6d996f70f6b9f99e4ae0aad1f28d224c84c22194551ca4e21f56127eb563faea

Analysis

max time kernel
238s
max time network
241s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
10-07-2024 18:03

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

BlueStacks10Installer_10.41.218.1001_native_4193c2c7c9ecd6086f79e1b24a2d3501_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe
Size

911KB
MD5

05cd50890a8efa95d686384d2d96c530
SHA1

ad496d950142315aa8662edb002549e84d3de424
SHA256

6d996f70f6b9f99e4ae0aad1f28d224c84c22194551ca4e21f56127eb563faea
SHA512

6dc050e3c6577299ba4bcc306d1866ddea3eb2499f75f1de96e435d03f03b0ccf4021602be0eb6c816d7a0e81ce29590de247a084d67e88a64fa6ced4043bcf3
SSDEEP

24576:bivtCXWeGKM8WolR74uEFQWa3GZllJCGt3:+tCXWPIWofUuCQWa25JN3

Score

6^/10

discovery evasion persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file

Modifies Windows Firewall 2 TTPs 4 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
5512	netsh.exe
5400	netsh.exe
5776	netsh.exe
9116	netsh.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\BlueStacks X\api-ms-win-crt-utility-l1-1-0.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\api-ms-win-eventing-provider-l1-1-0.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\access\libnfs_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libnormvol_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libmotionblur_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\position\qtposition_positionpoll.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\api-ms-win-crt-runtime-l1-1-0.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\concrt140.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\services_discovery\libwindrive_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libextract_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\Qt5QuickWidgets.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\account\facebook.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\cef\locales\kn.pak	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\close_normal.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\api-ms-win-core-localization-l1-2-0.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\api-ms-win-crt-time-l1-1-0.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\services_discovery\libwindrive_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\cef\locales\ar.pak	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\SideBar\add_hover.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\language\tr.qm	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\imageformats\qico.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\settings	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\MyGames\next_enable.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\MyGames\Shadow_under_those_cards.png	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\zh-TW.pak	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\MyGames\NavigatorBack_Holding.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\styles	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\cef\locales\pt-PT.pak	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\account\crown.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\pt-BR.pak	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\www\offline.html	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\www\offline.html	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libaudio_format_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libhqdn3d_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\family\Rubik-Regular.ttf	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\error.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\Gallery\next_disabled.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\AndroidGame_hover.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\aws\aws-c-event-stream.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\cef\locales\sv.pak	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\account\logo.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\LocalAPK\icon_upload_disabled.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\www\js\index_cef.js	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\services_discovery\libsap_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libedgedetection_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\mediaservice	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\cef\locales\ml.pak	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\MyGames\NavigatorBack_Default.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\toast_icon.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\mux\libmux_ts_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\vccorlib140.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\xplugins\HttpDaoMgrPlugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\family\Rubik-Regular.ttf	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\close_pressed.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\MyGames\muti.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\CS.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\www\js\localize.js	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libextract_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\cef\locales\pt-PT.pak	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\radioButton\selected_hover.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\CloudGame.svg	BSX-Setup-5.14.22.1003_nxt.exe

Executes dropped EXE 23 IoCs

pid	Process
2080	BlueStacksInstaller.exe
1128	HD-CheckCpu.exe
3700	BlueStacks10Installer_10.41.218.1001_native_7b20fa6be26ac7e708b4fca6c1556a5b_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe
3196	BlueStacksInstaller.exe
3640	HD-CheckCpu.exe
3740	BlueStacksMicroInstaller5.14.22.1003_native_7b20fa6be26ac7e708b4fca6c1556a5b.exe
3504	BlueStacksInstaller.exe
3092	HD-CheckCpu.exe
3712	HD-CheckCpu.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
4608	2025686790BlueStacksMicroInstaller5.14.22.1003_native_7b20fa6be26ac7e708b4fca6c1556a5b.exe
4788	Bootstrapper.exe
7720	BlueStacksInstaller.exe
5152	7zr.exe
4208	7zr.exe
6700	HD-ForceGPU.exe
3732	HD-GLCheck.exe
3868	HD-GLCheck.exe
2972	HD-GLCheck.exe
4028	HD-GLCheck.exe
3728	HD-GLCheck.exe
3392	HD-GLCheck.exe
6400	7zr.exe

Loads dropped DLL 64 IoCs

pid	Process
1688	BlueStacks10Installer_10.41.218.1001_native_4193c2c7c9ecd6086f79e1b24a2d3501_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe
1688	BlueStacks10Installer_10.41.218.1001_native_4193c2c7c9ecd6086f79e1b24a2d3501_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe
1688	BlueStacks10Installer_10.41.218.1001_native_4193c2c7c9ecd6086f79e1b24a2d3501_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe
1688	BlueStacks10Installer_10.41.218.1001_native_4193c2c7c9ecd6086f79e1b24a2d3501_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe
3700	BlueStacks10Installer_10.41.218.1001_native_7b20fa6be26ac7e708b4fca6c1556a5b_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe
3700	BlueStacks10Installer_10.41.218.1001_native_7b20fa6be26ac7e708b4fca6c1556a5b_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe
3700	BlueStacks10Installer_10.41.218.1001_native_7b20fa6be26ac7e708b4fca6c1556a5b_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe
3700	BlueStacks10Installer_10.41.218.1001_native_7b20fa6be26ac7e708b4fca6c1556a5b_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe
3740	BlueStacksMicroInstaller5.14.22.1003_native_7b20fa6be26ac7e708b4fca6c1556a5b.exe
3740	BlueStacksMicroInstaller5.14.22.1003_native_7b20fa6be26ac7e708b4fca6c1556a5b.exe
3740	BlueStacksMicroInstaller5.14.22.1003_native_7b20fa6be26ac7e708b4fca6c1556a5b.exe
3740	BlueStacksMicroInstaller5.14.22.1003_native_7b20fa6be26ac7e708b4fca6c1556a5b.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 12 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10e02eacf3d2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DCD82E11-3EE6-11EF-9749-F6314D1D8E10} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf71000000000200000000001066000000010000200000004e1a1b62f0bb7ed016bc7c305d08ba9f33f9f61965b8f2deb6473f56f4595449000000000e80000000020000200000002719b70fff68e95dc648a5bdbcac12780b11f67160dc63a78a10c86bd39125db9000000045f3af02e86b351ba556d1513e0b9955b92824c8fb6a6453e1902016adccc91a476b3ea778d4721786d838a1477915375b02240e0c78576a96b2c7b555baecb5f796623bddba10939a0ab11653004bcf3e24b3f9e39f8bbdd89c93f75a9ba9a0dfbfe4c0e55dcd16bc451089c538449a4e9baf7c6cc43bfdf169ff552b247c99de6b0d7ed0a5356c84bb61b4c481fc6440000000da5a912b5bb1a2565752ea748842e063ac9592c152fd80d53251c53539b5dfcbc54797b0f4f386022012981c36fa6cd9d60876311f2d32b2e4d664d2ff11cf38	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf71000000000200000000001066000000010000200000005de5a052449a11fac9ed247763d9efff8e88f5267317bbd74cc6cd03e413bbdc000000000e8000000002000020000000caf4c4ad4a75e353e31aa3007d22b290e9c3b7638594bb19749a93d0c0a40a4520000000463042ab399f0c2aae91552c867e2579cc6dcf4f15acdb8ee5ec1d2ca357986b40000000e8f0a8e2eb97566eaeee15f8e37fa135c44bef986a64afa39e43197000607f4c61b3634a9a1b27f459efe7d5180ebab744fa2fa5e42f7eeb5d23874614935fc1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426796541"	iexplore.exe

Modifies registry class 12 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\URL Protocol	BSX-Setup-5.14.22.1003_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell	BSX-Setup-5.14.22.1003_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\	BSX-Setup-5.14.22.1003_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\	BSX-Setup-5.14.22.1003_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command\ = "\"C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe\" -open \"%1\""	BSX-Setup-5.14.22.1003_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX	BSX-Setup-5.14.22.1003_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\ = "URL:BlueStacksX Protocol Handler"	BSX-Setup-5.14.22.1003_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon	BSX-Setup-5.14.22.1003_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon\ = "C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe,0"	BSX-Setup-5.14.22.1003_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open	BSX-Setup-5.14.22.1003_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command	BSX-Setup-5.14.22.1003_nxt.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BlueStacksInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	BlueStacksInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	BlueStacksInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	BlueStacksInstaller.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.218.1001_native_7b20fa6be26ac7e708b4fca6c1556a5b_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
2080	BlueStacksInstaller.exe
2080	BlueStacksInstaller.exe
2080	BlueStacksInstaller.exe
2080	BlueStacksInstaller.exe
2080	BlueStacksInstaller.exe
3196	BlueStacksInstaller.exe
3196	BlueStacksInstaller.exe
3196	BlueStacksInstaller.exe
3196	BlueStacksInstaller.exe
3196	BlueStacksInstaller.exe
3196	BlueStacksInstaller.exe
3196	BlueStacksInstaller.exe
3504	BlueStacksInstaller.exe
3504	BlueStacksInstaller.exe
3504	BlueStacksInstaller.exe
3504	BlueStacksInstaller.exe
3504	BlueStacksInstaller.exe
3504	BlueStacksInstaller.exe
3504	BlueStacksInstaller.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
3624	BSX-Setup-5.14.22.1003_nxt.exe
4788	Bootstrapper.exe
4788	Bootstrapper.exe
4788	Bootstrapper.exe
4788	Bootstrapper.exe
4788	Bootstrapper.exe
4788	Bootstrapper.exe
4788	Bootstrapper.exe
4788	Bootstrapper.exe
4788	Bootstrapper.exe
4788	Bootstrapper.exe
7720	BlueStacksInstaller.exe
7720	BlueStacksInstaller.exe
7720	BlueStacksInstaller.exe
7720	BlueStacksInstaller.exe
7720	BlueStacksInstaller.exe
7720	BlueStacksInstaller.exe
7720	BlueStacksInstaller.exe

Suspicious use of AdjustPrivilegeToken 32 IoCs

description	pid	Process
Token: SeDebugPrivilege	2080	BlueStacksInstaller.exe
Token: SeDebugPrivilege	2692	firefox.exe
Token: SeDebugPrivilege	2692	firefox.exe
Token: SeDebugPrivilege	3196	BlueStacksInstaller.exe
Token: SeDebugPrivilege	3504	BlueStacksInstaller.exe
Token: SeSecurityPrivilege	3624	BSX-Setup-5.14.22.1003_nxt.exe
Token: SeDebugPrivilege	3624	BSX-Setup-5.14.22.1003_nxt.exe
Token: SeDebugPrivilege	3624	BSX-Setup-5.14.22.1003_nxt.exe
Token: SeDebugPrivilege	3624	BSX-Setup-5.14.22.1003_nxt.exe
Token: SeDebugPrivilege	3624	BSX-Setup-5.14.22.1003_nxt.exe
Token: SeDebugPrivilege	3624	BSX-Setup-5.14.22.1003_nxt.exe
Token: SeDebugPrivilege	3624	BSX-Setup-5.14.22.1003_nxt.exe
Token: SeDebugPrivilege	3624	BSX-Setup-5.14.22.1003_nxt.exe
Token: SeDebugPrivilege	3624	BSX-Setup-5.14.22.1003_nxt.exe
Token: SeDebugPrivilege	4788	Bootstrapper.exe
Token: SeDebugPrivilege	7720	BlueStacksInstaller.exe
Token: SeRestorePrivilege	5152	7zr.exe
Token: 35	5152	7zr.exe
Token: SeSecurityPrivilege	5152	7zr.exe
Token: SeSecurityPrivilege	5152	7zr.exe
Token: SeRestorePrivilege	4208	7zr.exe
Token: 35	4208	7zr.exe
Token: SeSecurityPrivilege	4208	7zr.exe
Token: SeSecurityPrivilege	4208	7zr.exe
Token: SeRestorePrivilege	6400	7zr.exe
Token: 35	6400	7zr.exe
Token: SeSecurityPrivilege	6400	7zr.exe
Token: SeSecurityPrivilege	6400	7zr.exe
Token: 33	6284	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6284	AUDIODG.EXE
Token: 33	6284	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6284	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 7 IoCs

pid	Process
1520	iexplore.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
1520	iexplore.exe
1520	iexplore.exe
1892	IEXPLORE.EXE
1892	IEXPLORE.EXE
1892	IEXPLORE.EXE
1892	IEXPLORE.EXE
1892	IEXPLORE.EXE
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2080	1688	BlueStacks10Installer_10.41.218.1001_native_4193c2c7c9ecd6086f79e1b24a2d3501_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe	30
PID 1688 wrote to memory of 2080	1688	BlueStacks10Installer_10.41.218.1001_native_4193c2c7c9ecd6086f79e1b24a2d3501_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe	30
PID 1688 wrote to memory of 2080	1688	BlueStacks10Installer_10.41.218.1001_native_4193c2c7c9ecd6086f79e1b24a2d3501_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe	30
PID 1688 wrote to memory of 2080	1688	BlueStacks10Installer_10.41.218.1001_native_4193c2c7c9ecd6086f79e1b24a2d3501_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe	30
PID 2080 wrote to memory of 1128	2080	BlueStacksInstaller.exe	31
PID 2080 wrote to memory of 1128	2080	BlueStacksInstaller.exe	31
PID 2080 wrote to memory of 1128	2080	BlueStacksInstaller.exe	31
PID 2080 wrote to memory of 1128	2080	BlueStacksInstaller.exe	31
PID 2080 wrote to memory of 1520	2080	BlueStacksInstaller.exe	33
PID 2080 wrote to memory of 1520	2080	BlueStacksInstaller.exe	33
PID 2080 wrote to memory of 1520	2080	BlueStacksInstaller.exe	33
PID 1520 wrote to memory of 1892	1520	iexplore.exe	34
PID 1520 wrote to memory of 1892	1520	iexplore.exe	34
PID 1520 wrote to memory of 1892	1520	iexplore.exe	34
PID 1520 wrote to memory of 1892	1520	iexplore.exe	34
PID 3032 wrote to memory of 2692	3032	firefox.exe	37
PID 3032 wrote to memory of 2692	3032	firefox.exe	37
PID 3032 wrote to memory of 2692	3032	firefox.exe	37
PID 3032 wrote to memory of 2692	3032	firefox.exe	37
PID 3032 wrote to memory of 2692	3032	firefox.exe	37
PID 3032 wrote to memory of 2692	3032	firefox.exe	37
PID 3032 wrote to memory of 2692	3032	firefox.exe	37
PID 3032 wrote to memory of 2692	3032	firefox.exe	37
PID 3032 wrote to memory of 2692	3032	firefox.exe	37
PID 3032 wrote to memory of 2692	3032	firefox.exe	37
PID 3032 wrote to memory of 2692	3032	firefox.exe	37
PID 3032 wrote to memory of 2692	3032	firefox.exe	37
PID 2692 wrote to memory of 2008	2692	firefox.exe	38
PID 2692 wrote to memory of 2008	2692	firefox.exe	38
PID 2692 wrote to memory of 2008	2692	firefox.exe	38
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39
PID 2692 wrote to memory of 1668	2692	firefox.exe	39

