHA256
5809c5aca7834457deee8d58188603f3a8b1e653f5d5f0584b3875595246bc82

SHA512
743e1782b0e2e08773baacb9ea27edb1e3170728a02ded4b2b0ae80ac1376ea0d6ce8ed4e70c26df20c6c00884329e5b84c9f8d9af466141656773248ee3b54d

Download Submit
C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksMicroInstaller5.14.22.1003_native_b5d758d6571811d18e53bdfe55b20f8e.exe

Filesize
900KB

MD5
4611f5bcd1dce6d2d0e0bfafdbc70c84

SHA1
5f22f6540e4ce5f2c6e5b9bb1d2f1af8f5779128

SHA256
71c0651f04787a0b9d1c997b5026cc388f798e608c6049d44daea58669a3eba2

SHA512
a62165ae66a6e21da73da7a31285a1f901495c192be729ec249b278cd6b3093107f4ea315ea82d572d72755e30b77b8ce87a515e14a57fc22a4c86466bddffd3

Download Submit
C:\Users\Admin\AppData\Local\Bluestacks\Logs.log

Filesize
785B

MD5
d8fda481a37607b5f671f6e3e06ae0e1

SHA1
fd184048846bb4835949f959f8a94f757053b6ce

SHA256
0201e60f80842d206cccbcb686a95cdc1821ca3fad2c17c389ca0a68b8334558

SHA512
c81a2bf8e43c253791540e0114b94c64d4f1e2f5a2d6b8e59c2220ae2e225204a7a7161cd7ea6a70155a400acaf2350276e5a98b909dde80be916c56c8aef9b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0A3CF766\Assets\backicon.png

Filesize
15KB

MD5
7ff5dc8270b5fa7ef6c4a1420bd67a7f

SHA1
b224300372feaa97d882ca2552b227c0f2ef4e3e

SHA256
fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1

SHA512
f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0A3CF766\Assets\close_red.png

Filesize
15KB

MD5
93216b2f9d66d423b3e1311c0573332d

SHA1
5efaebec5f20f91f164f80d1e36f98c9ddaff805

SHA256
d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb

SHA512
922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0A3CF766\Assets\custom.png

Filesize
17KB

MD5
03b17f0b1c067826b0fcc6746cced2cb

SHA1
e07e4434e10df4d6c81b55fceb6eca2281362477

SHA256
fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b

SHA512
67c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0A3CF766\Assets\installer_bg.jpg

Filesize
78KB

MD5
3478e24ba1dd52c80a0ff0d43828b6b5

SHA1
b5b13bbf3fb645efb81d3562296599e76a2abac0

SHA256
4c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904

SHA512
5c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0A3CF766\Assets\installer_logo.png

Filesize
14KB

MD5
e33432b5d6dafb8b58f161cf38b8f177

SHA1
d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a

SHA256
9f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183

SHA512
520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0A3CF766\Assets\installer_minimize.png

Filesize
113B

MD5
38b539a1e4229738e5c196eedb4eb225

SHA1
f027b08dce77c47aaed75a28a2fce218ff8c936c

SHA256
a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2

SHA512
2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0A3CF766\Assets\setpath.png

Filesize
15KB

MD5
b2e7f40179744c74fded932e829cb12a

SHA1
a0059ab8158a497d2cf583a292b13f87326ec3f0

SHA256
5bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b

SHA512
b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0A3CF766\Assets\unchecked_gray.png

Filesize
192B

MD5
e50df2a0768f7fc4c3fe8d784564fea3

SHA1
d1fc4db50fe8e534019eb7ce70a61fd4c954621a

SHA256
671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396

SHA512
c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0A3CF766\Locales\i18n.en-US.txt

Filesize
18KB

MD5
bc0bfbf0fa8b40c2f72957c2f57afb8f

SHA1
644765340a713413e159ff57f0098501ca8304f4

SHA256
819b673bc98a9aefa9e480b3df2a5f9558033fce38c2a2f5be08d10b9a859e28

SHA512
6e7e88ac28190011c1e1e2a78517e3bb858e35ac90f125882c64bfa26d5a6f7ee6718c558b9446f3aeead0a8fc53c825fca66ad2f6d82819ede19b88ff658e3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC989FF06\Assets\error_icon_72.png

Filesize
1KB

MD5
4aaf83d2b3fd56ad806708e60474df39

SHA1
144777a265879b69fadea3eb3ac6939458918578

SHA256
84e59d14d9433e6c3d92daeb8c443063b5e3be6c0b297f0403dbde473a05cb3f

SHA512
3b8485f054fe6ed2374bc81cb1786f09741219fbfcb22503707b11cf5db1ab262ba4349633597d5d9ddabc3415b170fa8eebc932f58d211d7092b8fb96fa1304

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC989FF06\Assets\exit_close.png

Filesize
670B

MD5
26eb04b9e0105a7b121ea9c6601bbf2a

SHA1
efc08370d90c8173df8d8c4b122d2bb64c07ccd8

SHA256
7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

SHA512
9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC989FF06\Assets\link.png

Filesize
306B

MD5
ae2c73ee43d722c327c7fb6fdbee905c

SHA1
96f238bf53ac80f5b7a9ad6ef2531e8e3f274628

SHA256
28c0abc6bfe7a155815104883a37a53dd783d142300471064c95eddf3cae0eaf

SHA512
5a1e341f727cf1cb4832cced8e96c5a74971451629603c48bfb91ceb4561d0122ab9ae701f8b34681d5f13115a384467d430ccb8282494b40f4577ebc3ad825b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC989FF06\Assets\loader.png

Filesize
279B

MD5
03903fd42ed2ee3cb014f0f3b410bcb4

SHA1
762a95240607fe8a304867a46bc2d677f494f5c2

SHA256
076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1

SHA512
8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC989FF06\Assets\minimize_progress.png

Filesize
212B

MD5
1504b80f2a6f2d3fefc305da54a2a6c2

SHA1
432a9d89ebc2f693836d3c2f0743ea5d2077848d

SHA256
2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

SHA512
675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC989FF06\BlueStacksInstaller.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC989FF06\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC989FF06\JSON.dll

Filesize
411KB

MD5
f5fd966e29f5c359f78cb61a571d1be4

SHA1
a55e7ed593b4bc7a77586da0f1223cfd9d51a233

SHA256
d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

SHA512
d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC989FF06\Locales\i18n.en-US.txt

Filesize
19KB

MD5
206562eed57e938afe21fc6942fa8e59

SHA1
779e90fec866c0fd2f47da020651db71c89ec3dd

SHA256
27d611a71edf36307a7ed0651f6c5910292ac7e2b68074a7e33d306b3d93ec45

SHA512
275c3192a7aee28fad31beb521cf5e7c66010e7562ce244ba9fc4de352f35b4ab63180ed12a56ea0b1458c185e076e2d07ba6d8797467177d3c5b2ac14371b26

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC989FF06\ThemeFile

Filesize
80KB

MD5
c3e6bab4f92ee40b9453821136878993

SHA1
94493a6b3dfb3135e5775b7d3be227659856fbc4

SHA256
de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6

SHA512
a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3F58.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjEAFC.tmp\nsDui.dll

Filesize
3.0MB

MD5
c40a4e327c43f7f51a20c38b1bae840f

SHA1
0f56fe0a357a71ef32cb138258366f743f8fc398

SHA256
ef94f69593fd376e52a46934629b634a6365590b7102cd45a2dfe45533139060

SHA512
f379dc79899744160f21d6c8f11341b2251e58c09dd510b035cf08ce8bfcd38e290b96af3baa656ec85be8753dca7e32d3b95098ced1cfb481142d454b178565

Download Submit
\Users\Admin\AppData\Local\Temp\7zS0A3CF766\BlueStacksInstaller.exe

Filesize
607KB

MD5
1744edd4e585a5efbd49ad0593810af1

SHA1
57dbda1bac0b48803933da6940c3b88376774c69

SHA256
3b136c884fb6e21acfcca33538f9b2e472f0eb83ae9a5a128cb1d5a6098b7f31

SHA512
f7690f5cbb08f2b7f801aecb24c826dee1fc08cd9d324b54359ab258be92577e72dcbab146bc4f55ab58dee0a01ff32070ef0f4a58385ba928f3f01bfe15d018

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC989FF06\BlueStacksInstaller.exe

Filesize
623KB

MD5
3e959d835bd5c190d20dbaba4f62f1c1

SHA1
3e68e8cebc768c64eb1d37054ba3bcbee1a85344

SHA256
1d524b961b37376beb05afe0677120cd3f15726c9c83d885ca9e54368bb944e1

SHA512
8b00aa27a39bf924820c2b40678cc0529c029aea820bb2c8d6ef11ed1ea0b561c5a5e7e8543ef2849faad469ce3bb05416c4b6c2d8654cc07ce35a1fa7482414

Download Submit
\Users\Admin\AppData\Local\Temp\nsjEAFC.tmp\BgWorker.dll

Filesize
12KB

MD5
36c81676ada53ceb99e06693108d8cce

SHA1
d31fa4aebd584238b3edc4768dd5414494610889

SHA256
a9e4f7ec65670d2ce375ffaf09b6d07f4cd531132ca002452287a4d540154a38

SHA512
1300de7b3e1ac9e706e0aad0b70e3e2a21db8c860e05b314a52e63dd66b5dffdf6be1e38ab6ede13bfd3a64631cc909486bf4b1403e7d821e3b566edc514c63c

Download Submit
\Users\Admin\AppData\Local\Temp\nsjEAFC.tmp\System.dll

Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
\Users\Admin\AppData\Local\Temp\nsjEAFC.tmp\nsDialogs.dll

Filesize
9KB

MD5
f7b92b78f1a00a872c8a38f40afa7d65

SHA1
872522498f69ad49270190c74cf3af28862057f2

SHA256
2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e

SHA512
3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79

Download Submit
\Users\Admin\AppData\Local\Temp\nsjEAFC.tmp\nsis7z.dll

Filesize
434KB

MD5
95f6f6ab9509bc366ab9215defe4251a

SHA1
e3f4a6effd6ca5838cfe91a01967cb72edcc7b0b

SHA256
a896a9ece055d334d431cd0f856113ab925d9ee86d2dee383c0bfbbef11a5b50

SHA512
a853f70d2ea7f384df99be067724bf3ca73c63f3c3573c112f5528fc86a96bd34509d934b038e2a81833f3abb3eedbc5894921291139100e01df6e35696c0ecc

Download Submit
memory/2436-1954-0x000007FEF5EA0000-0x000007FEF688C000-memory.dmp

Filesize
9.9MB

Download
memory/2436-2292-0x000000001B000000-0x000000001B080000-memory.dmp

Filesize
512KB

Download
memory/2436-2229-0x00000000022E0000-0x00000000022EA000-memory.dmp

Filesize
40KB

Download
memory/2436-1357-0x0000000000310000-0x0000000000378000-memory.dmp

Filesize
416KB

Download
memory/2436-12826-0x000007FEF5EA0000-0x000007FEF688C000-memory.dmp

Filesize
9.9MB

Download
memory/2436-12827-0x00000000005D0000-0x00000000005DA000-memory.dmp

Filesize
40KB

Download
memory/2436-1494-0x00000000005D0000-0x00000000005DA000-memory.dmp

Filesize
40KB

Download
memory/2436-12724-0x000000001B000000-0x000000001B080000-memory.dmp

Filesize
512KB

Download
memory/2436-2228-0x00000000022E0000-0x00000000022EA000-memory.dmp

Filesize
40KB

Download
memory/2436-2180-0x000000001B000000-0x000000001B080000-memory.dmp

Filesize
512KB

Download
memory/2436-1955-0x000000001B000000-0x000000001B080000-memory.dmp

Filesize
512KB

Download
memory/2436-2227-0x00000000022E0000-0x00000000022EA000-memory.dmp

Filesize
40KB

Download
memory/2436-1490-0x000000001B000000-0x000000001B080000-memory.dmp

Filesize
512KB

Download
memory/2436-1351-0x000007FEF5EA0000-0x000007FEF688C000-memory.dmp

Filesize
9.9MB

Download
memory/2436-1352-0x0000000000CF0000-0x0000000000D8A000-memory.dmp

Filesize
616KB

Download
memory/2436-2455-0x00000000022E0000-0x00000000022EA000-memory.dmp

Filesize
40KB

Download
memory/2436-2500-0x00000000022E0000-0x00000000022EA000-memory.dmp

Filesize
40KB

Download
memory/2436-2501-0x00000000022E0000-0x00000000022EA000-memory.dmp

Filesize
40KB

Download
memory/2436-2667-0x00000000022E0000-0x00000000022EA000-memory.dmp

Filesize
40KB

Download
memory/2436-2668-0x000000001B000000-0x000000001B080000-memory.dmp

Filesize
512KB

Download
memory/2436-1353-0x000000001B000000-0x000000001B080000-memory.dmp

Filesize
512KB

Download
memory/2900-1027-0x000000001ACC0000-0x000000001AD40000-memory.dmp

Filesize
512KB

Download
memory/2900-124-0x000000001ACC0000-0x000000001AD40000-memory.dmp

Filesize
512KB

Download
memory/2900-191-0x0000000000B10000-0x0000000000B1A000-memory.dmp

Filesize
40KB

Download
memory/2900-192-0x0000000000B10000-0x0000000000B1A000-memory.dmp

Filesize
40KB

Download
memory/2900-1028-0x0000000000B10000-0x0000000000B1A000-memory.dmp

Filesize
40KB

Download
memory/2900-126-0x0000000000A80000-0x0000000000AE8000-memory.dmp

Filesize
416KB

Download
memory/2900-1388-0x000007FEF5EA0000-0x000007FEF688C000-memory.dmp

Filesize
9.9MB

Download
memory/2900-190-0x000000001ACC0000-0x000000001AD40000-memory.dmp

Filesize
512KB

Download
memory/2900-123-0x000007FEF5EA0000-0x000007FEF688C000-memory.dmp

Filesize
9.9MB

Download
memory/2900-122-0x0000000000B30000-0x0000000000BCE000-memory.dmp

Filesize
632KB

Download
memory/2900-964-0x000000001ACC0000-0x000000001AD40000-memory.dmp

Filesize
512KB

Download
memory/2900-1026-0x000000001ACC0000-0x000000001AD40000-memory.dmp

Filesize
512KB

Download
memory/2900-1025-0x000007FEF5EA0000-0x000007FEF688C000-memory.dmp

Filesize
9.9MB

Download
memory/2900-265-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/6924-12828-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/7140-12825-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads