1e6004b45a0f41da07ca7e3cfe7530ebddaebfad05c13023ca16cef94b9265a0

Analysis

max time kernel
148s
max time network
151s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19/06/2024, 20:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlueStacks10Installer_10.20.0.1005_native_a0e0155c7e586ffd8134dd53396d0ee7_MDs1LDM7MTUsMTsxNSw0OzE1 - Copy (2).exe
Size

910KB
MD5

80ff5d3b21f79bef9376b9a8867167da
SHA1

9f282460ebc7297939c8f8dc0daa667e18a45d0a
SHA256

1e6004b45a0f41da07ca7e3cfe7530ebddaebfad05c13023ca16cef94b9265a0
SHA512

4c12153afa3ad66ab2cb6fdcd11ff868eead53f879b06c3f05fe9c5196c8c47b90206a5f88571783ecc203495738fc48508f8bcc679d0e82f9536556c58ba9b2
SSDEEP

12288:CivtCXQd0gjKX7zuqGKcD779TxgE98I17YpNgc8gJ67yY9lAFmNek7ra8MDVFnKg:CivtCXWeGKc9Txt9Okc/WmSrLbLvhYh

Score

6^/10

Malware Config

Signatures

Downloads MZ/PE file

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libmono_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\codec\libfluidsynth_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\codec\libvorbis_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\misc\libexport_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_chroma\librv32_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\MyGames\mygames_cloud_on.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\ml.pak	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\vi.pak	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libpsychedelic_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\language\it.qm	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\vi.pak	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\api-ms-win-core-xstate-l2-1-0.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\settings\Image_Default.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\mr.pak	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\mediaservice\dsengine.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\Search\Result_NoResult.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\language\ja.qm	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\bearer\qgenericbearer.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\cef\locales\hu.pak	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\boot_logo.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\HvDialog_Tips.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\fi.pak	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\translations\qt_nl.qm	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\translations\qt_pl.qm	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\mux\libmux_ogg_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libgrain_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\MIM.ico	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Optional\Icon_Help_Hover.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\quest.png	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\account\edit.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\ComboBox\ComboBox_down.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Logo_Nowgg.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\sr.pak	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\www\images\nxt-noNetwork.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libdeinterlace_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\cef\swiftshader	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\cef\locales\en-GB.pak	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\web3_on.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libscaletempo_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libposterize_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libpuzzle_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\audio_output	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\cef\locales\fa.pak	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\el.pak	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\codec\liblibass_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libvhs_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\www\images\nxt-noNetwork.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\api-ms-win-eventing-provider-l1-1-0.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libtospdif_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\MyGames\muti_on.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\web3_hover.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\BlueStacksXUninstaller.exe	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libmono_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_chroma\libi420_yuy2_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\cef\locales\ru.pak	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Gallery\close_hover.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\lo.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_chroma\libi422_i420_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libgradient_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Search\mini_and.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\wallet\wallet_description.png	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\codec\libtheora_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\aws\aws-c-io.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\mux\libmux_mp4_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe

Executes dropped EXE 7 IoCs

pid	Process
784	BlueStacksInstaller.exe
1732	HD-CheckCpu.exe
1768	BlueStacksMicroInstaller5.14.22.1003_native_a0e0155c7e586ffd8134dd53396d0ee7.exe
2768	BlueStacksInstaller.exe
1084	HD-CheckCpu.exe
1356	HD-CheckCpu.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe

Loads dropped DLL 64 IoCs

pid	Process
2948	BlueStacks10Installer_10.20.0.1005_native_a0e0155c7e586ffd8134dd53396d0ee7_MDs1LDM7MTUsMTsxNSw0OzE1 - Copy (2).exe
2948	BlueStacks10Installer_10.20.0.1005_native_a0e0155c7e586ffd8134dd53396d0ee7_MDs1LDM7MTUsMTsxNSw0OzE1 - Copy (2).exe
2948	BlueStacks10Installer_10.20.0.1005_native_a0e0155c7e586ffd8134dd53396d0ee7_MDs1LDM7MTUsMTsxNSw0OzE1 - Copy (2).exe
2948	BlueStacks10Installer_10.20.0.1005_native_a0e0155c7e586ffd8134dd53396d0ee7_MDs1LDM7MTUsMTsxNSw0OzE1 - Copy (2).exe
1768	BlueStacksMicroInstaller5.14.22.1003_native_a0e0155c7e586ffd8134dd53396d0ee7.exe
1768	BlueStacksMicroInstaller5.14.22.1003_native_a0e0155c7e586ffd8134dd53396d0ee7.exe
1768	BlueStacksMicroInstaller5.14.22.1003_native_a0e0155c7e586ffd8134dd53396d0ee7.exe
1768	BlueStacksMicroInstaller5.14.22.1003_native_a0e0155c7e586ffd8134dd53396d0ee7.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 11 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54362000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 1900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd90b000000010000001200000044006900670069004300650072007400000014000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd155090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	BlueStacksInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	BlueStacksInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	BlueStacksInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	BlueStacksInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BlueStacksInstaller.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
784	BlueStacksInstaller.exe
784	BlueStacksInstaller.exe
784	BlueStacksInstaller.exe
784	BlueStacksInstaller.exe
784	BlueStacksInstaller.exe
2768	BlueStacksInstaller.exe
2768	BlueStacksInstaller.exe
2768	BlueStacksInstaller.exe
2768	BlueStacksInstaller.exe
2768	BlueStacksInstaller.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe
2904	BSX-Setup-5.14.22.1003_nxt.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	784	BlueStacksInstaller.exe
Token: SeDebugPrivilege	2768	BlueStacksInstaller.exe
Token: SeSecurityPrivilege	2904	BSX-Setup-5.14.22.1003_nxt.exe

Suspicious use of WriteProcessMemory 34 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 784	2948	BlueStacks10Installer_10.20.0.1005_native_a0e0155c7e586ffd8134dd53396d0ee7_MDs1LDM7MTUsMTsxNSw0OzE1 - Copy (2).exe	28
PID 2948 wrote to memory of 784	2948	BlueStacks10Installer_10.20.0.1005_native_a0e0155c7e586ffd8134dd53396d0ee7_MDs1LDM7MTUsMTsxNSw0OzE1 - Copy (2).exe	28
PID 2948 wrote to memory of 784	2948	BlueStacks10Installer_10.20.0.1005_native_a0e0155c7e586ffd8134dd53396d0ee7_MDs1LDM7MTUsMTsxNSw0OzE1 - Copy (2).exe	28
PID 2948 wrote to memory of 784	2948	BlueStacks10Installer_10.20.0.1005_native_a0e0155c7e586ffd8134dd53396d0ee7_MDs1LDM7MTUsMTsxNSw0OzE1 - Copy (2).exe	28
PID 784 wrote to memory of 1732	784	BlueStacksInstaller.exe	29
PID 784 wrote to memory of 1732	784	BlueStacksInstaller.exe	29
PID 784 wrote to memory of 1732	784	BlueStacksInstaller.exe	29
PID 784 wrote to memory of 1732	784	BlueStacksInstaller.exe	29
PID 784 wrote to memory of 1768	784	BlueStacksInstaller.exe	33
PID 784 wrote to memory of 1768	784	BlueStacksInstaller.exe	33
PID 784 wrote to memory of 1768	784	BlueStacksInstaller.exe	33
PID 784 wrote to memory of 1768	784	BlueStacksInstaller.exe	33
PID 784 wrote to memory of 1768	784	BlueStacksInstaller.exe	33
PID 784 wrote to memory of 1768	784	BlueStacksInstaller.exe	33
PID 784 wrote to memory of 1768	784	BlueStacksInstaller.exe	33
PID 1768 wrote to memory of 2768	1768	BlueStacksMicroInstaller5.14.22.1003_native_a0e0155c7e586ffd8134dd53396d0ee7.exe	34
PID 1768 wrote to memory of 2768	1768	BlueStacksMicroInstaller5.14.22.1003_native_a0e0155c7e586ffd8134dd53396d0ee7.exe	34
PID 1768 wrote to memory of 2768	1768	BlueStacksMicroInstaller5.14.22.1003_native_a0e0155c7e586ffd8134dd53396d0ee7.exe	34
PID 1768 wrote to memory of 2768	1768	BlueStacksMicroInstaller5.14.22.1003_native_a0e0155c7e586ffd8134dd53396d0ee7.exe	34
PID 2768 wrote to memory of 1084	2768	BlueStacksInstaller.exe	35
PID 2768 wrote to memory of 1084	2768	BlueStacksInstaller.exe	35
PID 2768 wrote to memory of 1084	2768	BlueStacksInstaller.exe	35
PID 2768 wrote to memory of 1084	2768	BlueStacksInstaller.exe	35
PID 2768 wrote to memory of 1356	2768	BlueStacksInstaller.exe	37
PID 2768 wrote to memory of 1356	2768	BlueStacksInstaller.exe	37
PID 2768 wrote to memory of 1356	2768	BlueStacksInstaller.exe	37
PID 2768 wrote to memory of 1356	2768	BlueStacksInstaller.exe	37
PID 2768 wrote to memory of 2904	2768	BlueStacksInstaller.exe	40
PID 2768 wrote to memory of 2904	2768	BlueStacksInstaller.exe	40
PID 2768 wrote to memory of 2904	2768	BlueStacksInstaller.exe	40
PID 2768 wrote to memory of 2904	2768	BlueStacksInstaller.exe	40
PID 2768 wrote to memory of 2904	2768	BlueStacksInstaller.exe	40
PID 2768 wrote to memory of 2904	2768	BlueStacksInstaller.exe	40
PID 2768 wrote to memory of 2904	2768	BlueStacksInstaller.exe	40

C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.20.0.1005_native_a0e0155c7e586ffd8134dd53396d0ee7_MDs1LDM7MTUsMTsxNSw0OzE1 - Copy (2).exe
"C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.20.0.1005_native_a0e0155c7e586ffd8134dd53396d0ee7_MDs1LDM7MTUsMTsxNSw0OzE1 - Copy (2).exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Users\Admin\AppData\Local\Temp\7zS48BE4F46\BlueStacksInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS48BE4F46\BlueStacksInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:784
- - C:\Users\Admin\AppData\Local\Temp\7zS48BE4F46\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS48BE4F46\HD-CheckCpu.exe" --cmd checkHypervEnabled
    3⤵
    - Executes dropped EXE
    PID:1732
- - C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksMicroInstaller5.14.22.1003_native_a0e0155c7e586ffd8134dd53396d0ee7.exe
    "C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksMicroInstaller5.14.22.1003_native_a0e0155c7e586ffd8134dd53396d0ee7.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1768
  - - C:\Users\Admin\AppData\Local\Temp\7zS8E6A51D6\BlueStacksInstaller.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS8E6A51D6\BlueStacksInstaller.exe"
      4⤵
      Executes dropped EXE
      Modifies system certificate store
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\7zS8E6A51D6\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS8E6A51D6\HD-CheckCpu.exe" --cmd checkHypervEnabled
        5⤵
        Executes dropped EXE
        
        PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\7zS8E6A51D6\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS8E6A51D6\HD-CheckCpu.exe" --cmd checkSSE4
        5⤵
        Executes dropped EXE
        
        PID:1356
    - - C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.14.22.1003_nxt.exe
        
        "C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.14.22.1003_nxt.exe" -s
        5⤵
        Drops file in Program Files directory
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_disabled.svg

Filesize
569B

MD5
e7fdf6a9c8cae1fc1108dc5a803a1905

SHA1
2853f9ff5e63685ebb1449dcf693176b17e4ab60

SHA256
8ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e

SHA512
a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_hover.svg

Filesize
653B

MD5
76166804e6ce35e8a0c92917b8abc071

SHA1
8bd38726a11a9633ac937b9c6f205ce5d36348b0

SHA256
1bca2e912184b8168ee8961de68d1d839f4f9827fde6f48ab100fb61e82eff90

SHA512
93c4f1af7e9f89091a207ab308e05ddd4c92406c039f7465d3b8aca7e0cc7a6c922a22e1eee2f5c88db5e89016ef69294b2a0905d7d6a90fd32835bc11929005

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_normal.svg

Filesize
569B

MD5
3221ac69d7facd8aa90ffa15aea991b0

SHA1
e0571f30f4708ec78addc726a743679ca0f05e45

SHA256
92aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537

SHA512
5e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_pressed.svg

Filesize
653B

MD5
dfddf8d0788988c3e48fcbfb2a76cd20

SHA1
463bb61f0012289e860c32f1885a3a8f57467f2e

SHA256
9585f41eb6202e89f2087266fa31852d7f41ca8cc659b907c96753fe165f937d

SHA512
e708c5114c60f7574589d6a56c9faedda26ee4a40f0eeb25f5e12eadcf790f24fdbf393fa0aa6ad449b5337d625b092d6f8822472fa8a6ce1339aca59c50c3ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
ef84595e694f575bad73a2d7daf79973

SHA1
25270cfa33bf381a94ff452b241f17e2a71fd49b

SHA256
5a40aa4d67ab92b09286e96def21647250771aedb73dfe7168682db7688d8c3f

SHA512
543ed3952f5b3c9efcf46b21e726b618aef60f045134b2ee3d81d5cae5fced3a1ad15e9c31856746d1026e56d7b7ed5b5ea975bab51d2cbe82e847d77fe05fde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
e67aefd0c2bc64f39e441828cc79f1c3

SHA1
736ea440321b547087cdd6a80ee1c1f57f64ea36

SHA256
dc58382a8d63d961776072a6735ec6d8c686c44c31f74bd5463dcd329174f143

SHA512
9d397b0dd4caf0db9b30c5a1c3798e67584a7a84c29d28330ada1a08561713374758d71cd0601f682c749bbecec857460315d0349affdb69e199003426f1fa9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a93efa61956a0a9fcf44c781ba7f4c9

SHA1
177dc26c15dad315ebdd65c493ebee2230d682d7

SHA256
3de8cc39174d1c2b7fa30b444e6871f2ca7556da2f92c7d1e626fb2e4a8dcdbd

SHA512
b379884eea20ccb3efc7fc427c32d592def9e99b7b5ae8a1a9e38fde960c0a6680881b45acbe86567953685ee57a0fe333c7101462ef0b8d9710e1a9c85ab08f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72b96b1c81eed137991a075bad0535a2

SHA1
f94d99ce5672c00d2d19c19a1186213ab1f4d184

SHA256
f06279d140ac832d02ac4e65be1db1d1fbcc9d19461c530f159159143ac91ffa

SHA512
289c2bcab168a10ecdd6dd0615b3ae9c80b618bd14c69b54ddc672971761743cc0db0bdddaadb8a2315f0ded878280bc7befba8c36d2b03bdf0eabbe36b8e75d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0eefb301a0beda61dc2f16610fc8d776

SHA1
8194cc6cb3e7bb19e6f829e4912bd88f98bc036e

SHA256
d590ea33484173f53f89a8907d30a8396de96f2c888b9e913bc6c76b6c3b041c

SHA512
39f332ef7cd617bc2886ab8183109f722557ee314deea118598fbf1ab8d7a0ed9bd4102b5f9f3bf7f894e5503f7717a7c0104f5dbfc57a346c6f81d41d92bb26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
779d3cf5dcf000e3b95c3b6e170b0afc

SHA1
ad73cb446254a031ed9d9cca108c542c42d42067

SHA256
3e72c59c61d0c8a087bcdf04f506f8f78e38580aa71854026a900c8e4d21a429

SHA512
ec89cbdc567bccc6ef3740fe803ae3f1f793e7c4064d51699eb8229f402b3ca9dfca6ab1091113bc19396aeb69210fb6cb9d9b0eb60980a05c791229fc3ce206

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
442cbbbc3612d9bbd74898527dd5073d

SHA1
36d28b4a64902e1f1990bd0653e5b1e502369ad8

SHA256
0edd563e49a33be969f06d917effc46292a604bbdbe2740d85546b39244698ea

SHA512
7559db50f89300f02ba280c0bf62225f3fb68c407346f24f4be8f8d896f74ec092203a729962ca02d3ba2edb871e46e325141b091ad88c683fa3bfadbabfb06b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07c583847f5ab0885a2ba84d2adf9362

SHA1
b4f93543abc6ece6cf991a7f4b9463180cf8c088

SHA256
0aea1d343162e93d1efb5df55a42b0c338b455d7f590f64740f2e97ae1e57e23

SHA512
3212b653410a00c126923688b38ca4391ffefa9803730ee5456af451dd7156d0b4150911a752b7c9dc17bc0640d9ab87b0576ef3f896a00fd76994c87f39e382

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1e3619dcfc786109ecf3e881a1f7ef2

SHA1
094501dbd1fcd5b33737a7e2002103ca6a5a8e17

SHA256
1832872211d277bf21e4e7d7f12d0736e8b8969922fa4afc5a3b08ffe7b3d7ee

SHA512
28b3f3da558b2875d7a5a2fff03b91ad2f348a1ca2a1f4c7c8f471171b029747ddcca4eaef5942747c90c66d2ce42b753cbf23b91940eb5b1ea01c0a4a744906

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fc1e852899b3abbcfe34e944aa04bef

SHA1
3409793604deed1a50c961f7d77073e22f8ff299

SHA256
9bcfed9252f491f0a696c8e857c43caab04ea78de4a3c52bb5843316e78388d9

SHA512
853988bb05ffda7df5aba1994f2954ec440aff90a2eeb294f0ff8eaddd42928b3d8dfce10f14cc534050068cddd99526998d4b92e6083c2663e07bdc61128298

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
232378f4b3b0fd6f2f0b751b649a1a9c

SHA1
638362e8c8309be6307c8e1a02a22022fbe8d207

SHA256
2823112b57431c9a673db6da2abaaf9ba2021b0a385baa09cd86a5b14706bf5f

SHA512
76cfaf8a9a8a522fe7d754bd187d8137f4ffb353c9e6be1fa9203cafaabcc9747c515509ba661a1cb7a2348efbd0defcfebed8799c3ce3341d8626f59dee940a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ff610ad37577d4eb94319f7f553b897

SHA1
8cf67cbdd3affb275071f280c94ea530f636dd70

SHA256
7bdd38b94953b72c2af47bbbcf22a69558de7d4b797dfe4749f0f655f0dc5aa4

SHA512
f5eb89bc8aa365533a65593572eb06478c477a9cd412e2f4d4c241e452b5b08a1a9f39c983af1da66804c7dedff66f2d3b3375a63cf9de2d8775b991a1185c22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16d70b708da0493e1a42b52673814089

SHA1
4b0810b0ba061ed44542a803fd3266b5b9707554

SHA256
cbe388af96535fa03ea12b974adbe36c13df225c89558ecd21332565c346c2a8

SHA512
8a2fc4c06ece80f7475a47cdfa04f5c12f3a1d266706cd287d799871cf186d2219df7c2b86a4c2576da1d58ec6369b587339c8630e7b34b0fcb55b32656e6adb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5e2288e83becbc51aebfa0c8a7f860a

SHA1
dbe886ca2774a57a7095a5b95b7e31d1af50ec96

SHA256
d7a66a87082faef198cc463eabe2f8f3d8fd3fc4f46de16121455d946743efca

SHA512
f02cf3c37c25ac1519de1eff378695195d7ccc88002f896aeb4593f3b78a6c68ec2e111cb0b4ebe6886c2544c354f3722bf336b3e4e4d150cd2c32184636d77a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2cd95848a8ec00554dd5cff40d149246

SHA1
4a068f4bf5d7314b1ec6081552da3280031a247d

SHA256
44781d194e198c6d9e53c44e045ad06511b71a430de5019800fb4869fe433d8a

SHA512
11058cda4ed5a491c2c87a87fc148c0103c2e9a380af9b11aa2738ca780ac51d8d0d944f1931fc21d77db051696c6c946b7cba4fb95de331f38c206f8582a12c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c92cc16fe4288551822297cdeccf7c1

SHA1
964996636e09c51883e2b175f091008953d05fc6

SHA256
2188ae6a0ea9af2bc1b298af8183386dde9773c4d37a1ff3dd16a127dcd6a222

SHA512
b54b0895703f0fad3ceb86056832f3e6e29d60dc8a89a7eaba5268dd0dc28031201cc91179d845b044c6236254f0540bd6c7a8d093dd86fa278f9c55b7432c25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d16a85c5f720485b90b932e88afd6fed

SHA1
47a64df95ae175498d272794e0cfff0570a8ae27

SHA256
c8c55234599910ba60c4331afd240fbc23ebee3a5d3af1941586bb9e4e64745b

SHA512
77b517b0e1315a809332e2db45fc82017f5007b227b4f799bc17008cec0cf91b42451b770301b95968899fedc72f692fa2b4b4a87dc774fb3bf84766d544df13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fbb9ebf1a6e28cef531b99cc4e661cc5

SHA1
3e3a1c183f87a0a24c7edd73d7b91782519a698b

SHA256
87e54a63bfd6d49b66d41d1b87eaadf72b6a46c7fd551fa1b7abdf070df06184

SHA512
b942eb607069493df8b22f01ef569cab1dbda381d81ec2c44089c78748899ac92d1dac4096a18997785cf9864c10677d99045649f9e4c70e06731c096f8702a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a208ecc97ad2d51e33f06ad045da61a9

SHA1
f0783f081b0003e3872a84e38bfcf2818ae9c2f2

SHA256
76678d1bdc268559c65ce9802f2d31de1742ae3b6373ce785c23e9cab467d283

SHA512
488006497215d34aececef7f028136cc07e979d4e404dcc6a87ac287d8ed4c7c2129edf7263ae3e369f2b1fbcb4ba35d80fec78576472bf6e93da521f56cda34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63825f0090a366cc85c42034f51ef1cf

SHA1
c37bce6382da215ae912db156a1b018ea29edd4a

SHA256
88d335a5ba3836c4cce9dc342162cdbd364d964e6f4c0fc841ab35d9eabb9827

SHA512
5b184e101eacddaecea96bd07d018241a056438e13219139d19e053eaf62824878d9fa0f8d4f66ecea2cee4206b54e8d4bbfe540f49dc91a0c9891d9b69d35dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e749469456a9a32f2b7e825229c328b

SHA1
c3fea0266475ccec3882a19407dfef7866ca0fd6

SHA256
d723c0bcce3ae2151b7e235e72ee1e97300c05c7bf9c3c2157625abfe99c7683

SHA512
7d36178c9aa9436125b0befcfa7a0a84015245d045e881cb83dd3e0361699239010e1ef04ddf0ec99364fd240b1a411c56f2a79945f62d2cf01d9b04f14d61ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8bf1dbff0f45650c3753187350560b69

SHA1
0ea5253cd17e4dcbf4dd61a7dee6bf5e434e2bdf

SHA256
2bc16f2b92098736315c9cc4bb2508c1323cf24fd5551f8da5deeefac430c1e0

SHA512
2398b87014e92457016b2295dfef948d2bdff0adf1a5d6de9a914f4cad4e0349a6659cc6db7fca26bd4a370df8099eaa7c17f5a7f82cc2075af1bb910988e8e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
260baaa195b8ec455a374dbea60b90e6

SHA1
c435383137386691d167cdb6771dc271abca7e5d

SHA256
951c8817a200c3309ff7a1b0d370d904a435b4d628720112d95d060bbbf16ffc

SHA512
d60d977f00cb0a156fc9b3a5c0b349bcfde73597518aa69f95157b7f8aee4b914193ce33017e2852da88b0346db6b65f4c8f3d1c7e85c53f712497cb9318775e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c356b99911bd432bec40633a215f2db9

SHA1
d9a84cd34a5bf06b9492e7993637dc8bcc0e9009

SHA256
9d28dfa94de54d26cc750429fbbf40e36a9bfdf57d09a7e3eb069b9848fd00d8

SHA512
27f9742e9590ae3c5613dbe9225ef24acf85d5908cc0444a2874bda7dc3866a774dc8995ee3eb3cd009c85aa4b3ea72cde6c1e06d5714d8e8055203214e5d0d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30d9a7a9e72fd0aa013dcff1cd238a18

SHA1
c93297b0ed7507695f18ad14679894400be3bfaa

SHA256
97f11583e767b329499031e96abb0e639fd4fa45bc3dbda950211970b273385f

SHA512
629f5d8f034d1c81e09295ad96d74d09064a7c30a4290eee86263393e6e706e9511da29567f9e66aaf7343eb8dd63465ca6d36ee8475f187c77be8eb4b87eb78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1b1130585e78f033b1a74211bb9d6d7

SHA1
4f38c0f613f01d264c62b0da2a707ed57b5288f7

SHA256
02c274c422656e31270960a2293f19f0a063f9968fd9cbe929bbb6a42665c88e

SHA512
f6bc55187cceb03c92d3208a6df0837bd5c84d468e3e506104179a210fea7b16966733c20e16e55870b8ffcd0c4c8f6a3c53d8d94a63f63db102d48844eb75d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
112135f5f2bb713de68184b7aeb232d8

SHA1
12b85062054646ba5b5e452230268371a57db7b9

SHA256
b1c3736166789403d8be470d6650ab2a1315b82e8786051f5880cabe74d172b1

SHA512
974de8b2a38ebd967c8a6cb31cf3b521930562472cbcec37d2001625be8494ae01373b1c4d37334ca1268aa1ebf31eec82890998ab2fd8986aed2608f1813e79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a92846babf00b14f47867279b6e3710b

SHA1
744bfad0fc1f9cdd21c884c845a515aed083f15a

SHA256
c75b98a0e8fa5c25b003235a25bd361fbeb270dac83ae8a0d3cdfc932653ddc4

SHA512
6b8e58af5762953a6caab9889db6a8ed37a683abe3bb0fb8c646e8f3887af2927a40222044ee3c380564ec1bfb7a9fa39e619ae67a7a91c5b887d14c0f47f0ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e5c01f0a969cc1a069c36bd577d16e1

SHA1
9cc5b613b10b56333b1650e3edeb5abb16f07f60

SHA256
3b6e8421db8a4fa723b2539a694854c9f6173f11c5b23747082824243db434f3

SHA512
3183d068863c9b7e918dc3175d8c8713834a9f3024c6945a5c4956e266674d483d5852c1e792aee2f660e832db610418d6eda42f8d91abe2853f84d8f960c4bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d41e9926b15340e85161e483aa722f5e

SHA1
05266802ba3572a94dfcc1b8fb5716156f28a129

SHA256
ccb46493d366b541bddda791ec7342b90c90c3d849d0d681dc03e0bd38e71fc8

SHA512
3ac8465b3500aefefb5347466d15575d590cc8bb33d9cdcd159b6a902df2ffb06d1605ebdfb780213386ee26d366af1e17141cae1269f3a32494e56ef73a8de9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
274568a608f5cba896f653de64c2ea1a

SHA1
ccf54e02846a6afeacad9f07792aea6c4bc6cdb9

SHA256
91726bdf2ff540f1af987a9295eb3445a2c743dd0d55fc403b8618ab4255dcf4

SHA512
51342553f2969f61fc0f4d48e0f67c5441627f7a4e41cd804eeb40e2af96724fde37a2e62f203a894b2fa73e322de0cac160c2694197e0fb6d8836a80808aaa3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8cc17b18bc53a6cad1b4a8d83cc23d9e

SHA1
4a9dc36e0c5da53577a1871f9c0a2b028639e425

SHA256
784767b227cb022edc739114f0e67d695069ca50f70e95e40997476cd8327c55

SHA512
53e9f1d655bcbf52aa6217be8a3409f0a9db22eae4ef47933768b3a5ea23f20dc21b17375cd10598beb537fdea32d03a5824c450b42452749fc3339b0a54e8ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d48d5030ea47bca35f265dd34482b9cf

SHA1
16d84157ca80a7c5e521965976334117c052ca05

SHA256
b302e9ce71705696f2c12f5ddf4b3075b92827360a582346560e1f0502b460d5

SHA512
e6b89dadfed20059fda429a81cf336d0e7e5ec8982699769d5031abebca051f2071ad3c9f6b844372af0533932b9206fce823b24e2bc72b05256db9807dd9da5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d1101ff821b508db5b5deb15f2c6743

SHA1
57054498ffb78ba1ca5a76a872f260f4f31d9b47

SHA256
7a85ef185e811545ee222a36e275121dd6f401e67b16ddb9ce88f24cebd7fb82

SHA512
a69a7649195b9eb0422a2379b0213bdec12198ca5233d43b6bffdc5e23e96559d721367c00692b6f4b135100097c20b9918c85c18bb1c4ab25237e883ee18186

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab49f0133dd35e8245854f5a5f3d082a

SHA1
6b97c35724f563adcd758ecfaf838725c4480287

SHA256
23896087348659c2cbd63041a5c039f588f5dfa35c7c9450a1587252f9bcd000

SHA512
1355f87771f43f5848af3479bc1903365d0827fb5ed17f209b46fd5d957b3b0af1e4453157043492a4ad8f4a20f9e1007616fcfba6ff0f640fc43d73d9ffaca4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
547f837ee6f2235446b72004ef264ba2

SHA1
f76472a892ffbb921048fc7aa7262c047c162491

SHA256
38a951a23b6c8cb5af453004311b5e1fb8978582a6ee0d10ccb6fc0160f18997

SHA512
060302ebcfadaec958b7c50fffd78beb9bbf2d617513f93be2964e8cdc327d8521ad6589b0d43d5009940fed3b5445345f70a2e0758578d007829760401ec410

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
7c73a8588f1b64d8e51e81b0a8290004

SHA1
1440ab6f2334b15fe8c8a28fca7edd4889a07853

SHA256
dc2f3b659666aacd46d1a0d731d646f68752de92dde8c16c9faf6e68af4b8a1b

SHA512
e44ce8fb9d05b1eb57ff3dd239ea13e60801fb7f30367000c96d71629caa1f9349f9e38f571d78245725ca22bfe721dfca8558147e1df47d0382fcaa60730673

Download Submit
C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksMicroInstaller5.14.22.1003_native_a0e0155c7e586ffd8134dd53396d0ee7.exe

Filesize
900KB

MD5
4611f5bcd1dce6d2d0e0bfafdbc70c84

SHA1
5f22f6540e4ce5f2c6e5b9bb1d2f1af8f5779128

SHA256
71c0651f04787a0b9d1c997b5026cc388f798e608c6049d44daea58669a3eba2

SHA512
a62165ae66a6e21da73da7a31285a1f901495c192be729ec249b278cd6b3093107f4ea315ea82d572d72755e30b77b8ce87a515e14a57fc22a4c86466bddffd3

Download Submit
C:\Users\Admin\AppData\Local\Bluestacks\Logs.log

Filesize
780B

MD5
655ae66b2828d152ad5c9b1a85651339

SHA1
716c61a233e7f4600b0fcc58c7dc9e86463fd092

SHA256
d441efa4ac00daf06945e6354e829ec9ed034e5fef9c2ae6a7d5bc84e2340289

SHA512
59ec6c52c18f9f2eb79b22e90077646bdc1b72443f7526392c73d3bb1b8cd6e064c106314d9dc9d999f0ca01056cd7cbefea5f01e6fbfe895280407b4d42dca5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48BE4F46\Assets\error_icon_72.png

Filesize
1KB

MD5
4aaf83d2b3fd56ad806708e60474df39

SHA1
144777a265879b69fadea3eb3ac6939458918578

SHA256
84e59d14d9433e6c3d92daeb8c443063b5e3be6c0b297f0403dbde473a05cb3f

SHA512
3b8485f054fe6ed2374bc81cb1786f09741219fbfcb22503707b11cf5db1ab262ba4349633597d5d9ddabc3415b170fa8eebc932f58d211d7092b8fb96fa1304

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48BE4F46\Assets\exit_close.png

Filesize
670B

MD5
26eb04b9e0105a7b121ea9c6601bbf2a

SHA1
efc08370d90c8173df8d8c4b122d2bb64c07ccd8

SHA256
7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

SHA512
9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48BE4F46\Assets\link.png

Filesize
306B

MD5
ae2c73ee43d722c327c7fb6fdbee905c

SHA1
96f238bf53ac80f5b7a9ad6ef2531e8e3f274628

SHA256
28c0abc6bfe7a155815104883a37a53dd783d142300471064c95eddf3cae0eaf

SHA512
5a1e341f727cf1cb4832cced8e96c5a74971451629603c48bfb91ceb4561d0122ab9ae701f8b34681d5f13115a384467d430ccb8282494b40f4577ebc3ad825b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48BE4F46\Assets\loader.png

Filesize
279B

MD5
03903fd42ed2ee3cb014f0f3b410bcb4

SHA1
762a95240607fe8a304867a46bc2d677f494f5c2

SHA256
076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1

SHA512
8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48BE4F46\Assets\minimize_progress.png

Filesize
212B

MD5
1504b80f2a6f2d3fefc305da54a2a6c2

SHA1
432a9d89ebc2f693836d3c2f0743ea5d2077848d

SHA256
2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

SHA512
675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48BE4F46\BlueStacksInstaller.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48BE4F46\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48BE4F46\JSON.dll

Filesize
411KB

MD5
f5fd966e29f5c359f78cb61a571d1be4

SHA1
a55e7ed593b4bc7a77586da0f1223cfd9d51a233

SHA256
d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

SHA512
d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48BE4F46\Locales\i18n.en-US.txt

Filesize
19KB

MD5
206562eed57e938afe21fc6942fa8e59

SHA1
779e90fec866c0fd2f47da020651db71c89ec3dd

SHA256
27d611a71edf36307a7ed0651f6c5910292ac7e2b68074a7e33d306b3d93ec45

SHA512
275c3192a7aee28fad31beb521cf5e7c66010e7562ce244ba9fc4de352f35b4ab63180ed12a56ea0b1458c185e076e2d07ba6d8797467177d3c5b2ac14371b26

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48BE4F46\ThemeFile

Filesize
80KB

MD5
c3e6bab4f92ee40b9453821136878993

SHA1
94493a6b3dfb3135e5775b7d3be227659856fbc4

SHA256
de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6

SHA512
a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E6A51D6\Assets\backicon.png

Filesize
15KB

MD5
7ff5dc8270b5fa7ef6c4a1420bd67a7f

SHA1
b224300372feaa97d882ca2552b227c0f2ef4e3e

SHA256
fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1

SHA512
f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E6A51D6\Assets\close_red.png

Filesize
15KB

MD5
93216b2f9d66d423b3e1311c0573332d

SHA1
5efaebec5f20f91f164f80d1e36f98c9ddaff805

SHA256
d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb

SHA512
922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E6A51D6\Assets\custom.png

Filesize
17KB

MD5
03b17f0b1c067826b0fcc6746cced2cb

SHA1
e07e4434e10df4d6c81b55fceb6eca2281362477

SHA256
fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b

SHA512
67c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E6A51D6\Assets\installer_bg.jpg

Filesize
78KB

MD5
3478e24ba1dd52c80a0ff0d43828b6b5

SHA1
b5b13bbf3fb645efb81d3562296599e76a2abac0

SHA256
4c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904

SHA512
5c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E6A51D6\Assets\installer_logo.png

Filesize
14KB

MD5
e33432b5d6dafb8b58f161cf38b8f177

SHA1
d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a

SHA256
9f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183

SHA512
520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E6A51D6\Assets\installer_minimize.png

Filesize
113B

MD5
38b539a1e4229738e5c196eedb4eb225

SHA1
f027b08dce77c47aaed75a28a2fce218ff8c936c

SHA256
a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2

SHA512
2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E6A51D6\Assets\setpath.png

Filesize
15KB

MD5
b2e7f40179744c74fded932e829cb12a

SHA1
a0059ab8158a497d2cf583a292b13f87326ec3f0

SHA256
5bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b

SHA512
b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E6A51D6\Assets\unchecked_gray.png

Filesize
192B

MD5
e50df2a0768f7fc4c3fe8d784564fea3

SHA1
d1fc4db50fe8e534019eb7ce70a61fd4c954621a

SHA256
671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396

SHA512
c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E6A51D6\Locales\i18n.en-US.txt

Filesize
18KB

MD5
bc0bfbf0fa8b40c2f72957c2f57afb8f

SHA1
644765340a713413e159ff57f0098501ca8304f4

SHA256
819b673bc98a9aefa9e480b3df2a5f9558033fce38c2a2f5be08d10b9a859e28

SHA512
6e7e88ac28190011c1e1e2a78517e3bb858e35ac90f125882c64bfa26d5a6f7ee6718c558b9446f3aeead0a8fc53c825fca66ad2f6d82819ede19b88ff658e3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar747A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu7BE5.tmp\nsDui.dll

Filesize
3.0MB

MD5
c40a4e327c43f7f51a20c38b1bae840f

SHA1
0f56fe0a357a71ef32cb138258366f743f8fc398

SHA256
ef94f69593fd376e52a46934629b634a6365590b7102cd45a2dfe45533139060

SHA512
f379dc79899744160f21d6c8f11341b2251e58c09dd510b035cf08ce8bfcd38e290b96af3baa656ec85be8753dca7e32d3b95098ced1cfb481142d454b178565

Download Submit
\Users\Admin\AppData\Local\Temp\7zS48BE4F46\BlueStacksInstaller.exe

Filesize
623KB

MD5
cc041375a535f92ecaeda1672b5677da

SHA1
ef38cc04d88f8070af259567b108ac031fca7614

SHA256
ea1e6c9644acc3611928c221cb9669fb99dbbda3a55a6a7fb819f6e52e4c538c

SHA512
2949c50a70fb5f87c8f809f96d4dc3c600515b000feaf38b9e7dd132936024aa7d14aef3183b666cb8ddf947ee8d5ac5ea555cb211c685d88657995333284b16

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8E6A51D6\BlueStacksInstaller.exe

Filesize
607KB

MD5
1744edd4e585a5efbd49ad0593810af1

SHA1
57dbda1bac0b48803933da6940c3b88376774c69

SHA256
3b136c884fb6e21acfcca33538f9b2e472f0eb83ae9a5a128cb1d5a6098b7f31

SHA512
f7690f5cbb08f2b7f801aecb24c826dee1fc08cd9d324b54359ab258be92577e72dcbab146bc4f55ab58dee0a01ff32070ef0f4a58385ba928f3f01bfe15d018

Download Submit
\Users\Admin\AppData\Local\Temp\nsu7BE5.tmp\BgWorker.dll

Filesize
12KB

MD5
36c81676ada53ceb99e06693108d8cce

SHA1
d31fa4aebd584238b3edc4768dd5414494610889

SHA256
a9e4f7ec65670d2ce375ffaf09b6d07f4cd531132ca002452287a4d540154a38

SHA512
1300de7b3e1ac9e706e0aad0b70e3e2a21db8c860e05b314a52e63dd66b5dffdf6be1e38ab6ede13bfd3a64631cc909486bf4b1403e7d821e3b566edc514c63c

Download Submit
\Users\Admin\AppData\Local\Temp\nsu7BE5.tmp\System.dll

Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
\Users\Admin\AppData\Local\Temp\nsu7BE5.tmp\nsDialogs.dll

Filesize
9KB

MD5
f7b92b78f1a00a872c8a38f40afa7d65

SHA1
872522498f69ad49270190c74cf3af28862057f2

SHA256
2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e

SHA512
3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79

Download Submit
\Users\Admin\AppData\Local\Temp\nsu7BE5.tmp\nsis7z.dll

Filesize
434KB

MD5
95f6f6ab9509bc366ab9215defe4251a

SHA1
e3f4a6effd6ca5838cfe91a01967cb72edcc7b0b

SHA256
a896a9ece055d334d431cd0f856113ab925d9ee86d2dee383c0bfbbef11a5b50

SHA512
a853f70d2ea7f384df99be067724bf3ca73c63f3c3573c112f5528fc86a96bd34509d934b038e2a81833f3abb3eedbc5894921291139100e01df6e35696c0ecc

Download Submit
memory/784-126-0x000007FEF50F0000-0x000007FEF5ADC000-memory.dmp

Filesize
9.9MB

Download
memory/784-195-0x0000000000360000-0x000000000036A000-memory.dmp

Filesize
40KB

Download
memory/784-125-0x000000001AE60000-0x000000001AEC8000-memory.dmp

Filesize
416KB

Download
memory/784-1459-0x000007FEF50F0000-0x000007FEF5ADC000-memory.dmp

Filesize
9.9MB

Download
memory/784-1056-0x000007FEF50F0000-0x000007FEF5ADC000-memory.dmp

Filesize
9.9MB

Download
memory/784-123-0x00000000001E0000-0x000000000027E000-memory.dmp

Filesize
632KB

Download
memory/784-121-0x000007FEF50F3000-0x000007FEF50F4000-memory.dmp

Filesize
4KB

Download
memory/784-1055-0x000007FEF50F3000-0x000007FEF50F4000-memory.dmp

Filesize
4KB

Download
memory/2768-1446-0x0000000000AE0000-0x0000000000B48000-memory.dmp

Filesize
416KB

Download
memory/2768-1442-0x0000000000CD0000-0x0000000000D6A000-memory.dmp

Filesize
616KB

Download
memory/2768-1565-0x00000000005D0000-0x00000000005DA000-memory.dmp

Filesize
40KB

Download
memory/2768-2104-0x00000000005D0000-0x00000000005DA000-memory.dmp

Filesize
40KB

Download
memory/2768-1566-0x00000000005D0000-0x00000000005DA000-memory.dmp

Filesize
40KB

Download