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.218.1001_native_4193c2c7c9ecd6086f79e1b24a2d3501_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe
"C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.218.1001_native_4193c2c7c9ecd6086f79e1b24a2d3501_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Users\Admin\AppData\Local\Temp\7zS896F5417\BlueStacksInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS896F5417\BlueStacksInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2080
- - C:\Users\Admin\AppData\Local\Temp\7zS896F5417\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS896F5417\HD-CheckCpu.exe" --cmd checkHypervEnabled
    3⤵
    - Executes dropped EXE
    PID:1128
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://cloud.bluestacks.com/bs3/help_articles?article=RawMode_help_Win7&oem=nxt&locale=en-US&image_name=Nougat32
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1520
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1520 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1892

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2692.0.1396480787\1512054549" -parentBuildID 20221007134813 -prefsHandle 1168 -prefMapHandle 1092 -prefsLen 20769 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a122575a-b2a0-4c7a-9c80-815e4e902098} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" 1340 3fd4058 gpu
    3⤵
    PID:2008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2692.1.1751165501\495706680" -parentBuildID 20221007134813 -prefsHandle 1512 -prefMapHandle 1504 -prefsLen 20850 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {72db986c-e9ac-4776-aaa9-7c777be40579} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" 1536 3fbf858 socket
    3⤵
    - Checks processor information in registry
    PID:1668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2692.2.483775292\1901968178" -childID 1 -isForBrowser -prefsHandle 2060 -prefMapHandle 2056 -prefsLen 20888 -prefMapSize 233414 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7942f559-680c-4f80-9f09-27c9806a2ba6} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" 2072 19a35058 tab
    3⤵
    PID:924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2692.3.1668009918\1885285176" -childID 2 -isForBrowser -prefsHandle 2584 -prefMapHandle 2580 -prefsLen 26073 -prefMapSize 233414 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59efd616-aa8a-4492-8274-8151592cd505} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" 2596 1c024b58 tab
    3⤵
    PID:2352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2692.4.570229359\464712372" -childID 3 -isForBrowser -prefsHandle 2788 -prefMapHandle 2780 -prefsLen 26073 -prefMapSize 233414 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b537d94-32a8-4a0a-ac89-e9ece0b0012e} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" 2800 1c0fa858 tab
    3⤵
    PID:976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2692.5.1985128216\2064851873" -childID 4 -isForBrowser -prefsHandle 3812 -prefMapHandle 2764 -prefsLen 26273 -prefMapSize 233414 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {798baebf-0132-4816-ba0c-f69aab0d20f9} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" 3828 1edbbb58 tab
    3⤵
    PID:2276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2692.6.1145377416\1138425752" -childID 5 -isForBrowser -prefsHandle 3932 -prefMapHandle 3936 -prefsLen 26197 -prefMapSize 233414 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a859a834-6f3e-430c-8aa2-8127f5e7b4e1} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" 3920 1edbc458 tab
    3⤵
    PID:2132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2692.7.1320416038\1537325473" -childID 6 -isForBrowser -prefsHandle 4108 -prefMapHandle 4112 -prefsLen 26197 -prefMapSize 233414 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d117a79d-3a81-45fd-8019-cdcf6a390245} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" 4100 1edbd658 tab
    3⤵
    PID:856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2692.8.1002023447\1078983555" -childID 7 -isForBrowser -prefsHandle 8420 -prefMapHandle 8424 -prefsLen 26356 -prefMapSize 233414 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7f0e07f-ecfb-415d-b29e-bd528f782173} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" 8408 21e08a58 tab
    3⤵
    PID:3124
- - C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.218.1001_native_7b20fa6be26ac7e708b4fca6c1556a5b_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe
    "C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.218.1001_native_7b20fa6be26ac7e708b4fca6c1556a5b_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\7zS47E97D98\BlueStacksInstaller.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS47E97D98\BlueStacksInstaller.exe"
      4⤵
      Executes dropped EXE
      Modifies system certificate store
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\7zS47E97D98\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS47E97D98\HD-CheckCpu.exe" --cmd checkHypervEnabled
        5⤵
        Executes dropped EXE
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksMicroInstaller5.14.22.1003_native_7b20fa6be26ac7e708b4fca6c1556a5b.exe
        
        "C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksMicroInstaller5.14.22.1003_native_7b20fa6be26ac7e708b4fca6c1556a5b.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\BlueStacksInstaller.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\BlueStacksInstaller.exe"
        6⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\HD-CheckCpu.exe" --cmd checkHypervEnabled
        7⤵
        Executes dropped EXE
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\HD-CheckCpu.exe" --cmd checkSSE4
        7⤵
        Executes dropped EXE
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.14.22.1003_nxt.exe
        
        "C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.14.22.1003_nxt.exe" -s
        7⤵
        Drops file in Program Files directory
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3624
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\BlueStacks X\green.vbs"
        8⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c green.bat
        9⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall delete rule name="BlueStacksWeb"
        10⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:9116
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall delete rule name="Cloud Game"
        10⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:5512
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall add rule name="BlueStacksWeb" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe"
        10⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:5400
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall add rule name="Cloud Game" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\Cloud Game.exe"
        10⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\BlueStacksSetup\2025686790BlueStacksMicroInstaller5.14.22.1003_native_7b20fa6be26ac7e708b4fca6c1556a5b.exe
        
        "C:\Users\Admin\AppData\Local\BlueStacksSetup\2025686790BlueStacksMicroInstaller5.14.22.1003_native_7b20fa6be26ac7e708b4fca6c1556a5b.exe" -versionMachineID=6054d976-3d6c-4fe6-88e6-90f4a9213e72 -machineID=c2df9549-67bc-4beb-9e99-4af8ffa86add -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Nougat32 -imageToLaunch=Nougat32 -isSSE4Available=1 -appToLaunch=bs5 -bsxVersion=10.5.22.1006
        7⤵
        Executes dropped EXE
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\7zS002676AA\Bootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS002676AA\Bootstrapper.exe" -versionMachineID=6054d976-3d6c-4fe6-88e6-90f4a9213e72 -machineID=c2df9549-67bc-4beb-9e99-4af8ffa86add -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Nougat32 -imageToLaunch=Nougat32 -isSSE4Available=1 -appToLaunch=bs5 -bsxVersion=10.5.22.1006
        8⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\7zS002676AA\BlueStacksInstaller.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS002676AA\BlueStacksInstaller.exe" -versionMachineID="6054d976-3d6c-4fe6-88e6-90f4a9213e72" -machineID="c2df9549-67bc-4beb-9e99-4af8ffa86add" -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName="Nougat32" -imageToLaunch="Nougat32" -appToLaunch="bs5" -bsxVersion="10.5.22.1006" -parentpath="C:\Users\Admin\AppData\Local\BlueStacksSetup\2025686790BlueStacksMicroInstaller5.14.22.1003_native_7b20fa6be26ac7e708b4fca6c1556a5b.exe" -md5=7b20fa6be26ac7e708b4fca6c1556a5b -app64=
        9⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\7zS002676AA\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS002676AA\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS002676AA\CommonInstallUtils.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS002676AA\" -aoa
        10⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\7zS002676AA\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS002676AA\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS002676AA\QtRedistx64.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS002676AA\" -aoa
        10⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\7zS002676AA\HD-ForceGPU.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS002676AA\HD-ForceGPU.exe" 1 "C:\Program Files\BlueStacks_nxt"
        10⤵
        Executes dropped EXE
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\7zS002676AA\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS002676AA\HD-GLCheck.exe" 1 2
        10⤵
        Executes dropped EXE
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\7zS002676AA\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS002676AA\HD-GLCheck.exe" 4 2
        10⤵
        Executes dropped EXE
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\7zS002676AA\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS002676AA\HD-GLCheck.exe" 2 2
        10⤵
        Executes dropped EXE
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\7zS002676AA\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS002676AA\HD-GLCheck.exe" 1 1
        10⤵
        Executes dropped EXE
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\7zS002676AA\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS002676AA\HD-GLCheck.exe" 4 1
        10⤵
        Executes dropped EXE
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\7zS002676AA\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS002676AA\HD-GLCheck.exe" 2 1
        10⤵
        Executes dropped EXE
        
        PID:3392
        
        C:\Windows\system32\reg.exe
        
        "reg.exe" EXPORT HKLM\Software\BlueStacks_nxt "C:\Users\Admin\AppData\Local\Temp\uyvjxnub.20h\RegHKLM.txt"
        10⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\7zS002676AA\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS002676AA\7zr.exe" a "C:\Users\Admin\AppData\Local\Temp\Installer.zip" -m0=LZMA:a=1 "C:\Users\Admin\AppData\Local\Temp\uyvjxnub.20h\*"
        10⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:6400

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:8340

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x174
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6284

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:5312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe

Filesize
475KB

MD5
62e4a0fff6c786b95c6ef4808e3e64b8

SHA1
da5be7cf6a5858c8afdffd716c966b561cb17942

SHA256
217a85a670f12953bd4039ab0b89180b46e32b3ebe820877cf587e6bfcef0bbd

SHA512
19e72fbba7ae7aaafbef30658d3e66ccb6200a56dd6ffaeee1d476ddc1d8ea71ea01da2804e98605e819367b53681747f6129d1be332248c49134b909d1ae2ed

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_disabled.svg

Filesize
569B

MD5
e7fdf6a9c8cae1fc1108dc5a803a1905

SHA1
2853f9ff5e63685ebb1449dcf693176b17e4ab60

SHA256
8ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e

SHA512
a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_hover.svg

Filesize
653B

MD5
76166804e6ce35e8a0c92917b8abc071

SHA1
8bd38726a11a9633ac937b9c6f205ce5d36348b0

SHA256
1bca2e912184b8168ee8961de68d1d839f4f9827fde6f48ab100fb61e82eff90

SHA512
93c4f1af7e9f89091a207ab308e05ddd4c92406c039f7465d3b8aca7e0cc7a6c922a22e1eee2f5c88db5e89016ef69294b2a0905d7d6a90fd32835bc11929005

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_normal.svg

Filesize
569B

MD5
3221ac69d7facd8aa90ffa15aea991b0

SHA1
e0571f30f4708ec78addc726a743679ca0f05e45

SHA256
92aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537

SHA512
5e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_pressed.svg

Filesize
653B

MD5
dfddf8d0788988c3e48fcbfb2a76cd20

SHA1
463bb61f0012289e860c32f1885a3a8f57467f2e

SHA256
9585f41eb6202e89f2087266fa31852d7f41ca8cc659b907c96753fe165f937d

SHA512
e708c5114c60f7574589d6a56c9faedda26ee4a40f0eeb25f5e12eadcf790f24fdbf393fa0aa6ad449b5337d625b092d6f8822472fa8a6ce1339aca59c50c3ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e59fc735263bed47b38ed7495b29328c

SHA1
f8123af13a89915ba515cb972a45758d7200e054

SHA256
b2e3ab54b19789c7c1f087fb1bed64d27e2f134aab078d92c13f0bc5d803df91

SHA512
de936d08a7bedff6240935587eec450d738a5895242132e2f79c6b512bedec7ff15d5735b72f720855ca28280ca8b4780fed5d4ec6a8d9c487eac07e6239ccf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5cc6b5ea9a3c70be8848ac8919ba9d5e

SHA1
bdd641e8e514814cca861516b0aff93d61de4ee2

SHA256
a567b49ce22434021db54158baf43f58dd593e4ed6fa2bc3aa140bb053f4e35b

SHA512
1b2d3d123d836d3cc633b890a873faca08c625e92141d7a418f85401a67e275cbc1f94bbdf09fc0f5e30a2e9a1bb5c036112244d88fab77eb3fc193bd7fff931

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad6601a57177e1a5b60e0b9415c8cb13

SHA1
35e61b686ea3ab2b81aa8b1329cb7bc89fc2d4dd

SHA256
7b9e6fd7c84699b1cd7668242ed6cc2072dcafb53095231412a6c850033d17ae

SHA512
8709901ed34dc92b2922ccac2e94ec624beef4f99572df167cd5881d08483139068b01c85f5e75faef15cff75521150751bcdd7f53e8f976349256d7f69c8496

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce2599e9d2c5a19016773361bd8ba43a

SHA1
84304530de3a4961d9a352ede7036c482932e1b0

SHA256
8cfffdc2718209a4dfa6feeca4d7cc61f83d9b3de07991c27746101847638f28

SHA512
d5d3668abb8c6244c8b3e41094c80f00adac9fc5e68bec44dd5300cec8f65079596f13e9b5676e19f5ec7111d80485e127f3a5318f9342428dd007591ca44c6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
62161932714a84788299249dd2fe40aa

SHA1
2327da5b52464a9bd55e2af9aa9ca802b6a36824

SHA256
e92d33eb6425eac1019917c56784b7d09458994af330d9ad6959d0a92c6089d7

SHA512
63f97c56231a283d02be9cf5c214d5687f6a978ed99b6d27bd4a511a5119b26f5924e359ee8108adfe76b370e43717884b84e50bbc7cf421bf9718dbf85ad926

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e62bdb01fa425e499a5ca54191c36a6

SHA1
ffe961488cfe795459ca95bffe9fec38e70fd793

SHA256
b5558c4605cd9339b062dde4cf5be2e95d1bd4d17f74df52fce35bc4e33f7c89

SHA512
3e40eef1b1e5c4e3f5b7ff76a264941b9068b3119f7e38eac2820fd6d079923defbd47097afa78d59a8c5c78b3b7de5cbe6b92f7039ceaa170aa99a9aef1d3a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9547b2a410c3335c65f89e027f2d0ef

SHA1
0adf8019143ca8d126487d15f91ddc4e37f0ddd8

SHA256
628dcf503c905f6c88aa1f254b1baacbf526a2a5c7481b72802ba86cb5b14f7b

SHA512
0820e2be5112e1df8ed2d98b55ba025e42600dd4e46fdcae566df7039d48a81060951d96d094f606203cc91ccb1eddcedc9b4b1e0bf4313fc0ae237ac57559b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa567eaa84fda5cc5e9acf92de01ebf1

SHA1
4a27a2d4ff6cc1de041eb8cad690989916f433d0

SHA256
65e942a10c452264cf66d37f0a2ab1ad51a86b4b8fb6a09c5fca51e0ccd83137

SHA512
7cf73a1373371a08cdba10c10b3aaeb3a14653e87882a1ae9b4806bd97035c6082c0b6da5569a621f8552406fd3df8450041b3c545fcb9b84b3cfd3b6d28cacf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14ba96aa2f7b60c7f0d0cfd6c7f13627

SHA1
fe007f85796be9f0e17c425383fed17bbc27fa74

SHA256
3c32124e5dec191c1cf2223d04d4970650201782235df0f0e86ae09e725b02c6

SHA512
c2db9e9b1c1738df018ef6a5435fed283da86c76f0863675c58947a3e3feb891cea2f4a5a0b027f17fc2c89e9a069bac3b35ea9136aaa5d1a84c248e5773e8e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80bec2758d6376c09ea229a175f67131

SHA1
3a5725ce3212cd227a3ba33885ff88b5668281c1

SHA256
d27c6a28a6cda82da9cb487b17656ec916dfd31f38b88f28524e27ae5b90a8a5

SHA512
2ec4c3d53cfee007e92f448c34937655041d8536f6158d40364127627baf1e10cc9de21c6c662b522456d0e79676dab44797ee357afb40f775793f957a19d64c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de51d3cecd2e00eaa09ffd32ac84045b

SHA1
8c388ffa5e57e5a4298f63c61b5fdaf02ea08bfb

SHA256
07c9e5f20d322180a247edfb86c6391344a190f8d2b96dcb132a5b08862a562b

SHA512
9d8bf2b9af26c342a2140bd9cb24071b5375cfab36f32b7b36d01f3641df82943c740b35ec252cb5dc1f096eddcdcc794b7cfef57d248eff509630da1c4e0111

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e0df62d048e5a11995503a85d056ef10

SHA1
f12f671303bb47a0486715f9f868d4ceff65ef50

SHA256
162a42ed80ebf83709433d5d488b6cedec2461b69dead82207d2f715ffa3c3f5

SHA512
c649743bfafde3c88bfcdf3b8260e815fbc5ffae4803fbda8e67056a75d7696836cd44cbfbcdfb4c3c58aed88c756b0a5e4dbc925dba722a06b284b89ca17682

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a1365dc0bdb0a99967545f1eb4914a2

SHA1
99d6834b3b454cea6b0c9c8e7980745162715263

SHA256
b55a67ecd004f67e3df88f83e043db25a4113af839fbf29e2ee9aab31f3a6fb8

SHA512
6b5e7195a3de682d1876171627f4f6a6a2d3be9fc2b5d829574b509da9943c8f2e93727b0d24295a52b7ace08f7f29698d7736bbac2a1d30f5ed5b7bb722bf6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
482de93aa4bf0e4487dc26d259d1d152

SHA1
49f63bd10b464bec3c711a5c62d6457bdaa4e8a9

SHA256
4796156eb58df4610cdf650860cbda1b8fb56cb993874f2839377f3725031ab5

SHA512
85b82b2237ba6bcdfb879b19bc93ba6ce1b155f2bbb5833c0bbed121fb52a37dc78b425d7275682164fba52dd057dab5f3f1f2b9a28529a465ab777da8ee4be9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68a1995d73e44b620d3021d797cbc981

SHA1
6a98a0fac7a95b9e566f83e77c2b01f2fed0ec7a

SHA256
36439699b8622912954e0a8a04efddac570cfc09c15d00c2b6000b543e7387dd

SHA512
cdc33e8bfdfbb871a976d325caa385729f691aa41eb19f17a9ddbd113cd1d7d47bd2c93c657e0b4c9b6022dd2a39d9a61f4599a21a420e365927b9df22423877

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a90a1827b9c84706c03d6e460da11571

SHA1
20c0abefb5762a7256429dfec99d635ba9160147

SHA256
a9807242e491d517fbe15c465b1e88b3321256147c7737f21c5a92cb2c246848

SHA512
ed0c02ac92713bb597972eb54200c4dea5447bf6b72ab4c2ef225bfac642e6ac29c7068830a76a68fed9866521bcf2b0744cf6eb3904d98a312e2531012fb745

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
011a16c3c50c0cc8819e226ec77862ab

SHA1
ddbd01a36a6df659064ed10af89a5f79a5b25c84

SHA256
eff2933a7f2232adac607b1f43847dc9d4b14a6c0b29dd4665e81d9e6b2d87fb

SHA512
44c5cec99e315604c4278f870f662722bc95c7a7315012a896055ed963379cf1401c3b9eb9fe4e2df44a37c74bf0104259f1f4a5e40e94e98020e47ba2278ba1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50bf58a464fd9584feb778ac952f7b0e

SHA1
f44170c2cb249d9d60446498ba7b388511f51fc6

SHA256
e1fb9c99cc9cbab0a9fc6215ce07ea685653506383c625f203559ed0ec2f64ea

SHA512
f1a00510b8b4fd4c87d5d73d965bd55f6df3b60b856ea7b6a0cabaa5013686f568d06ba0f245e6a148fd3588dd13ef07ce85f1b27ac65a752a9ad7d812e3026c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
754e6cd9a7cce9ee2f2cd69f88236832

SHA1
a3c60d9ed868354722c3d19dc67d73958c826c3f

SHA256
60b7d228ed72d0fb4a9c9893fe14ea4b2d73f3a511843666e4e55e9ff5fc1302

SHA512
ef379a7f40dceeacf1a1dd18af0bcb97ab5ae61d9a0166e13a1c7a09a40a79389128df01ed3a8a06cfacd769bf5f8cf69efc9f64b8bf2987fc705e7f41c5b364

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
210f04b9492cfb777f8b021e1ad352b6

SHA1
0e680e7178b1fa67e167c1cb999a55ccc7d1743b

SHA256
b2a0d44cd7187a1c39581d045b792545b6750750193d47e8110c289fa86cb760

SHA512
eb272d0c940c6a41107dc3814694f2530930ba20ecd108df70366a3054ce69bfe18427090101558834e1dd7339e3743dc557940ebe23d56e1db1aef02c5452f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60594368169ac2dff0c2e653234ad76b

SHA1
9fe0e19b434916bd4b1200240363d1a7250c4069

SHA256
83db98a23a40b0b0e0e475fa5d511db53addc1da535913580d334357edef438e

SHA512
2423fe7fc0709f019e30a0ca56837372c708f063a9ff6a829464ae8373aef0e91a60c45c163c65ad5a409fa69d1a71857f6499eb354759fbe8515a0a51ce1229

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c0467e4321df1c8dfb343a3ecc462b8

SHA1
f6b56bbfcd05b1d13b656bc93cf67b952efb7c40

SHA256
9fb014ced6c2480218f0d56688d237eb79d0e8d159414511e0814878c2368729

SHA512
e5457fb7e9713ceca4443fc48e92c9e2be67eaca251116a453c9f3ea4b6a4f79b0f031d5b67f9c6734934da123790e02e4faebe8f65cf142876cb6ac9a6725bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7285fd51a7a6703fbd84a4899c973053

SHA1
3f23be2f8d05ee1e07fd8be8a866cdb39bd79d80

SHA256
024f49fd2edba62b9b7b6749182b60de76619dac1e2c81c7764c0df083e8ba89

SHA512
9e13e8b17fe3cdf847933bc812c947a0d3d64b5aa5fde48d25c2901bc49d4388ae68290d6a7733200bea3acffc7939f4d647500d6f8fd34e5c7144285220963b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e38af39522b4a0f59c168a6b998ebc86

SHA1
7bb37e906dbd18918e15c7bd154e667018c06ffb

SHA256
e892459f9f87085f7666813113e2adf8057e34bbbfeabab109d77a317736020c

SHA512
d75732d71cce56b858204e45fb84543edee79d97cdd0a00ea86f5f92d3451d6249d4ccc0284980ddf5e4c7982da81d17d6c48cefc34297b0d5b56f410299476a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1967a33c3e45e8dc6e844404ba042f5d

SHA1
97cd10822910d60d6c2dd4ca603d01035fb939ec

SHA256
50d2f1097b3b3a3abb9aa42bcb1dc16917a975b4d72bc635e3f98a4a228b300f

SHA512
f65c7039d654882fe1ddec80f5e0640980f1d796fc8cbfd0c87e09a3fa6f94efd27185349a898f6ab6772cd280723fbc0448addb91bc5860180b97b4fa7cbc2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad43567b745b3d089c50d470e381697e

SHA1
5cb966f8e80f3f6e67e3dcf26fb5182a9b2024cf

SHA256
03efcf51d42cd14910b038f3e56ed9cb314a0ab074d7a99945f35c055d6f02ee

SHA512
88189e6ec7c16241e7fbb913b1af796dd5c07a6b9970fceb3afa3ce7c74e6d0dcd6b7b6258ebd7b7100d29de2df0a8aa1804f14a11239a10a774ac11bd43c92d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b59765a6b3af6214ffe5c812422962c

SHA1
76a96a12b2a6b637e2890b1a5cbb9519500f7416

SHA256
9e430f4cb1563a12a20577d00c87a93dc684d3282aae3775cbcfb9f7c72a480c

SHA512
e1e34bace621941d9647003995dc19a990594442227caad55916c9ed1cb1f98d3adad909931f7242fea2871698b981082c7d0888683b89a493488d15ed255c8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12c7a112fa91800be8be80ec5f35d3e6

SHA1
e0e4baefe646fed5c366770f24a897f4e8f22104

SHA256
1ab3b27501d12af3ad4e47b1b105b1b3bd6a7d5ab1afaa7f3b2290093b247510

SHA512
9b1a515ca4021a6ebdff5d710fb145de25fc703cc606fd193f1c2e2eebb79ad12aa01fbb150804a31a48f4ecc938078a868de5980e38894944ebe7eab1c8718c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a7eef16162114d7c218f82b60b8269c

SHA1
233fec859406f58752e7b0b39400068d25be77a0

SHA256
3ce0bc82de9747fe954721cd36e6c0fcfcc9028a5e0e4171b269454d0b051caa

SHA512
097a2218b70e1719af2bf533a8f7c3c1ed9232efce57730c469d120fdbc3af9d001b3b6768f6753781d599df2277441995cd96778b932008f6cbb41b11562050

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83b7012e4cb49c0c6da484661f3f1ee5

SHA1
edddf058cecdb44f44e3b44c2fd14cfeed572b47

SHA256
f5339fba598a27eefe13ccec00a750a6a2b6c3f6f42c95ee0d340e72af60b90c

SHA512
0e85f1aed0ca60273c9c6868c23ef7371ad2b0b09655e3a7a1a35eb74eeffa6a6a2199005e925206d4d96229c556d8281258efa3eaed5229ca6e0337128b94a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d0f0076399ddc1225a7611ba7d64b92

SHA1
619bb9870cee324840f891f177839e1a27975533

SHA256
2a0dac9bfbd503e6ea783c6caf84238fc1afc2eff5205253c04bbceef5a4444d

SHA512
00c8461c5425987d7d1329c0e6a40c6af3ec549fb9e9510188feb3a6eec5d11486ff4ec427a4359ecc90f51c21bab714b602c3065e5abffad6bb558319164bd1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4181b0ee6e3c833229f35efa5b9a88b5

SHA1
217033897a09b82b9c6aa2b11f43bab02561bebb

SHA256
d96e0f78574f5fd689e84ce6cc8a55ff4bc4b2a87534e536f2d4e230c6624655

SHA512
933295331a11edb68fd3eb89b266a25011ddacc26b6b199139d1f6b61bef88ed60e5fa6787cfb86b4f2afd9e9c98dd20bd6f294316f94c1b0d7e65daecb89ebc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eaee8fdecde7856618660d93616a6df9

SHA1
73822c019e15f969aa3dc6942e732e301190cf6d

SHA256
e164afad216a0b30e4cb7b73784393aec403d31d020a8438b6e693d49993c084

SHA512
f4c7382871d894a3ad9910cee90b7e8c638fe7794421c6a397d7d3a6de5c9474d55c7c1b1a2e81fc99bda96e604f237bad9dcbc2eccd78aa8c3247ce52f8af5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab59d3c12104ef20662f1c82b08ec54c

SHA1
fb5713588703f3300807f0a55c341a08ec872978

SHA256
0bbc633a020631bf4617e23b48825897c7a3a126c39622944a1f76446c8bee6e

SHA512
96e603df796a1abfd3c39215de4b36c6d131905214bd86e11b1a87344738e4502d8a5215f4ce265d03cb09c5ec099175654f541757d82028c87904ea49dc4faa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d461d860a6256fcb6ad875961de94b77

SHA1
ceaaeaebaade5ad0017a60cf929d7e6072e40c97

SHA256
a5f2a5dc3bc94e590e4498bdac74b54743719a3e783fa36c2de206d1e835e4d8

SHA512
6384f1c37585271d3f6fc7d8e998af8c5b09837f1602a45655f679baa42044c6a48e30c9ec8e51cf4ac76b4c757eb2ec5f9dbc2107d55130e719865781858266

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f41a88a68e3441e5f733ac2cc14e7fbf

SHA1
e2af9bc6b09c96fd1010783d59b8376389e12fbc

SHA256
f35d55bb9be21180a56d020f3d4cb6b68c297e4a7c9b40d1754146a14d1dff22

SHA512
8ce48b6fa6f34289342dcc01a617a11469d221acc134564fe10d052eafd8f2f7070248edd63647cf56dbef20233078fc10580d0d1653afe26e36ba1149c35922

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
144ed568651ba307ea7fdc0eb0ed493c

SHA1
fc20befdde9166956040bace483db1d13dd6a9f7

SHA256
441021bcba24c22c9aff692fe47482ccc479f02c1f54ecfe6b0267e476d4e765

SHA512
cfb36ebfea0efd8fc4b74b482ee06e9486d2d070b037fe17f0c031521291cad033d2d89cb3ed996c2aa0a5533d134126b50498ff5cf637054cdac6ec749bc9b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60c5b219a98a7f65bf349336dc0c8e22

SHA1
abb547e7e7221de4f00aa6eded99e66884471c10

SHA256
d7b4d699f719f48a689fa05541418e110ef5ccdeb914070d1be895f9d0c9028a

SHA512
5ea056c50de351c8de0670c8e35c34084751846de475df1319276c792fceb9694f4f06a74f4010a59382aa3e38f94234439b77bf0ddc6d0b4e99c047f4815e54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c03a25fdec57c4360cb7c974fb7d4b8

SHA1
db3c8ee8262f2910a7c7a422c1afe40933995cd2

SHA256
60d1e7b2c423452be67d6e66af063ecde02f334e17041cc81b40aa79b34fd607

SHA512
11c571b11fa54053b363634b28cdfc10be7a97479ed714a3e3c9161f1ecdebce65ea39dd798ad353042a59dfbe098492e7bb7245784b611e5732698d82735b94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34631df2db73fb91d05bc4a9a831b83b

SHA1
5e254fa2ca36cb739f1650d9d2f9293989baf183

SHA256
7c643c6e8addd8a96b196393592fe161c870f35a24331c238d9c8d85beac0665

SHA512
acc86853d7944fb0f007596a5c9b0f5cb6430117dbf2d400383f2834e460d7beec1d055cfbb8b1beb80d2c2046f24a9463f04087fbb81511f0bd50630d5844b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
084ebf0dd5ac3d61632a6c6ec44633da

SHA1
0f9245bb2cbc937d9ea3792cf092e99be937ba23

SHA256
3ca3b544b3e6da62702d3dabf115731714ff97d69f12898cda2ed231da8b8a50

SHA512
29a8145827db2145abefc96b12d0f3f57e0de2d784530516250a2ef50240219fa63714281de2113958c0e269d6aed28fa2f86248526046b7ed30c7c09e129c73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c5ed07aa6838d2126a6960a9c8aaec52

SHA1
35e0a1a504afeedba5737e37bc2ce6f776b21465

SHA256
910c71164c535fa5dcdd27d4afa743ba3328986ef1eaf5f20bb77c86d53d7283

SHA512
b8beb6544383552db60288616ddaa3f7fc5ec4ec87ca37e67bd3cec255ed833a21aa08b355487a53d7c56dc577fad1ad0b2d3f2443249d62fc97b5f7a2e01f99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8acd60b01241f5a1e8bf9f4cb560d8bc

SHA1
c8595ba008833c3ccbf4227542008aaa83673fe4

SHA256
d5357fb9575df48f1f7d0a20b5bc08f4257a786036246722ef930208ff337c8e

SHA512
bae404b4fca2188959134f7076221674a6ec6777a1ca5557c1d89b8c9d22218789dd93adb13a027af2fdcc6f584bc3a8f1147ee23e89d5effe4f34bfa4ba5816

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99bdd07e8d6ec2799be3174ead5df7dd

SHA1
f274e2d21bdaf55c6dc08a19719a64a9312f4061

SHA256
1f05d575d02e363a3602afad41055e751b7eab8352939b61208b502c1e3819d8

SHA512
62863c54182217397042b763a9287b61303975605e2f8ae1ff041f37a3bc9db25f816556d6891afee1149a4457ffa33b3dda722f6bea3943e285ed1a5c6a0a88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dfe4601ab38ae920b340fa1b5a3b3551

SHA1
0d3c6627b92352e99c411bf00e082acd5a846e82

SHA256
b968d9f2420efa4d73f377e4dedeebab776eb3790852d728b9e6c5527f11d82d

SHA512
f6bb33e1ffe622d0adc76479064164056807353130061c0678eb354d301b094d35a047ad073a40e4b22c7ed3b27e3504a9d94f4f6bd5fc10c7ec6db417915164

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86c34de9643e19c76236d9f98b3a4f33

SHA1
e7fbf6ce1b76d04784b32f5ed4adc4b6f78c5bc8

SHA256
8103ef9677664d2996ded405950b767ab5776993e91de9b3dd6c3e10bd5b8999

SHA512
a84b1f29471d0ab130efaa57a27c8cb699ab3e2f399c992730b6d1c782fc8c14baf9db36ec81430f4ad1fc7ddb0e12d208f04c18808362a8dd39ea7142baf838

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e54dd38810ab9cbd811b2bdc5a1637e

SHA1
8452dc4c06291417ec654bc353bc1d80f074a000

SHA256
d3be339b641a3882e8fe39e53e000b2b32f804f1420e0074a35e9acf1dd25f61

SHA512
2e3ca20fb5104713f2ab58b12fa8d8165d06645efe6de031edae1ac01e35ffc5759300a1369868d84340ac8e5ed3f9b66368b591b82721863dbf887530802c2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53d433fce717d215b9d671b4259f1c80

SHA1
7af588afa34a2461e63ad24eca6eebb02c326806

SHA256
24a9e0b025bca34c60b97d19f8641d00a3e57d3ed6933b5f5b12fd351c94e084

SHA512
778bf8435130b446becb3a8339787fb57dc43a967236d111f4315a47a264f6d0a6ed83c550e9ee65c805fdc9c614b88dcf5f76c13171ebef1e28f3d1f93d8172

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f803c8c7d16a2e928a7cf75e943159e1

SHA1
8c8282a060011b38c3e584f4e5b8b9615397bb93

SHA256
096974663f4f5c48a36b70d5dea4443d8dc2bff7f5c8eb753f9f49fc9da986e8

SHA512
e9301e5db6c70a6b6e0cd73b769be6ce723bb5fdda1a67101767ad977311b9e1bdd325c0e860f55a06d58c3f6d8dd649c2700455158e15d7bbb9153fe2837f4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3703d2741deacef2bf0c52dc691ba6f

SHA1
afbaeea2ec5f8ee333b2f6e4d4759d6318b8e026

SHA256
2a3bdadbb6e558ec0514b1528229146561592868c9d58d05c52a858f867397fa

SHA512
31151e1bd201f9147f2589e6cf2ed9f0ecc62c8c3753e0d8ea2e5bf682173607bec8966ed62a0b3729bb7f4f17215e6145cb244cfd002f88e5002bf8d47c849c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff35ad4e6605ddb3bb1f963bcd944bdc

SHA1
0593ac4d50e11ffef44d37e154bfd704fa473c0f

SHA256
f2fbab58eecaf3e17a08743958845c28becf8e9de38980f199fd8e18ff8b4ef2

SHA512
cf87f862d64e7850e03d60fe044d0626d4f9dcaf06ff8d2cd89e228eea54659307b9fe274f405c45359b38c088393fa8bb3baa6ece7d64ca08842c98f68454a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ad89c264b687e57ab37e0dca88482db

SHA1
c5bd13bb703ce4d73178e3db88d4ab80fc097073

SHA256
fe29e5792015abdfd41abef2a0d2b80ab7903c7a57b01552ae532b32e4c619e9

SHA512
9bf2a0ed413c527634ac666b83dd1479a3421df496f2d78077b2b36188743d1f0d32c1c1c2337859f912c4e0d03d06c34d8cea7d82a9fbcb2b0a51a8bf8fb866

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4e2db8d7d8d1c434b114283e5a2bd9c

SHA1
2b7c6637962b8456da8e9febca90100caaa7fda1

SHA256
774ff7b807a025815c8ee5917928ca4d3e28ec87fc08bed693c1d7231a31bab4

SHA512
d1380510331a5087a24419bdf95deaebede8181a6f129eab1c4a74c818a04e0a2c8a2a79da71dd2e9bca52b25a7dbf975400e26777e2c240c5976fa0f50566df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc4c7185c067788d2733d62dc2792e71

SHA1
959e3ca10d31bd17f209aedad7746a25fbe4ef8b

SHA256
7c90510aa3d6a646473899f7b4fd0e0febfe27afee8120e4725d462b802d7a19

SHA512
66c16101810ec0ccf510a451c39138e79774c92d7e769979073dc00838ccddb6e1fce0dcf3811592024e3c6fa69666f4259f0b8f5f7fca181b7867acf31e1d5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9c72108b3ce071d92afcc9ec5730bb3

SHA1
03f837dddd853935719b2e6442c8c8e575b67725

SHA256
a9fda2786854ad40e1c177a8f89924bb13b6ef79cda32107842dcc6a5d35e721

SHA512
a39e8afdf11e5b1ff14f3506106fb24bb8fb3c3be99fe4f797130e33599ce988680baca04da2dd97ce536cb4832dfb0d1d2fd25791d8f6de1954da39e0cb122c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
386625990f72a213de77944e2e4cb76d

SHA1
93386d91100c520a2407911b5220cd72cba6feeb

SHA256
8a69d3a94e7a33c89aca60c1bb97bb618f136953977f6aed0df13e0baaf9e586

SHA512
d9ff41788f1a5a4d24b2dd9b4bcfc1595837f7f584e3ff75e94149d6b01b95f9e1608c8af88b3eabea3f5fdc9b3f0368f24431ef10f9281dbc393feb2acf2553

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52936b4ebba3ab4175bb71f9df32e782

SHA1
2b7b9b9b7e8beea3bb7cdcc184e3ab8c9e1cde20

SHA256
232268b723db559b943be02b24d806594afdc8f38bbae24244e914ff3a8b94d9

SHA512
18c8e20d39243ae98151740c545ff020b365cb3b6026f38bc49e753b1a91af6ec7e8c46991bce3693f6830d00e417d498dd33ce4a5f034ddab43819019c5f509

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4a49f8e46e954382e8d907d87dee047

SHA1
bc12d4855ad8a7399c3ea183bfcf6192ae2adc68

SHA256
671a6dcb8408223a5d886a5ca50dd09258ee7cff6c1ac1130504be1e069a3c94

SHA512
2a5e48f8177386195d05a41a675f7b486cb653f1485b53d25d409ba11d6b1c9e5088bf87016a618dbeca5dc4a367c6dd383471ea4e1a9ca25b2be81d76716ddd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31601f8a6cb9a5b689d71f44607f1df4

SHA1
ad9643b590dadf0fabb0297843de954e661ccefe

SHA256
e0a0bce360197dd791dd0eb423ea783fc6c0a54be232b0dc1e59359fbc2e3184

SHA512
20fb5453336b1d8ed64dbb3650558a80670d44b5288543660b5919aafb14bc86399bcf9499bc624ce1db5683e396aca9908af9a89b4e7b0c50d5b6f491ea80a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ac62418b8c4642e0bd06c48bb5a3ada

SHA1
5b543dfee31eb2f8c41197c6a834d03197df1473

SHA256
98a0ebfaf5b0447398400bf0ada7aeae53d5e3fa8f19c6dbeb4cb1f303f748a7

SHA512
bd4d817fc719ff3181ceb06439236f6d4215011e518379b16a6183597b383245193a618619363f6b51e4d550be6b2083b09acef2a50f2bdf25a9166a8002d3e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f9f053295f517efd907de2c2136313e

SHA1
6df6f10acfced22c7585418403a8f96dadacbd89

SHA256
4e02bcbaa97ab51a087d97f90c61af30916ee6f4cd4c9c8b1f23a4882dd142f6

SHA512
3f8a3c4f82751b5f180f673c8b7bf156650125fae3502c66d54548447aecbd4b9b17fa73dfd0f699ea51a068c257fcdf91658cf2b13af86866c89bb0a10f9cf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1518291626d68d02cd5be82b0ed58716

SHA1
b6c46511209594d30d1102abfe978cfdd6a6f79d

SHA256
b94a563cc4d530f7f4cfb46d4068699bf0c46e15c903397ac36ca831e728b4e4

SHA512
5f309abb5bf068fc128beb4096fb0fd6d1593f7ccb00ec4f46773575e9fa0ddc0e1d4f6f2cd5e0a18b6a70dc0c5201dc6db0dec0807f804eb4e41bb0efcbdc9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c97bd26c46735bf562bae6a3a497b72e

SHA1
f17a16aa02abd5f4f2d01e6bbb31b1f34a10a72f

SHA256
798ca366852f75026e3e3497f8d66ce3feb4390110bec16f3384cefbd1f89424

SHA512
cff905ad7a3e736740ed48fa9b1d31ca9f1926cd2e9883e431f89a7257faf6b8eeda2e1b4bc7ea2412026864b3fd6730fb1549561b434f2c60d294d749e2078a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ff2c3b0e2bf819f4a8fc451ed213588

SHA1
d7645b4a3b9c531819672b9ac2287c786827b0e2

SHA256
6bb5fab9b890841ae9c845faf08750f78d92531d8eabe21d1905f33fa15a4825

SHA512
eeb47bc777107f05b25751d186bf02d679f90573d81eae880cd81dc551fd4f78e2c6db1c2a44f3d700ed3df7601302097d5facd59ac1a98e0628fa1993dc5f4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9a8e360d0d73975fdc5b848adbc0634

SHA1
e9ff9c7111a90b78d8b82a560a1880709390210d

SHA256
18cefb74cd0d3b752eeaed0155daed6eaff28f42f49dc82a791f46d0606b1a3a

SHA512
1d019f061f405a76eb8b6f5e8a90cbb28bc6674e3e1c1e357ea1409d2e57466cb6b7f61c9a29756f0570b54ceabf88021f9bd0a6ba3468df72b631806b2408ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3563f8481c8c8166ecb9a6c70cc16d85

SHA1
0a790ddb09483ddfadc7ec72d8685c33e54e0bdd

SHA256
09b9e0e1a9d4074f54c7a1dd07cc495245c23f32ef9e4d6dbe3f0674bb931afc

SHA512
bc0db34b3e7ec9129659d3d6448a0bbd2caab27cb5f030c8826b758d60238c5a9ad15d16cc66efa6ae3240519b84c94cd5b9a7b9ef2f7ea04d77eded86e64ed2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea83883126198fda4d5a6dc312a3c038

SHA1
77eb021b7b97258b4f08cf1636e1b4548e018b64

SHA256
06cfbdff864fb65143732c2bbdd7bc04b452d83a7625c4ec45d8113198de5e53

SHA512
134816c582643d7896ab9889e3640972ba98186d51cb67f3a0de8267a71d83c24bf369a6fb6abcd67aabf61b60587ead331def500db7c57acbd81b0d7e6c81b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d15d00da2450fcc42fc303051828313

SHA1
a2008be4b6df19d43196b9cab3c4a3d5c33856e4

SHA256
c964e08fba9ddde2420a03ff269ef92dd0dddbe0caa20e70eab2bd6dcd989bb2

SHA512
f6f9e2f5da818db9916662f946ca7dc4da57dfd5991578f964d18a3ab70c4a18bbb6ad4c458ee8cd2d7073396ce6e84eb9ca5199c46f21b5414ed4c1b76bc774

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6c071052791b6e27a9a68c8644e3dec

SHA1
28ba6d36e00951ff7de803612327b8378989a1a1

SHA256
13772cff68097e432d7e85c2f2b9a069235b9b3856eb6eaae255d40839d70778

SHA512
e6a1a4fc8c05cc0bf7bbc35dd82e1bd993404aeb1456d7ca29722384e0d36495919f62627fb9164ea967348e0b0e680fddcaa6f72582db65cb629f560a80af90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c36951e3b6b38f8bcc7668c79bff0ca

SHA1
8f6ab9fafb65d299e14c44f96632faa610a559e6

SHA256
16b90430e9b3916c417a748ffb92e64ccb534f4e679a7d10744d9ecf0da51cf0

SHA512
3910eb65f6d73b186bdb5a33f4890b6aca08f7794f031fc5d6f3ef3a3afd288b62937dc7e4575a889ae975e3347823b4129db0fa710d3302412e009d04fc55ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb0c4af403c64f6fcb80bc7661e22e10

SHA1
37fc0be34f0899c1996f06f1ae7d48e2fc6ddfc7

SHA256
0d5c75c4bf87a9bbd99e59110ff3ee618676a31bb5d00f367bad040201c7aab8

SHA512
f7eadeee585f798bd1a92abaef717240245f7b0917a923962e0d4204e5207700dfad1ddba1c56cf7eae421d6e836c97e39f777ecca80427e771ab477bf35a745

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a35d56b94f9b516fb3b6f477370733b

SHA1
da3a4d7908326e770e2074103882046bf783ac0c

SHA256
532e1073d4b3f2f52f91746a35d435441e320577eaac1883cde9f1724449823a

SHA512
a9b148ae04fde9a5ea3a1f0b2d985d79acf8c1432452076c4231cb321e86c205e5e2ebe948fdc95924e0679803673a786fac20170fa02793a100663df474ea34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45a72ff1895fc123049dd0b4dd63e765

SHA1
f343e6319f547554fef3077d4d58d3dd6aaf7a44

SHA256
60bad7b44c3c732f75cb56d88800ae405cb3107e238628ea3b6a2538f41bdde9

SHA512
0e935f7013e43ef41cb1f3cfd844ea89e00749adbdfeab6ef701266032892e35f9fe136b130afced9ab486dbd41c212bb4383647904a49a41a809b584aca4458

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bce195b97f054080c7e789c9f0ffaf3c

SHA1
d718de675281422b2193ce706dfeca056ada90e3

SHA256
86d00c15ceafc4d65f3ddab24eb065dae16b5bbec4bc2bfb50c563506da27aaf

SHA512
2df3cf58f1fee60696aa6bf9a62b12ce2b01326ad0a7a39ceccf4215d580ea7920298b4d11a7ac52c1d0b98439b93c74b33519dbeb6755916e69e9432667ff41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5081aadf690162f9423d6bd15353b3c1

SHA1
1387bc33135a0f21787990d4f9c203728cd2127c

SHA256
4f349ce651af4151090f17425e3fc8b3315b45a4f868348b8dc34be62d42cb5a

SHA512
218f7041a71e1d5ca3052ec21a52e0e800f0dee9650a060d4a619aa8dd8850bb2593b2d9295d3819717fb50a5851696ca16a82fd200ccdc11ce34113f495499b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
103729c26af0251796c8b72509555041

SHA1
8a4958b47d995c6ff3e04a4dfef1cc4778911c25

SHA256
4e04230d2921d0af54d8c021526b7db0293711c436425d4dc1e2f0dc64d18ddd

SHA512
9fe0fa6697e819d22a3a1e6dc662906bf5bd5db1e9fc01ea3b988c14c39a0a6045f0494080fcc70e8b169ca1c8ed52f887439d8be281563ca531e6ed793c9049

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77fc04bbfddbf123afe28e790146b0d3

SHA1
5e7fbb7f4d2043b09615ba6715238afd6d71c636

SHA256
0863040f623a518b0ae5e9c7ff889f219f7589599341cf3c10b2cece36fc78b6

SHA512
f2633f3f180e213aac3a20263a135fb3242fe26bc4aa0dfba303f67d21b0356b285e10240b708c616bec95f296a6aae07c1e7d6b42e07ea13fc3ac3aa40dc48a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6aebdbab22c3803bf92996e86d8d828

SHA1
835628407f989d4b179b3d5b618af0c423dc3ea4

SHA256
43a53a9bd42250023a7190973b09a53225d78daf050d1725fb6b6c3e2e623ea5

SHA512
9752287417f0b59d3da8edcb45e55e4fb89185b01c01859f43577b7078baaf046c545b675bacdf03304882a5209f4ee878e2d9ae3439b4871e91a3326b02bb22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
addff85a483845be838c9486cc8829c2

SHA1
e085b3f56bafdd47411c11a14756044d373e5757

SHA256
5f19a4f5e7b06159961aaad36e7cdd3619ab9aeba037bdb9a23d60b878cb4a5b

SHA512
8beb562d7fd6c5abd82d96c3313885b6a40d09442a960a8c97ffdebcfbd168e0ad9238b9da38d912e03f252aea3b6c36423ad111523427e049d46896ec2ec8d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a9959a6ed0c2f16cc3a473318c795d0

SHA1
87240f66a576703f57141f244fe19d3347194553

SHA256
3d7169db6d677e23df6b5859210aa5a53051234e704c164d510aa1f5667a2e90

SHA512
e886e65c1ceacafc60d709f1728c9673039c8c1425b002d675bfdfa7c406593557b976911ac0d797a68a5d02b34a485e6358dfef63d24636f420c8089d6bb506

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe2cf4c2740459329836a0a79bd610f0

SHA1
713e43386274b4a152d0a5a49eb35cbbbec5860b

SHA256
9daf553e085db2072e5992e269dace84bab09a79bc7f95a761303d508fc902bd

SHA512
fe635ae1444136ff59926acf8d08634b95898ed324127a2a4e9f020351e8d7b36200264b788d4a1a4a7d40bf07db53cf39859bbf81273b9323b782f8c9d781d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40892610634eb1fe39a548829b2882f0

SHA1
8f5329b0f36709acc634e99d10c37e96c6a0e5f7

SHA256
18cab43c64480d85c9700a3f1e9593d34e2ad659e40cae2455822b12749d37ba

SHA512
712c27be02c96b659d75b02262787ffc0eede166255282dbe472fefa3aa5d85449afabd2205b11c1a9a14196f9aff10b3cbd311ea1ccf0f407c8b1eb65883ea7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
737b070b822245d7b097f25b492be0bd

SHA1
824129ee84ccbd4fcd0bcd6f9e24a32f27191820

SHA256
2e2bc3c683e32c00de59c0c24d26b1138c7b6a51e726653f2cb9433fcec98371

SHA512
b8004e39669dfa0e3fd9d9ca0cb8d1f90f0b6e45ed936e5cdb2fa100a61f72a2d7b969895b9e35b3683ca42ed6c59f7b80a306a8b883a58c83e3dea6152f0ee8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3076024c3fe08fd5eb0678c797e164a4

SHA1
5d49e8185d8c438e03ff3f1d4914de332bc3cc4d

SHA256
d4e1bf68151cbfd9b54ce887a274a9b4950c85bd4d12971683c3f90b581a8b03

SHA512
6dd72ffb9f04bd48e6c7e39ad1765e90c327790ebd967ee62451e613ba697586a4588500594e02c4042b74f6cf6b9101188fcb80234028061e93268a03269936

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d83290945c3dc2aa032f5c3a3e695673

SHA1
3b6bf4b8c969c0d1e5a0365597bcb1bb052668c3

SHA256
66d6fae26cd25ee3ba279663692d5c2b6be08a402758605757bf045d0226b196

SHA512
367a5640bbb841cc771fd0ec34afd3476f2173977a93ffec389e4b5d0a9d8ddc015313eff37b0429101c9c15b45e126b1dbd48d2beadc56d5f33b95e7c09869d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d247e79f84f391f9055e8d19b864df6e

SHA1
2aec5f664e0a2f4520cc5a268693c8a838da8c72

SHA256
19470a222ebc6a6855d5ace07c125145e01af6c4fcf0ad8a6ae6e3f54ee8e5b1

SHA512
7eff9fbb6255c67dcac8cba894a87d59874b94cbeb858d1490da4b6550c88d781c7aeee92e4384b7e4b89785e242d32fd9d4028a9ee1a78b86c1905399927e42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d2d39501f47f152dc1438634f23484f

SHA1
e2c15c5a23450b2279749b19c1fc7387f1c26919

SHA256
58a248fa7e4c120307e5b28d4dd008688ed2f433c07889bea919e5dc337e1f64

SHA512
b6b24c98c17f921c658b5fc6e1bb53e714fe5137c823b9fb1e4fb4eb10e502b3bc3b9c88d287708e668fc574fbedf4590ca4e18c96a89efcafab50e658d9ace0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87a4d6589af4bcd89fa72b57f111b40f

SHA1
49d45d2f1296318dd4bf71271c4debe773550b15

SHA256
528609e2e52bc8e6b629ad180f92c707a53cdd3b8a0b47635d418f1e9e87d278

SHA512
8f08055a227671c2a7fde70ef2fcb49930234f05a2dc9b12bdca8ef0b1b36bd18df82fbb1a635dc41ce6da393342d9563fb9d3ce539205d539c7436026c034f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e5bf68fe43bd0f565f3557d24064f84

SHA1
8159c9b677ec6cf1e59fdabd81ad1d6cb39cd937

SHA256
227ed8eb17d59c6bd3e9b97fc771e3212ee045e489d4ae3fa1df0aaeb69d13ad

SHA512
8895733008f09f94b37a361a7bfb8a6796c446fd986e237863b677a5414d87d072965114928b9b429791ac87f743b2ab92204c282182e1cd33567009db95cb70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3e060295665e3b7624f163670c2d33b

SHA1
a766ab711f3db644537583bfc3587356786d9604

SHA256
0021da77e996dbd8482a9b626023907bbd27309b8793b1ef3cfffc7b171cb74f

SHA512
a69daf771d1d03258c0982d2e4b54d88400cd8380f04d1c877d606f688fb62d8fa9bb947f50f308f2d4b4a101e1837c07d5c34df5ff855ed09704941b3d9fcba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
135d75e72473601a6e307270dd3db79d

SHA1
0c0b24960710fe227c072dc34848a12cb539ffac

SHA256
f5baa6a80d64df7da7fc91234d4031f0457e4821fe4f3ae5805002e41759e8b1

SHA512
9981cef47857420540013e63729a2e5ac32de4a62f3f8c19138f1404da08b303a236112ae5366a5d4b06f01deee962f9c960a7bc8c3893fbea1179f87d83b8a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a55fc579fc2b1cb6fd4d4e3e98be1c74

SHA1
8e6d5e6cb278eea76529b4cf3ede8d1cc66128c8

SHA256
bf32014e42c2c96c803658b8772414cf4835e8cc9a7e4efee2e8cfaee1ce1d12

SHA512
0c1e8d267dbf260b8f2e9b163afe01909caf79a7cf6918ab7c9aa173de9b488e83544a5198fbeb14982b7abd5aec3d6e72cba784a150232a553043184116015b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cee71f66582a6307ef5f60bc52c47534

SHA1
832ed509e65601a3af23078b4c5138156ce468c7

SHA256
2ee4ae57a97ed48304b4721c75bc4ba128553c586308a41e3689525385f12aec

SHA512
0af72cdea4e64c87bfb8136bec392c3082dca69b7279d4a4553faadfa8e56157c25e8c7c4819281b16ad4ffa4ba097d110ec45ecac8a4bffd6f48628fd2c48ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe098a323c19d3a6729df56aa5143705

SHA1
87126b99d690cd7eb3d72db3e9e956428319c7dc

SHA256
93f12ab461ee24aa0b84792363b2b68f8c65b6d44cd1936981d4a3d2b17a63d5

SHA512
e6cff76908b51534af41a3f151fc4d586f475453539f1ad26a640869fc05c51ac64af698fa10a72b5b4ad5367ce5c748da338394bcf7bd31e54e02202e03e70f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6323c2585cafbddae286d4ce8a8a8ced

SHA1
32e75736ecea0d86142a1ae3bd528eb97061c299

SHA256
590da6f4149b3e97f8f2646c63fdd5b8cba2db9f8206c7368fc42c9a248e4568

SHA512
1e083861d7fa5f2ca18af82498a9274143974c5b8265cde9b899b1389c515d1c6bb1e6aa2a94953f4b958557a8e6845dc216941c1080688cb2d9e656b764836f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7998dec7904c7f817a1b87ac25bff59f

SHA1
cdf866897e0f6a2a592d1c58f9bded86a7ef9a65

SHA256
a00da8811666897dd3ef98b3bdd813c700536e2b8460b39eff5d67fd38c8021a

SHA512
f66a985b81fc71ad45fac7be834ab92f5ef532539e41790a507e9530f4dbdd3d89b41ecf08cb62f8bf9d4b066f46aa428e50bb7876189cf7f7939fb1a6d4f564

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d93425f35c846ca5671d15e3264b5364

SHA1
577e928dec5139cfd6c283af98673f2588d259fe

SHA256
93f207dec495c2e3f66cfd2f4b388fcb873c8f37144e04c4354d37037d68e817

SHA512
e3d255b330e7c1ad6765bedb6168564f868bb9e888dae4a137928b25c1d234569bc87f01795fc66153ff528177084542e582159ae7d545209b7bb5fabf1ad3b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa7de9607727fdfa06f15548be746243

SHA1
b8f2382da9b705b08a917bdd59dfa3c251e5e2b5

SHA256
e8f161567e832137fc69f48cb04655444b6429bb454c7e3021c17d793d459dda

SHA512
022e53ed0631e1c02b2e649402bf1f642e4bd91227bcdfbeba2a088b910a37b903a5e899b575671d3c6e564586ca0b4155ecdb2dc2850897bda00e36b56aed25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca8d82bf20bc9fa4c9f842b7fdd15492

SHA1
dbe2b8c51d5b7f7fb4037646d91f6a54cc63ac71

SHA256
6427a701ca2ab7e66aa4c58e1feca7b4a8caeabf524d23c2ad458939e693aab0

SHA512
6e9771b34a9e6bdd04cbd7f729246ec7fb340bb5c2a92ef08f2de231afe662c4f5b39543eb66379e212a000cc82e5a4ec3e263b29c982a45696dc782ae8ac306

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4658a9a6027a58d24d3544c09e20c861

SHA1
d30fb6f6f97394f4bc8b65d57598636ba2b31ba3

SHA256
f1a0bd31c75ef56c07a4ce8ec6fa55b8bf3d3b1fb78018840a19bb7a637ec98b

SHA512
7ec86d75135384df87545326a1ab84ee15590bc437edb35f21de912deb1f907133c4f2bd505498fabe3257695fdcfcc49b30221d7ad7d242f4eb8a80a4916f29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19dc8fddee8b296d12faa81717bfc717

SHA1
01da465a26fa6cece139d84fc703d94567680241

SHA256
2684d8801567ca6fda0ad7991b01563ee4b4c6f1c8c56a7f04c39228f7f33d21

SHA512
fc92b5cbb62eded9debeaa102d24ea550ff78848f76daa383342d14e4f2b01cd66cc7439702f3a49f99b186366fcbd6fab15e3f145de30a793c9cfc7ce6c0880

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d303039c4818212f9c04d91bfde16d8c

SHA1
06846347ad18268b0dc87f6033879775115fd619

SHA256
1ab3959b362599ba07484966616ace757bf459f5eb47f2499ce97b5bd8dd2b46

SHA512
5dc4c07225ae8458b105ac2e70b5aa35bc43d4c6d334dce63ba31407a70dbd9813badcc909354279839d367bd0aa43aa692cce8b970a9b6a901bae1c093fd07d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fb6be0b11c9e0e227134bedd35e8ecc

SHA1
60b38d4491c186b2c31cc989a6fde23f8ba6ea49

SHA256
8a9373f5de292cec0d9ab192544234b1a8d5753710a997e235ea650463b17b4e

SHA512
0566ff6a50a8a8dc1c54d6101cd33da18ef273cc80206448e34803ef659d98a6afc600230522e063c2349d27cb3c1a6a115f16d105f77b234e1d5195071e7219

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af7766b45a95ffdb60f9d904b7a82ec4

SHA1
4842d89320c285cf535827167cc646a0cab46c56

SHA256
7c258ec8ebf93593c64cbbc6934644bbc6c9399f76e7c58e1acacabbe744455e

SHA512
d2351e53bc8c675970db4b6ff6fc6aa52fc0815a0cf49e28689dd377a2fd74aeeaa67b3a89a3267d8a95957da74aac7727a366d64f6c9ddbe019d0eac89876d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
964c0cb92b0d4225089677aa0ea2dac0

SHA1
fb6b1911ddc935171fedd2800dd9906f47642b9e

SHA256
136a868c6a306bc2e41c8a21bd0be0c7c743e8fbcb8aa8a3c4f43f710bc0f655

SHA512
1a1b2e658dfcb37fc7b38e48730be061ae8fc70f9c5a041907da4cee38541453e0d1ae1b68bc9fed7015e14c3b55a8ab45f5207fba7dedb27c65e5cbf3d9138d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24d4ec924d64160b380b304f89e0268b

SHA1
b9f0d66ab5d5e5f897bef50a2d461544cdbf9b7f

SHA256
9a38904c7489105beafe4cca7135cfd3793535286f0d99019efabe67b1ce4f59

SHA512
385decff4f8d33a58a5a6038c46ecb4894d25e28b8543d613be402fcfeef6118d0d0b2de085941179c8c96fd3e1a43b04e3c5b5e52125d20bb914bb7370ceae5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de33a99b412542b783d57804f8416618

SHA1
2534afe6ecfcf6470b4b527a52715b4acd6258a5

SHA256
c436ca7004ec3bd733ac30115c00295f1f01f566d398132fd42519f09e9addbb

SHA512
13985f0380579918865bf38b84c351661675ddbde4dca89add716df4f9f60160db789d9f8f305575caa967c93409de94079d2d6811c67ea22838bb041d6592a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55c2e8ea45720d975b7a8c51215f974f

SHA1
aca816177d560a77bf38c2aa62bcbbdbb49ba9c7

SHA256
1efe2c33230024646ac455a71e170e8b694641256dc676b82c5a24625f05a4d1

SHA512
b8ebc42044d45b904313939a978e9d0552d79410ecb198fb82713174666cd9adea99c775f4a28ef16ba028795216ce1f2b214aef22540006bc84e7338d3e230d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
4e518e1fe1704ddc74e7d4184c3de3b2

SHA1
4d9556f2ddac1bc9b1a1ceeee737aca662e5b9c4

SHA256
29292ec76a3b21f5b902c9d0e0a71a9d352bd1261333e98526e368601144f191

SHA512
3e9b7668abb564009c18fc69a3abf1e504185032448e4c8a4d3f0b327ae4b0e84523733dfcec21616317ca770f51df2ac38a839cc57469331b7605cf7405396a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
86a249f1306689eaba6854e089c33880

SHA1
cc6767a86d384951eae6040c2be117141a274cba

SHA256
23eace735f11219c1710b17508508d1d76cca064a0c15037f59a3670c54a19ba

SHA512
c797f6b594985f91ed32eac94e1a1bc15fdbf56f9323e7e173df3659f0c464f150b53660888121b2bc6439796dd23c7bfa75bcf2226b7632ae3c93a5cfc8b3f9

Download Submit
C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksMicroInstaller5.14.22.1003_native_7b20fa6be26ac7e708b4fca6c1556a5b.exe

Filesize
900KB

MD5
4611f5bcd1dce6d2d0e0bfafdbc70c84

SHA1
5f22f6540e4ce5f2c6e5b9bb1d2f1af8f5779128

SHA256
71c0651f04787a0b9d1c997b5026cc388f798e608c6049d44daea58669a3eba2

SHA512
a62165ae66a6e21da73da7a31285a1f901495c192be729ec249b278cd6b3093107f4ea315ea82d572d72755e30b77b8ce87a515e14a57fc22a4c86466bddffd3

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks\BlueStacksMicroInstaller_5.21.218.1001.log

Filesize
5KB

MD5
fc47a1580ce7ca4bb051e23d738c991c

SHA1
42919ffc3600f29c53777c6974f7b864fdf217a6

SHA256
4f5f78e10e717d262aecacac8faba24daab1b5915875461a0d8bc3374b4591c4

SHA512
fefc5057a75a2f0cf4f6b10df13c7a5dc74c1ca995587a0e05b0eda1f71209ffdbe17d35bdcd685dd4aba9981459346aa6575525a321851158625c67c1ceaee4

Download Submit
C:\Users\Admin\AppData\Local\Bluestacks\Logs.log

Filesize
785B

MD5
3d28d16b0f83158d569b4a871cbf1fa2

SHA1
fb564c63635ca35deef13972f7480f2e49fb42f1

SHA256
4c5ba45feea44161c095f9e760ff3e0444da3d3717588bfb31b1ed300404a743

SHA512
4998aa5de9548f8f3885bd158139439b2da83cd4b25b3ad507839218356a5631f43ad7ecef7066b5cc91a7d2103cc1eb52154ab92e69fb5788e6827b598aed90

Download Submit
C:\Users\Admin\AppData\Local\Bluestacks\Logs.log

Filesize
1KB

MD5
f10f1ce2a7b8867b216d79a34401bd50

SHA1
4e7f36a6b3cb6c5d264593997855f77e0b210b6a

SHA256
cb4db8b975f7fdfd0bb9ca92564ceb67d85a924186fb8760b037b9ca22fbde71

SHA512
328fbde99b4903a062e6346a94ea7c6ac48649ed2d3b55954d87229c6844bd0f7cf481b61636ea50a3bc1fbaf892b5baaff600ca9b409f11fb37a2baaa32fda6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jmgc6we\imagestore.dat

Filesize
19KB

MD5
5ed4098cb381bf96b7f19442793c3925

SHA1
07fc7f6d5b880d93ef6a4b15073e1e8317e3af0d

SHA256
006a27d0c377d05fd8e881a6633076451ab01f82a0abcf2055d53443ed3a11f2

SHA512
5480cc93e4eee44e380d226b987d2c16d3f566bc9a2add82500ccbb005dfb9131a961f2ca440180fdcf3d4e2b8b3f448e2372ffc97ff1ccf739b0b85e8188378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8I3CVQY\fb66abb1efeba1f10de790e34a3c0dba42d11dc6[1].png

Filesize
19KB

MD5
5e2fd00ef2d461eec5def4d6f9c6a885

SHA1
fb66abb1efeba1f10de790e34a3c0dba42d11dc6

SHA256
4a61982200d88980e7e6ec657e96bc0a29c77becf512d519be31f27a7e92f7a1

SHA512
c06c0e029c6a359121f4a655bf449e134015c856425c5ff096dcab3a86a5515e4a10aedcdb898ec6537008978842427856b83ada47a225c196dbd4662f6e1b61

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x07tfuqf.default-release\activity-stream.discovery_stream.json.tmp

Filesize
27KB

MD5
14d758b7df947d3a60a0a727dc7c5332

SHA1
080a2ea247df49e7074e00392a68a8a20fcf215d

SHA256
6281c09b09cac075bc8dafa320d777986c8bb8cef145d3440e4c9a68c7785c0e

SHA512
57b502029b3aec08782c13e4af3a68f026a105cabef6c047b8e8747c5560201d53c40605168e25a786376e08c9f3a0c96649820a025ec37f60f75a8c27fa3c0c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x07tfuqf.default-release\activity-stream.discovery_stream.json.tmp

Filesize
26KB

MD5
6094b21b182584438f182c9077f9abe0

SHA1
5e973579e3928edeebdeac1bd88a9b0b179a8fe0

SHA256
2f3c5b22c6af9363e2b213a49031521a6ca202cb86deb67e765d8600bf662fbd

SHA512
cb43b824fb59f8b8010cf539fc1be948c298a4f01a528f64d1b10527b233c8c7eb295de309a3321f0151c95106798e07f76ca39948a1651aeafd946565ab6fb7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x07tfuqf.default-release\cache2\doomed\19268

Filesize
7KB

MD5
b1422f56693052fc126de6bd49bdd7f2

SHA1
f1e38e1889aed7dea1f77159fe859df4fc58d6ec

SHA256
cd74127f5402cbe013a292dba8932b2b5df7fbf940186ddf4a13db12a309c2ac

SHA512
1590534dd2bea38db5b5109001a0d763fac426d0dab8903030c9cc8e0ab2207815b941593cba760e9be09ba86ccec1e1f1a2fc9d6466f57b29cf2e42a3c9f3c4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x07tfuqf.default-release\cache2\doomed\26406

Filesize
7KB

MD5
70b5700f9624374948269cdbaab951af

SHA1
70a9f8d442f0daaf6618a6d90cac2c7e63f77768

SHA256
4928e3648a88840599e5d0749e34056915e8a676ea53643618e0576b6f8fdbf4

SHA512
609169764871ccca4b2a913ed5698309383a223d15ba3e47e5c56a39c87d050aa0fadd1641d106e1cbc6a4c2952296bf0e8fb1fafe78b4a8b82c419e6c33817d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS002676AA\Bootstrapper.exe

Filesize
153KB

MD5
84374e0d11c463624448d139f6c17dac

SHA1
2db5057242c766bf53748a9d23b9e0b18e699d1e

SHA256
218cf6acbc7a1a4b9fef00b8dc9660f2452099fbd0a6a459d364e61017cbae59

SHA512
4b258f34250d2374a941a4902ee4b2d9454a8cd9f1b27772a7729f2f72607b4fca28e932d0aa2d36cad527f5b1166e6e32ea087da9df4506ea05c64148fa8d7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS896F5417\Assets\change_hover.png

Filesize
310B

MD5
57092634754fc26e5515e3ed5ca7d461

SHA1
3ae4d01db9d6bba535f5292298502193dfc02710

SHA256
8e5847487da148ebb3ea029cc92165afd215cdc08f7122271e13eb37f94e6dc1

SHA512
553baf9967847292c8e9249dc3b1d55069f51c79f4d1d3832a0036e79691f433a3ce8296a68c774b5797caf7000037637ce61b8365885d2a4eed3ff0730e5e2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS896F5417\Assets\error_icon_72.png

Filesize
1KB

MD5
4aaf83d2b3fd56ad806708e60474df39

SHA1
144777a265879b69fadea3eb3ac6939458918578

SHA256
84e59d14d9433e6c3d92daeb8c443063b5e3be6c0b297f0403dbde473a05cb3f

SHA512
3b8485f054fe6ed2374bc81cb1786f09741219fbfcb22503707b11cf5db1ab262ba4349633597d5d9ddabc3415b170fa8eebc932f58d211d7092b8fb96fa1304

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS896F5417\Assets\exit_close.png

Filesize
670B

MD5
26eb04b9e0105a7b121ea9c6601bbf2a

SHA1
efc08370d90c8173df8d8c4b122d2bb64c07ccd8

SHA256
7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

SHA512
9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS896F5417\Assets\link.png

Filesize
306B

MD5
ae2c73ee43d722c327c7fb6fdbee905c

SHA1
96f238bf53ac80f5b7a9ad6ef2531e8e3f274628

SHA256
28c0abc6bfe7a155815104883a37a53dd783d142300471064c95eddf3cae0eaf

SHA512
5a1e341f727cf1cb4832cced8e96c5a74971451629603c48bfb91ceb4561d0122ab9ae701f8b34681d5f13115a384467d430ccb8282494b40f4577ebc3ad825b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS896F5417\Assets\loader.png

Filesize
279B

MD5
03903fd42ed2ee3cb014f0f3b410bcb4

SHA1
762a95240607fe8a304867a46bc2d677f494f5c2

SHA256
076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1

SHA512
8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS896F5417\Assets\minimize_progress.png

Filesize
212B

MD5
1504b80f2a6f2d3fefc305da54a2a6c2

SHA1
432a9d89ebc2f693836d3c2f0743ea5d2077848d

SHA256
2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

SHA512
675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS896F5417\BlueStacksInstaller.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS896F5417\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS896F5417\JSON.dll

Filesize
411KB

MD5
f5fd966e29f5c359f78cb61a571d1be4

SHA1
a55e7ed593b4bc7a77586da0f1223cfd9d51a233

SHA256
d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

SHA512
d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS896F5417\Locales\i18n.en-US.txt

Filesize
19KB

MD5
0a041eb21be673b37a9a43f751d83400

SHA1
cf98837aeb730d05ec55252277d2ed41ef58f0ba

SHA256
708132b01a012c3a43a5a7e5550318f6fe72a98139bba7e4f5fb352b9e46db29

SHA512
476051e9cc528c8b72a1ff0aec6f9e05cce4e7069ff4af7e75558664f02a7018304a4d840e694ee811d08895b628da072b1c72b8f605e4212b75a84db66b8b14

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS896F5417\ThemeFile

Filesize
80KB

MD5
c3e6bab4f92ee40b9453821136878993

SHA1
94493a6b3dfb3135e5775b7d3be227659856fbc4

SHA256
de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6

SHA512
a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\backicon.png

Filesize
15KB

MD5
7ff5dc8270b5fa7ef6c4a1420bd67a7f

SHA1
b224300372feaa97d882ca2552b227c0f2ef4e3e

SHA256
fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1

SHA512
f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\checked_gray.png

Filesize
538B

MD5
ce144d2aab3bf213af693d4e18f87a59

SHA1
df59dc3dbba88bdc5ffc25f2e5e7b73ac3de5afa

SHA256
d8e502fab00b0c6f06ba6abede6922ab3b423fe6f2d2f56941dabc887b229ad3

SHA512
0f930edd485a0d49ef157f6cc8856609c087c91b77845adeb5cc8c8a80ebc7ec5416df351ffa1af780caad884dbb49dcc778b0b30de6fb7c85ffef22d7220ebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\checked_gray_hover.png

Filesize
412B

MD5
ea22933e94c7ab813b639627f2b38286

SHA1
c5358c5cb7fb1a0744c775f8148c2376928fb509

SHA256
d7c79677d2ef897fa0ad1efc90e916c46da29f571208f78f24505603b7165c20

SHA512
ba447a1aedec49419e2b4a8de85c6047886f1a5ebb94f1c45e205a3780c6826f412a3892e97115b35e43839f43e346f3c72ffbf0c57d57f6d26b360ae61b3964

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\close_red.png

Filesize
15KB

MD5
93216b2f9d66d423b3e1311c0573332d

SHA1
5efaebec5f20f91f164f80d1e36f98c9ddaff805

SHA256
d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb

SHA512
922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\close_red_click.png

Filesize
15KB

MD5
6db7460b73a6641c7621d0a6203a0a90

SHA1
d39b488b96f3e5b5fe93ee3eecb6d28bb5b03cf3

SHA256
d5a7e6fc5e92e0b29a4f65625030447f3379b4e3ac4bed051a0646a7932ce0cd

SHA512
a0e6911853f51d73605e8f1a61442391fad25ff7b50a3f84d140d510fd98e262c971f130fb8a237a63704b8162c24b8440a5f235f51a5c343389f64e67c1c852

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\close_red_hover.png

Filesize
15KB

MD5
5ceab43aa527bc146f9453a1586ddf03

SHA1
88ffb3cadccb54d4be3aabf31cf4d64210b5f553

SHA256
7c625ae4668cc03e37e4ffc478b87eace06b49b77e71e3209f431c23d98acdd0

SHA512
8a5c81c048fb7d02b246ed23a098ae5f95cdf6f4ca58fd3d30e4fe3001c933444310ca6391096cfaeed86b13f568236f84df4ea9a3d205c0677e31025616f19e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\custom.png

Filesize
17KB

MD5
03b17f0b1c067826b0fcc6746cced2cb

SHA1
e07e4434e10df4d6c81b55fceb6eca2281362477

SHA256
fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b

SHA512
67c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\custom_click.png

Filesize
15KB

MD5
ced07c9db242115400e159d9a02bb7b7

SHA1
6f2bebd1714dd7522479b5f3e3f2b3f0d18e8c77

SHA256
1318e0f34a551edae1e82818fdf7de5ac627493db5b24556d919f525052d5b90

SHA512
d52e63792a5b4172d4ac4e2d369b22b170578616d04de5a40be15b260a2741bf8158b3aed9509760c334283360dd13a4fa21538fc4547ba464be5dd700a22b70

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\custom_hover.png

Filesize
15KB

MD5
f3e05f142e742e25a98d4f5af3ae0623

SHA1
88363e81ddef700803f4859d2f3f0b4af516bbf3

SHA256
d588ef0eaa334ed8482f32e5839a7ee0d0b544d5b8d5f7720b8c57010e080424

SHA512
5f07a7163c9834564dc4de5a1a484ac8208151bc244f8e72d64556abf88c35f6a81dd6718a3e6f681265c10e2dbbadb07570fa64c31113342a88fd605019496a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\error_icon.png

Filesize
1KB

MD5
dab2c4538a83422b5deae0e0de9b7a30

SHA1
78c2ab2271aa4020df1e0289bc3c1ba9a43fd424

SHA256
666ad4fe456216ddc06618967846ed31f81d8db5be97da6531842c0667352b89

SHA512
24cb30a68ce117ba16edd1e94c7d066343eb265c874cd55467db2f913c01b9d776b2ad846e3414cd820c0ba10d93f132aea27739d16165b6e9dd5fbc8890bfdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\exit_close_hover.png

Filesize
575B

MD5
92c2bf222d6ab81fe7a0c072bf31c107

SHA1
8853eb08a2aa3e99fae6dabb9cff6461704f2a2e

SHA256
bcc053a9a087e077d58114106d29701a34f7851f4052f3157102811355d3e709

SHA512
6548d0038f4bda1db69de0729cc9648725d744953649a396b9147afb16abf018a5aef7ff7d3bb019031863f20c81bc202d6e37d171027ab9fde3b37402e179c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\installer_bg.jpg

Filesize
78KB

MD5
3478e24ba1dd52c80a0ff0d43828b6b5

SHA1
b5b13bbf3fb645efb81d3562296599e76a2abac0

SHA256
4c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904

SHA512
5c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\installer_logo.png

Filesize
14KB

MD5
e33432b5d6dafb8b58f161cf38b8f177

SHA1
d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a

SHA256
9f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183

SHA512
520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\installer_minimize.png

Filesize
113B

MD5
38b539a1e4229738e5c196eedb4eb225

SHA1
f027b08dce77c47aaed75a28a2fce218ff8c936c

SHA256
a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2

SHA512
2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\installer_minimize_click.png

Filesize
112B

MD5
08fc39a69fa17e0f529915919cea1633

SHA1
2966a3f739698e2ce368585fb7f6ac4eae4497b1

SHA256
2599d6a55a8e12b1f05a6e8982d55559151a25ae3690e6637510b6283622dd95

SHA512
f5eae902f9b631410b03b6d4f9be1b4cf6547a94f1a2eee6bf70b0f3036499c01a42c9d58cf98ffbe10edbe79577a01e64faf0e527a70bc9470a1c3d9263b805

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\installer_minimize_hover.png

Filesize
112B

MD5
18fb6465b029206477d0222e8da6fdf9

SHA1
b7f91e5e3002a5d3c84a30ca6cebe1a89a65ba7b

SHA256
57aae4bf49dcbb0ad6cff6263200015c89d7752dc75c2ad918bf846e1ce9646d

SHA512
f045dfed35ea9ff31336cd354a0dd2e9a7ac2582cea1d25a444fffa3bd01e03d73611f786873a81a27a370e5ddb3a6043713e29f064d274088df1c925eb6785f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\installer_upgrade_image_bg.jpg

Filesize
19KB

MD5
3bb85d2c8cef28c89a2d07adf931e955

SHA1
596d13e7742455afce8a534382b28cfd2f6aa185

SHA256
b7f75233e633107d50f24ca82099225c83a832571cd2ce92901f2db3897f058b

SHA512
7075fe989d69ad5f0f4cca5fbbbabad16e0949c2ab8538f3f96020b831a4ec1cc3a701dcb7332e577b5eceba230449efbbf8e288dad47a53d76e40c2337dc730

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\minimize_progress_hover.png

Filesize
214B

MD5
fc2a0361a751177d3aacdba9c31b2682

SHA1
0a8f672d7a8777d1106e3b8ee36bd6e45bd322ab

SHA256
1a4aaa46893e2a9b011c478fbb0cd0e84c199f9f3520703189640088969ef5cd

SHA512
a15542c90972387133d86f6a94c17435432b1493b02502533c4d7978428ed7d44a7d3c5564fe08946561638f8a5a3dd0b35b81979c2929dcc386ee5f6f7ecccb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\powered_by_bs.png

Filesize
9KB

MD5
7a2e5c21140aa8269c2aafd207f5dbaa

SHA1
4e0d9e7e1b09e67eba10100d73dc51623517821e

SHA256
3d2afe5236ec813d9e8063bc43eb34b88c2155784e1bce19c6a533c32767af35

SHA512
63f512559f2068a9702c7c527c126f6017cd8d1d16af52e41b884aa9a64ff4294a57243ec78c3a416f70fb6178a79877d68345357725ff92c935709a2ef8adde

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\setpath.png

Filesize
15KB

MD5
b2e7f40179744c74fded932e829cb12a

SHA1
a0059ab8158a497d2cf583a292b13f87326ec3f0

SHA256
5bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b

SHA512
b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\setpath_click.png

Filesize
15KB

MD5
624e84e9b49bc150043aa9fb0eed2822

SHA1
f23f2a4ec609e3e9cff9319533e561968ccabb22

SHA256
c94924e95a49b175c8fc00bdc2821bb70a85b864cc193becc553b32f0024dde1

SHA512
288e1954d29bd3d22b56fadb2e0d3d10580a540fa1f2bab1284d957708bad96df5e38b67c6dc14784e1e275b89082c57370b786c0d0c4307601c0d2bf3704460

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\setpath_hover.png

Filesize
15KB

MD5
b1e53a76b6ddb3ecff52bfc1a8e5b09d

SHA1
012b5879e879fa25bf48e4bb62c35ee829eea571

SHA256
2da3f9367c847e47131370dd163f611c4639287512a47f487e0025c5665830e0

SHA512
4369891858b4adaf9144636c44b55979290177bcff57f67f341071e42e90f992531024e122c0bc5436ddb8c55e994e7b913ec37137a642dc0164e6e2516f0b68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\unchecked_gray.png

Filesize
192B

MD5
e50df2a0768f7fc4c3fe8d784564fea3

SHA1
d1fc4db50fe8e534019eb7ce70a61fd4c954621a

SHA256
671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396

SHA512
c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Assets\unchecked_gray_hover.png

Filesize
176B

MD5
62d7f14c26608f8392537d68f43dece1

SHA1
add4f30e7c3af4f7622e6bc55d960db612f3bb0a

SHA256
a631e26bd5b6ea19c8c65b766a056c92ba8a47e1483768dcf12b05293c9a7a0d

SHA512
e41210a78e6076954f75a2f73c0f7628e8604a09ecbb1d2ee0972741d4ef1d814b366828977c02944736b03ed116bc559a2ae47ddb7cbc6f4e54578c8263edf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Locales\i18n.ar-EG.txt

Filesize
24KB

MD5
2cbe2f0936384cc7729ca9b15e869955

SHA1
cbd351ef412b7fb52e2ac582f4eb58944020ee33

SHA256
057074129e8f390aa07851d6eb59e892440e7994c4c6f3b78618e7fb6f07ca92

SHA512
fb9e0fe5b138df8e36f334bcf7e4cc7c024d2d8828b63486c3ac19c8279e0e9e09d82d391b536eac0e52160992dc6bc3672523b5edb2cb63d7a96e4128b48b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Locales\i18n.ar-IL.txt

Filesize
14KB

MD5
9fb07e066cc2f213a64d35a97a8c2922

SHA1
a70db989f5c562bc69caad89a1402c8ad7c9b80e

SHA256
65e7b0f37b5e2aa805ac8d57969804d803430186f34e9703ca9fa09ba908ef90

SHA512
81680bff55b475a62a4bf29a8c219230b84894c1165f60e372209a5aacdba8e4819c3dfb76f3b55c15d472ababeabf0cd4b30c04e7daa26df63c8a5101970c3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Locales\i18n.de-DE.txt

Filesize
20KB

MD5
995c4504c8e8e71b372e6d9b64b070f3

SHA1
9ff5eaec585c416446c3f7ad7f3985f42cdf6226

SHA256
c28bcb07bdf32e5221ce919354cab0349891dfcbb87540f241fb3f58cf9028b7

SHA512
f1fc68f8bcf923f4f682eb30ea980e6da36355eff9a8ad7eb93d558d96e831b19dbf167b2e6d2287c6532c2b2c5591c66191d1005ebb0d56eb1647904b804066

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Locales\i18n.en-US.txt

Filesize
18KB

MD5
bc0bfbf0fa8b40c2f72957c2f57afb8f

SHA1
644765340a713413e159ff57f0098501ca8304f4

SHA256
819b673bc98a9aefa9e480b3df2a5f9558033fce38c2a2f5be08d10b9a859e28

SHA512
6e7e88ac28190011c1e1e2a78517e3bb858e35ac90f125882c64bfa26d5a6f7ee6718c558b9446f3aeead0a8fc53c825fca66ad2f6d82819ede19b88ff658e3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Locales\i18n.es-ES.txt

Filesize
20KB

MD5
67f8aef2c5208468ce113a47edfedb4c

SHA1
4d482c81f65dc7c7b23a6dd2cdaec0eb7fee69fa

SHA256
341df1d9ce68b161f1728bd466dd9da64d4723530f3bc0f7fa66a3dba3825917

SHA512
e3bd1e8b69fc28a257e9024bc0b783f161c6574e5f9aab9737c02a2c4b1ebca59cc761ecc9ef3c08e62a1f325072164899ae9c984f37bf385e05fc011255857d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Locales\i18n.fr-FR.txt

Filesize
21KB

MD5
3ba087f6afff180795610e8ac5bb5aaa

SHA1
f2d5c5f10694e51fed09d5b3a0397561beb331f9

SHA256
d2d2f4d6e554132fa86d0bfa0ac1892f10f53f30638599b17979cadb5d011f4c

SHA512
f9bbce232b486b51352f6c0386e515f0824b0b0ba56400e3f804f322b0a7e90e73b6917044bb8e0eb37509a0b4bdc1d37deeebae43547b9d8f35d2f34d5f55e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Locales\i18n.ja-JP.txt

Filesize
23KB

MD5
6977d12f436990c3f655c22bb44566af

SHA1
d0a04169354ab49104bc123e90494115dbd1539b

SHA256
c7b19642434a9e918003564b30cfbee5c0710463a74cb7fa86f9da2334d6d38c

SHA512
ff9ee652a79379cbdd7b2974fb6f61f4efaf2b73a79b28bf86b34288c42ccc343039110f5abd2c50ebe13f080e6f5eeb9196ba7eae3c61a782f6971d914a996d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Locales\i18n.ko-KR.txt

Filesize
20KB

MD5
f13198caa789feab1906e69736d1bf8e

SHA1
6087394d95723256c9eaa084cbbd03b800b8a7ad

SHA256
0a9b0ecd030084ad3f48791e991a9dc4d6bd78c1245db75ff7e48f33f8578986

SHA512
3b8e4f9b9395a2b512fa460845a5f4546971a31e1203d81c078955b5361888ad70176f143f50c9b963b0b4370c66ddfff3a7dbedb0a0d47ad881f8a6af44d2d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Locales\i18n.pl-PL.txt

Filesize
19KB

MD5
54f8558a0112610cc516958482672cf7

SHA1
3422b440364816c7e96d7f598e03df90b8ab74a3

SHA256
783d0131154663e7fa6b069b5ad5d3a86d94f4e97b5a58b88f71a1912bb9eae4

SHA512
23507a21e88574980f6de8905dcf6099346c5160356889675b318c575ceed9274d65574d882ae32936958f9f4810556a650467069e52a978efb03dd208ea2b3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Locales\i18n.ru-RU.txt

Filesize
27KB

MD5
5e617de676c07bb3ab766d5678df38a4

SHA1
cf69fc6e6c0b6d3a9a6bb6934b18752cb722b14f

SHA256
f07976072e28b0fbbf9bfbabe60f843874d2f72cb9ac76bf2980c1a8208a3793

SHA512
997178e8d5850b929d3f870036000021c17c3b28d73991dda7e0408b32186e328c08b1eff4ff76bc9d8567c07a1be0defd44fe0ab925d561a5c3b95386051009

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Locales\i18n.th-TH.txt

Filesize
32KB

MD5
c964784c1444bc7e9488acdec13990bc

SHA1
9ca7ac8a620fdb37aaf21fea1df37e388dab6eb1

SHA256
889ee3e31b027985b05bfd356470baf62a221617f37bdce444f2b60f7bb1f91e

SHA512
903f4554e0b2f602186837f39158a52bbb035d085cad49c03b8614219e22469eb63e9390e101c3312bcdca0751134accd37e0ed71d3db8eac096dff5a2b9e3d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9E57588\Locales\i18n.tr-TR.txt

Filesize
19KB

MD5
2b5f2c757a4d42de2f98e31139b676b2

SHA1
cd40cc682b112f60c6dd460596cffb3b994bd882

SHA256
598ab5abf69d1de2c04e6e7fa807606f4a2924f966fa0c373fef99a474244487

SHA512
2055d884d2e39962801f1c69f997d58d6db5fe01784cb1202cbe72973a48f8bfc399642fd46d28dda9d56ef5558aab32b341d79ff7d0920af7f4769ffd986d08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab23B8.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar23EA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz389E.tmp\BgWorker.dll

Filesize
12KB

MD5
36c81676ada53ceb99e06693108d8cce

SHA1
d31fa4aebd584238b3edc4768dd5414494610889

SHA256
a9e4f7ec65670d2ce375ffaf09b6d07f4cd531132ca002452287a4d540154a38

SHA512
1300de7b3e1ac9e706e0aad0b70e3e2a21db8c860e05b314a52e63dd66b5dffdf6be1e38ab6ede13bfd3a64631cc909486bf4b1403e7d821e3b566edc514c63c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz389E.tmp\System.dll

Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz389E.tmp\nsDui.dll

Filesize
3.0MB

MD5
c40a4e327c43f7f51a20c38b1bae840f

SHA1
0f56fe0a357a71ef32cb138258366f743f8fc398

SHA256
ef94f69593fd376e52a46934629b634a6365590b7102cd45a2dfe45533139060

SHA512
f379dc79899744160f21d6c8f11341b2251e58c09dd510b035cf08ce8bfcd38e290b96af3baa656ec85be8753dca7e32d3b95098ced1cfb481142d454b178565

Download Submit
C:\Users\Admin\AppData\Local\Temp\uyvjxnub.20h\BlueStacks-Installer_5.14.22.1003.log

Filesize
89KB

MD5
b2493a0e343f18de878353f6b2e8cd2f

SHA1
8bd5b6b6ead3d3046085847ab81c414da7c2c5ce

SHA256
e8f7c94c995f8ec9f05745cd6de4cf517574c10db8603fff3058bc87d748b606

SHA512
b0ebc4b46b0184c41242c3265c15e5e293d794b81e337c2d0016611d56193a0f65965651e5d090b29062e135146a10680707d995a464bc2a788fef14b778f9b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
24f64b13187584cda46fe91a8913575e

SHA1
eb6edc6c56af4f1a2dd8abf36b290ac3ced0ecb6

SHA256
420f9fa20a5a9fd238f3cb0ce319d50db09ffc5058a831d5016006d8ecad6a71

SHA512
bf702a903773f50c31ee1232bb0ccdab61f3bd8ba053069d5afcf92efb1fde08e1a1edf40196e578a60c27da13f46ab1533d8555314f9f6d4be0022518875b84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\datareporting\glean\pending_pings\03ee0b85-d801-4d49-8473-8b052e9d5743

Filesize
3KB

MD5
a9e1f1efb9425cc4748fb07f9f72da94

SHA1
d9d28b1d3a6d0d1989165d32ba979cc1511ea900

SHA256
3d7afeaa2a696ee7c3f8306729ec0cede08fe1523aac80a49e85cbda936032af

SHA512
f26f205191e84c64fc64b5e72edecd265aec9b1c2de2d20be4f1b4344eb29a1298195c2fee643904e6952cea982353a92aa8d6e6b6d062762ad0f80cf279ed3d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\datareporting\glean\pending_pings\920e17f3-80c7-46cc-bd61-d7c2814ea956

Filesize
745B

MD5
2cc3aee3949328d949807b030f8a1831

SHA1
223b2715d795a8f0cc56ad65fdb3a7da3068b321

SHA256
29a0e171ba18ee39a75ea3ed552dacb07603195be5a18d764eeb7f81bc47130b

SHA512
101f51e59b7694a1143aa980f8ae52b3881bb3ce34a7ee0179b585bbb921231095336944cf8b8c3a582d281904aac1cdbca555b45f28090349627a91fa0cb6d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\prefs-1.js

Filesize
6KB

MD5
8c1074a5556518cd08505e2895b18a42

SHA1
3a7fd0f92c1f1aed341a773f4a4737c9fef3dbfb

SHA256
527fd72b4b13ea3e8a9c7f689e73a798269580e25147236679949d1819ca355a

SHA512
6ff67e3801acffa716510d5014281892d985f9cefd720253388456de13e01a3deb701246f7a558d07902eafc018dbf2be161bc5d94d3b0e34c5df11fe4d51e72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\prefs-1.js

Filesize
6KB

MD5
ec668183a3b874cba9174e9f73604a1d

SHA1
fbf1f5d282222e82c65aed5f74e00f096dc805ff

SHA256
8dec6a5cd44d48f3aa0248144ca17fe0d7b4e945f656f748fb87ae5bc983e586

SHA512
2a741dad481224d0a25debd985715424915de569375f4b713590be9dbe01358bcc923566338d69107229afc248d2749f42bb404e0d6fd07c7a99a0fdb908cafb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\prefs-1.js

Filesize
6KB

MD5
50391d6d894cc4e0dbc007d67d41ed73

SHA1
e8e28b74af2e1e4ba871bbed03537aa54aaad285

SHA256
ff38a91f8727eb6d24c62aa4dbd136dd8f7a3122e5e1afe60e3a17ef1c45321e

SHA512
81fe2b917039c4591647e25f71e65e1f587adf851444c5be379b77bfb28ec5fcc65c357df2c55c315b834b175edbd7a991243791f67eb567075efcd83adcb559

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
e069bd505d8d486428fe4ddb5ddcb904

SHA1
75db5de716bb4dde6c933d673dddfcf9dd3bdb1a

SHA256
79ef3c7efcab134dc0fd9811970bb90a6afb7ebbc03397d5ba76987f821b08f0

SHA512
4ce318de8a936a6f6c5c6c139d4331d690b21af7e0f905caaf84e3418483186658172cf3255e05ed4d34a1c2639c1521fa36435ab05072a550549112f7a25024

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
a75e628238a1acbc5a9bfb18cd948753

SHA1
1e3b3940babe8023c027a881311c119f3d75ac32

SHA256
4b64765e5aeb0796cdb527ee12692cca7aac783201f2a8332519846272eae4d2

SHA512
228bc48824b53697dbe9f91c74850795cac048660bf9965d0e939399af6b32adc47f4af75bccb7e6a9b355a366cab302a27da714fde79f78a0becd1ed7405a7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\sessionstore.jsonlz4

Filesize
11KB

MD5
00457d3d3900d991e42be0f2b2161150

SHA1
11bca68eed161a5a043b3d8c1a0af9f06c624bbe

SHA256
181577f129cf53135e031b8f8db58776d7f58f272603104c46020d065e6fa381

SHA512
83bc39fd3702da2d9b97822e93e9a2d97b1c06f97afc2ddd1c2101479f91152822d68d06adfff371f90b0849de13de1768e94ef40eb455f077c291604d74dd18

Download Submit
C:\Users\Admin\Downloads\BlueStacks10Installer_10.CJCeGg76.41.218.1001_native_7b20fa6be26ac7e708b4fca6c1556a5b_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe.part

Filesize
911KB

MD5
05cd50890a8efa95d686384d2d96c530

SHA1
ad496d950142315aa8662edb002549e84d3de424

SHA256
6d996f70f6b9f99e4ae0aad1f28d224c84c22194551ca4e21f56127eb563faea

SHA512
6dc050e3c6577299ba4bcc306d1866ddea3eb2499f75f1de96e435d03f03b0ccf4021602be0eb6c816d7a0e81ce29590de247a084d67e88a64fa6ced4043bcf3

Download Submit
\Users\Admin\AppData\Local\Temp\7zS896F5417\BlueStacksInstaller.exe

Filesize
623KB

MD5
f51cd98b34ad6b81081e1a017f5c45bc

SHA1
e734d4f3d81d517b2a2eafaf20310bc94a419207

SHA256
02ca17eaa0f8eec7e7d321756fd73bb8292f2de7f3585d567ecf6f56b4f037f6

SHA512
1b87f6b7c0ac1825a3bd76bebda7e90ebc8293b889a3f39a4513ce04800fcd516e5d8597db379275ed324afb5c7f868afb31d1c965922b434de6968c94c47184

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC9E57588\BlueStacksInstaller.exe

Filesize
607KB

MD5
1744edd4e585a5efbd49ad0593810af1

SHA1
57dbda1bac0b48803933da6940c3b88376774c69

SHA256
3b136c884fb6e21acfcca33538f9b2e472f0eb83ae9a5a128cb1d5a6098b7f31

SHA512
f7690f5cbb08f2b7f801aecb24c826dee1fc08cd9d324b54359ab258be92577e72dcbab146bc4f55ab58dee0a01ff32070ef0f4a58385ba928f3f01bfe15d018

Download Submit
memory/2080-131-0x00000000010F0000-0x0000000001158000-memory.dmp

Filesize
416KB

Download
memory/2080-922-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp

Filesize
9.9MB

Download
memory/2080-191-0x00000000007A0000-0x00000000007AA000-memory.dmp

Filesize
40KB

Download
memory/2080-810-0x000007FEF55E3000-0x000007FEF55E4000-memory.dmp

Filesize
4KB

Download
memory/2080-127-0x000007FEF55E3000-0x000007FEF55E4000-memory.dmp

Filesize
4KB

Download
memory/2080-812-0x00000000007A0000-0x00000000007AA000-memory.dmp

Filesize
40KB

Download
memory/2080-129-0x0000000001170000-0x000000000120E000-memory.dmp

Filesize
632KB

Download
memory/2080-811-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp

Filesize
9.9MB

Download
memory/2080-192-0x00000000007A0000-0x00000000007AA000-memory.dmp

Filesize
40KB

Download
memory/2080-132-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp

Filesize
9.9MB

Download
memory/3196-5408-0x00000000003B0000-0x00000000003BA000-memory.dmp

Filesize
40KB

Download
memory/3196-5407-0x00000000003B0000-0x00000000003BA000-memory.dmp

Filesize
40KB

Download
memory/3196-5346-0x0000000000E30000-0x0000000000ECE000-memory.dmp

Filesize
632KB

Download
memory/3196-6302-0x00000000003B0000-0x00000000003BA000-memory.dmp

Filesize
40KB

Download
memory/3196-5349-0x0000000000B80000-0x0000000000BE8000-memory.dmp

Filesize
416KB

Download
memory/3504-6109-0x000000001AA50000-0x000000001AAB8000-memory.dmp

Filesize
416KB

Download
memory/3504-7175-0x0000000000C80000-0x0000000000C8A000-memory.dmp

Filesize
40KB

Download
memory/3504-6216-0x0000000000C80000-0x0000000000C8A000-memory.dmp

Filesize
40KB

Download
memory/3504-6097-0x00000000012E0000-0x000000000137A000-memory.dmp

Filesize
616KB

Download
memory/3504-6215-0x0000000000C80000-0x0000000000C8A000-memory.dmp

Filesize
40KB

Download
memory/4788-17795-0x0000000002040000-0x0000000002124000-memory.dmp

Filesize
912KB

Download
memory/4788-17794-0x0000000000280000-0x00000000002A8000-memory.dmp

Filesize
160KB

Download
memory/7720-17805-0x00000000008E0000-0x0000000000934000-memory.dmp

Filesize
336KB

Download
memory/7720-17806-0x0000000002230000-0x00000000022B0000-memory.dmp

Filesize
512KB

Download
memory/7720-17920-0x00000000008B0000-0x00000000008BA000-memory.dmp

Filesize
40KB

Download
memory/7720-18447-0x00000000008B0000-0x00000000008BA000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads