ab28a0f279d19c9c0c507a677b74616971f3e443277f0709bb619feffe40daf7

Analysis

max time kernel
118s
max time network
137s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 22:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab28a0f279d19c9c0c507a677b74616971f3e443277f0709bb619feffe40daf7.exe
Size

1.1MB
MD5

98341684249edae864b1ed61c1b0fd7c
SHA1

788c46a8814f5f39e56aa408711179bab5be398f
SHA256

ab28a0f279d19c9c0c507a677b74616971f3e443277f0709bb619feffe40daf7
SHA512

1c7695754dfa5ebe0a06023ba4795571e68cd02ffa30c2648633aec468dc4aacef59b281e10fe86401d0eeca4d36f64a3e32cdb697afa6e780c6ddb8eb588f58
SSDEEP

24576:HivtCX8jrlikZ3NzhXV0Oy5zCsP2/KzFazfA4hUlIiKPQk/sy:CtCX8nl9XxV07zCukz4BwUy

Score

4^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2444	BlueStacksInstaller.exe
400	HD-CheckCpu.exe
1384	HD-CheckCpu.exe

Loads dropped DLL 4 IoCs

pid	Process
3016	ab28a0f279d19c9c0c507a677b74616971f3e443277f0709bb619feffe40daf7.exe
3016	ab28a0f279d19c9c0c507a677b74616971f3e443277f0709bb619feffe40daf7.exe
3016	ab28a0f279d19c9c0c507a677b74616971f3e443277f0709bb619feffe40daf7.exe
3016	ab28a0f279d19c9c0c507a677b74616971f3e443277f0709bb619feffe40daf7.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ab28a0f279d19c9c0c507a677b74616971f3e443277f0709bb619feffe40daf7.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BlueStacksInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	BlueStacksInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BlueStacksInstaller.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2444	BlueStacksInstaller.exe
2444	BlueStacksInstaller.exe
2444	BlueStacksInstaller.exe
2444	BlueStacksInstaller.exe
2444	BlueStacksInstaller.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2444	BlueStacksInstaller.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2444	3016	ab28a0f279d19c9c0c507a677b74616971f3e443277f0709bb619feffe40daf7.exe	30
PID 3016 wrote to memory of 2444	3016	ab28a0f279d19c9c0c507a677b74616971f3e443277f0709bb619feffe40daf7.exe	30
PID 3016 wrote to memory of 2444	3016	ab28a0f279d19c9c0c507a677b74616971f3e443277f0709bb619feffe40daf7.exe	30
PID 3016 wrote to memory of 2444	3016	ab28a0f279d19c9c0c507a677b74616971f3e443277f0709bb619feffe40daf7.exe	30
PID 2444 wrote to memory of 400	2444	BlueStacksInstaller.exe	31
PID 2444 wrote to memory of 400	2444	BlueStacksInstaller.exe	31
PID 2444 wrote to memory of 400	2444	BlueStacksInstaller.exe	31
PID 2444 wrote to memory of 400	2444	BlueStacksInstaller.exe	31
PID 2444 wrote to memory of 1384	2444	BlueStacksInstaller.exe	33
PID 2444 wrote to memory of 1384	2444	BlueStacksInstaller.exe	33
PID 2444 wrote to memory of 1384	2444	BlueStacksInstaller.exe	33
PID 2444 wrote to memory of 1384	2444	BlueStacksInstaller.exe	33

C:\Users\Admin\AppData\Local\Temp\ab28a0f279d19c9c0c507a677b74616971f3e443277f0709bb619feffe40daf7.exe
"C:\Users\Admin\AppData\Local\Temp\ab28a0f279d19c9c0c507a677b74616971f3e443277f0709bb619feffe40daf7.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Users\Admin\AppData\Local\Temp\7zS8CB7C3D6\BlueStacksInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS8CB7C3D6\BlueStacksInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2444
- - C:\Users\Admin\AppData\Local\Temp\7zS8CB7C3D6\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS8CB7C3D6\HD-CheckCpu.exe" --cmd checkHypervEnabled
    3⤵
    - Executes dropped EXE
    PID:400
- - C:\Users\Admin\AppData\Local\Temp\7zS8CB7C3D6\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS8CB7C3D6\HD-CheckCpu.exe" --cmd checkSSE4
    3⤵
    - Executes dropped EXE
    PID:1384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
65cbf155606623e55565e9693d2a8dbb

SHA1
ce4f14b6bbd291d9c8fe392fadb1d22ce41d8a89

SHA256
ba01e27cac580601b1a6d5b411389b1aebd45d0b179c23eb86f5442810fdfc76

SHA512
305faadc2d30d7cf7c4a294433cbd425535cf61d491d04ff52e4afadb990b824171ef23e1a0a8807eb911c76f4f3e7ebe285ea9a094d920bdde9bae05d5d0d08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b746e6fd46cc312db21204d257839ca

SHA1
b54fa2427e9d968c3fecc28440059f21956db75c

SHA256
e1d2575d30921d83340d9a5548f31605b242a52bc0be49a2efa86059c91e97d5

SHA512
92fbfa2a399a7742f3f150fe8fb402b7ff68718299e2e139431bb8d8cdb73c1e18897bc817083bf5fd0910064218b05f42e536f6cd6e73e38e350729ccf119fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6363316753bd7e84e9088340f9d3cc9a

SHA1
af950c029b6bbfdd35ee5d755a40ccfdecb10493

SHA256
ebe933ef1519f1a0ffaf8a48d39135910c9b200ac35c62bcac36a9954e308666

SHA512
0df769348ad964d7023b7c94e18c23b72f0e572ac3bb798cc2c92645d8d938c8ee3a4bb75afc2df9913dd1eaa7d03212105dca4e6c392c2fe8df95a5302146d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da66b241e31f87b5f88f0cb906321b71

SHA1
4a41600cd1ef4539e28abd93148131e956a0b1ed

SHA256
91264a75276f43617d2f7b04a4e4b68271b3fd0fede29f73c201d641a48b7164

SHA512
a69083963d496e627bb782d9ab2602ce2bd1774fc7f6cc61a1c13685494f9ebfbfdea7d8b247b2ce7ff14a530360c309f0a8c03f8d5053922a2acc23550bcae1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ff2f36097eecbf883a520fc2dbd6324

SHA1
d387733f54644f7a85c75051d01ee2e6ddc15f67

SHA256
f2cde29e29b48e00eea89de96f04982dce9a7c897c48072eccdc86cc165490c6

SHA512
38c45f7db7c3e7d308b2082abcbb8bedd915b16dcf343e7b5bb918fa53d0f0f0801f24d91e7bb583dab03a233557f916b414bffea4b836a946e49986af44e514

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb11e8d8bc158f35f19c06d5fe6c5c33

SHA1
9cab12e3235c5b107640cc9e3bf257eb09b50f66

SHA256
5b0b5c0ef08f826a07ce21be10c0dd2782842513b6b79ecbdf55bb09e2b0f797

SHA512
fcc382e6b5197a5c1f0254040298cc9fc6ecd0d5874d3324b9b9191ce0db882253309667ee02ca84f74a6b5be08530604b8e88ab82a1f967c6e887c42d013c85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a05624bba817062369e5976a27297a3

SHA1
8a5d160e455549e2ac496a48987b0d97a6796468

SHA256
e97e781b88a5c0036e74975641890d0021ffa3a0bfc908132a83a1c01c4ef1a9

SHA512
b5bf58a5254845e7b5694b14e372a2f4945189500c5dd30496e3edd8cc8bab7308694033fafa302acc6a69018066f7c3209464b3d4930990b58d81a8bcea93b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c09bf93bf1f494a14f4bdd7464f7c34d

SHA1
a346f31b8ec5c3be3901c68127f93705b3d30eda

SHA256
c396b5d52cb0620993e4bc3d21372346a75a7f566f27d6ecef48e747c6186b77

SHA512
0481c5c7bf067ecf5b365e769301df4a8d5f46b1d4207064d745d0de0fd121fbeb4f7091cd2ce2968d508e75ddf981e1561e0dbc3b7d8e057592572a00a72798

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf811810315145f7ca5761310a95f9cd

SHA1
78eaf8195de866e6c9c8ef1a0e137bc674893bf6

SHA256
58cb48ddf47cdbf482462ff0ddcdb750e96ba01683ffb5c3a77094985bb2b01e

SHA512
d057d69ce31f638e92bed8c973b2268e9731491cafae4035ccc36a2796b05782f9d522aee831126cfc515df45abe69e6f97ce8f44bd316ae046e65796393f8bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5013118cf5c1e22d84d95d4a35cdb048

SHA1
f1ee227c904e96def2bbb00394651e58f24e5dac

SHA256
96f786d33674c4d67cbb7fab0ea07337eae5f69273999c5d02a5771dc4f6ae64

SHA512
c0d7ffb55db48a38dbb65099de1616d1241413fd1c7851664c0afebd6f9beae2858168967a58c3a9b0df1ba912d117e090e7ac58945355a2435c962d7f79d12a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce1feb9a2bd9e721d9031ce9a3dae041

SHA1
09c5996b5975db178413abfb91c725055d53183a

SHA256
bdb10c25564199264aa056eb6fbd3f7af97b254a64f0d47dfc016fdf8e50c30c

SHA512
7c99db3836a6f139f611b2bbf33e234f4f60da64934bee895eeb32e6869d4d776d0ef6490e9cf0de80c4b7dad32dcd929e6cdd3e6f85979f7298b90c9401a79b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
62ad8efe8bdf77522eba065b507b5e17

SHA1
05d4a0a5e89a40736064530ea2e98ebcafedd0e9

SHA256
c6ea199678003d88fb0f934b9dc775cdf50066040fc881e1b09066a50ff6c74d

SHA512
8b61111a89e990c3764cb602cd03747e172314eaee327c9a47d7fd27a296039974f1c8d409c626600a90c12f111cf4a78c661d516ffbf759d70973344e634249

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c3163860b6cdbae18cc1f9205f6eaa3

SHA1
f4b511741c39494a2966e4eb5da189a4257d41a9

SHA256
62b2ddcbb887bd129d86dd92185980ee17de7ec2d16db088b0277906517cee84

SHA512
153fb66265146594d08438025f2f57c52319caf6ff2243aa55521748a6475264b25adaa2df54dfea2e6923884267ccaec3e0b837d738fe7130d3bbecb327f0e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31d642322f1ae810a321fde4e77b374c

SHA1
95c1ac013b68254911e2782b9b822009e1f0d2eb

SHA256
1a1f497d97dafb4a5c0b50a5fa7e10fb92afb8016b3725f1c569b3acbaa1f722

SHA512
026f5b13576c1b62c79a4ee30185cccc5bd995482160c9fcfeda28f19fa0c35d5f09737b26021abea098f9d0067ed105768177bcc2132117878ebf3d93768461

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e78561afd5d2a9ee42e31f4f685d2c2

SHA1
489e5dcf8221fd14ef9fe6209c4a8713a7c4edd1

SHA256
add7890e8b13d79bac3172d5b5fa890f27d0f19f13ab425100cd020c4914f521

SHA512
88791656076c2216d73e106322f588d6e720a1eb6df5bd730379b161c67cfa05a83899de8224a7d10e79ae68dc61fb1ee371fbe912da61a8aa052fa5a19376c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
442f0db2ab9075576708a142b7406468

SHA1
e59e92912ffa18b187bbbbf15a4bb79d44e59652

SHA256
0802270ce157f06191f159c7c618c211f049b59f7fa8f60e68aeae2ef89e4d9b

SHA512
10a43ab7192f840e3ff128a107b1f4e6d5409842c08c1848bb5f642bb61e8b3f2002d35f82e66b3d20f803c15355d242b7ad619043bfc268ec8ad6cdf5b33112

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bdec847a2f8658b2a691b91d1de28a17

SHA1
cf964e21b3d2be15e6fecb3fb92f4b95a2d7a21a

SHA256
74b3cf3f325637be2feb60613d24971d426737a8bdcd02d1a32bdb9957265858

SHA512
4816a0bf1bf8f87397d61894cd8bdffd1c483f8d0093a87871d492a6d04b6321bc9aa4624f4609c8e0bf444f010b19da80efbca3939f6102b5afa3d167931504

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f3bf0a6e608d85792a8817f48066ce1

SHA1
b4f44f73f1db577c14bee54981a8a74095243471

SHA256
89ca518fc371442fcd3988977fbec182e3c82e8a84c54aa49e81af058874bbde

SHA512
2eada3fb4540fb7c6e6854193c4ea025c4d4eed0de27293d4c40d35a9eed62b305a755a494a4137c9aa261e7397516c10ca09c033633b6bc296e5a297e296be5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a27c0c43fed8eece19eb532f0db0f046

SHA1
be0b0a41d960e6287310c872f7979508d3fa63f6

SHA256
8e970476e168d877d77af6543cb58647bb6be80aed723f46e12ff7fc8c13c95f

SHA512
e3e9dd0e10c87415059a6d612d869fd7983b44e32ba7968d7f03d14903643798f8e4c99d1d44c937c355d049989f8da9d681761b91eaf78b106ca61c1e709b6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
501065b056416c90ad4285ebbf447328

SHA1
5fce27664fc2e8ac5fa28d94831a3d6113c868df

SHA256
27d27eaac8a3ea183ccf78deafc4a375e537b8cb16413af0e40788aa17a50226

SHA512
954df6617e5cc5fa5b936065073c98ed1905a2238cdb371c4d0458f1389367347b7acdb4d1e495e51746486444ecc0c85b509bd3d1e01ea7975bff6b2939da84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
382cdd3d2a39f9b94090a7e89e1bfba0

SHA1
db7efa555a224a9930cf51d006b80029235e057c

SHA256
fd83dcdd0a1aeec9c897fec9dc594f7fa5236a4dc561f88bc91854727474f176

SHA512
3d85202acf77b2848160c61c9446576cbc8eaed4bf99918808cb262a16e7110eeb4947e24f24c3691e4ca866795adcc04ffd8b83d30c02621e4994e1d254b3f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5898fea9c8100fce0857034a3efdb9ee

SHA1
36253bea39cfb91d3f049a3fa80a05207799e47f

SHA256
c1fc1bc9388374209d9d3b82d88334bb231fbe2c5cee3e6fa97df68bc0a25e32

SHA512
16a06d4e8641803e40a7a342f0b4ef2dd2d8e1fdb1380bcbbe532cc706c1dfad6119bb0ddaea08763a844ce7daac6c5eddb8177d8141fd54191c3380fb064b6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eaf64d0250d02d71389c325047ef6698

SHA1
029d2b16dc0de616942fa56e9ee3c7e8dcd7e150

SHA256
b5f752978dfba7a2839a6a8ceef2f2cdea68f6b17ed7e7062f8f4157e1fe3f3a

SHA512
95786b52b705e055574159973d61c84db19bbdf689703f4cce749b19d33ca53eced43cc05212d8fc62544dea3611c4dd450cbae139062b9ec007a1692b97b6ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
842b39eccb6c2cfb611c2e235ba7d0f3

SHA1
8cf5555151970734defd4e045601b76745079339

SHA256
262f482826f8d64cc6a9465bfa4213bc574e8777e8485c5bf02da9cd83ae1cb6

SHA512
c778d533d05d8756a47cc33bb07e7ebb38291d2d8073b2699ed4799697f706d279c3bc630d6058f921bab4cab3d0d47e202d8a5d0ee6231e8e57c955c40d4faf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CB7C3D6\Assets\backicon.png

Filesize
778B

MD5
bb32b6c0cb2fd3b9329f0813e1b4239d

SHA1
241b75e5e21aa3e7a6aae5066de65d65db49651f

SHA256
77533707194f691af85e6c990d852b949c09018378c8f9d87763b54b1c118f67

SHA512
e3aa89c3ba19f4d0a26fc6f3fd725c5201f3609b7e3f91bd8fa1fe95aa8cfdac5d684893ccac3e81b290ad241c048264d12bb1c6aa4b9646e604879b54bb9d33

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CB7C3D6\Assets\checked_gray.png

Filesize
659B

MD5
f5273eda49f641257ccb5fc5235cee80

SHA1
ac2f52d7a0b34facc5cebf4745fb72e15c0e5c8d

SHA256
fc88b72393b58799ad747a988b76c1b9d8ce3dbaedfd0463e74d6a33be0878b6

SHA512
95457d926dbb7dbcd7c5b30fe6ec45634ab7c0f3dbd5820c8956d21d33a0f5feddc36e0d52d40abbb8b0ba07c005e4594dd56dab1cb278ee3104ec14d8ca921f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CB7C3D6\Assets\close_red.png

Filesize
1KB

MD5
3759fdf92c29556e5740a6282507e1f9

SHA1
23960cb0edd610083edd8f817c03add5e883453d

SHA256
8cd75e91be69cf7cc6e6979c14b394a11fe683be7b62d5163da1073bb568b7d9

SHA512
d0773ead77552514a2cd7fd7e55abe730579b4fab24981eb976ac43a821fc5a06ae02626e48dff83a58acb37db23d5527444faf5d4b7cb2fc78df33b065b80d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CB7C3D6\Assets\custom.png

Filesize
580B

MD5
07c7f00c7498d32e8045c1a0eda0727d

SHA1
bebf52df35cf5a95dd6ff5da778b83c5eafeb052

SHA256
8eaab641d186f93f50d2d2bbae6ac5b3c937ca30665bf916321a35c83253eca3

SHA512
142752b1ab40a23f654293a15e075321020322fc0f19efdab93e69716cc0ff5dc2148a83f7db149b7dcd8c30b7f542c0f89ac52bd50470e756b07b00ec78f5b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CB7C3D6\Assets\installer_bg.jpg

Filesize
353KB

MD5
49875ca1499a58b4ca9abda4d34adea5

SHA1
091155113dd5cf955211fd7a932ecba32f8bf136

SHA256
15bde105d61a562560d354614e0254dc4259000d8f610b32be8a965bf26829ca

SHA512
08cf0ce98b4c31f5879789f9458f14526fa3483096efd5feeca0f9b477456d80eb542a1e2f5823593e6d7d4d9d106bae0a7a7f096bacb638ee6fcfc67e13623a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CB7C3D6\Assets\installer_logo.png

Filesize
19KB

MD5
7ad11e07d8f30571debb2a69f77833c2

SHA1
6351d8968889c6a636abafa2a989b788fd477822

SHA256
fe59d96de7342bcbfea62564e92d8e27530fc52c16399399be5f1d6c45340246

SHA512
7bc37d326a0d0fcf80231b2e69f3491f7ea8a714fa70b91d5606f9a03054b2c9113b4caf5bb5c980f53c5c73a769a11d1634660cd7c1e1e213124d6b55b2fbc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CB7C3D6\Assets\installer_minimize.png

Filesize
157B

MD5
857bcef475b0d4c1d669bf47a143e85e

SHA1
072746be2f79c9571ec9b7e3b702a8cdef5a2b66

SHA256
8e6e37b79756bfebb943d51d3571926fe4992748c4a673bbb6d78b22e87bc7f6

SHA512
b7e236edefe3f4aceefd912f2b6cfcecee034125ff082d3bac5fdf6db57c89dc2dfb4a96897529aed8834a423529680cc0ba1c94d497eb8d9c4f450ff70cf79c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CB7C3D6\Assets\loader.png

Filesize
279B

MD5
03903fd42ed2ee3cb014f0f3b410bcb4

SHA1
762a95240607fe8a304867a46bc2d677f494f5c2

SHA256
076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1

SHA512
8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CB7C3D6\Assets\setpath.png

Filesize
355B

MD5
f4c65de79fb292fd6104eb1a160ca09b

SHA1
52173df03e93433d88b50ebcd7d3bdbc32bd4165

SHA256
9ea14db4e8d39be52c9b55a39119d5f95dc331a0559d38de44fd8e72e8677718

SHA512
db4bca2ed5582efe9ca27ec67bff59ed2a66c471dc4e4247818e3b79838b57a00cd69d92b709c3a7e0628d7c9e9508335aff877279d30741de18226f0626dced

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CB7C3D6\Assets\unchecked_gray.png

Filesize
321B

MD5
8b3031b63549708b7ef422da8dfc42a5

SHA1
46407a76af6ac9887a15bd682533922c4b2d09da

SHA256
8355a9b447991ed53c3e1c768f397b622f9535faadb26913e4f2298cc3621c5c

SHA512
97b2fe161483b90abafc0bff3e4839f357aa3c0765b1d5d54e5210fcd9d543480eb4ff3671f2706def344ccc83548fe8d064b9ba1bb15abae9e718b87b91298d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CB7C3D6\BlueStacksInstaller.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CB7C3D6\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CB7C3D6\JSON.dll

Filesize
411KB

MD5
f5fd966e29f5c359f78cb61a571d1be4

SHA1
a55e7ed593b4bc7a77586da0f1223cfd9d51a233

SHA256
d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

SHA512
d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CB7C3D6\Locales\i18n.en-US.txt

Filesize
18KB

MD5
2e67781c074a702af42f2c2259a9e94d

SHA1
c40ec186835abd9e8cd1976b0005e57e17c672f2

SHA256
858f09be7e462198c0e77b2b84de544158789f53eff200be78eab70a6acadd1a

SHA512
4adbf7cb6f1621ed1d3904beaad55eb5229475c9007c7ba41720d9dcc9b3f63c849b9a5cd9aaf86c5a063693b80c1b39fdf41eb2b026f35cd15a5d92d5ce843a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CB7C3D6\ThemeFile

Filesize
79KB

MD5
51e4b1a661b3e96697b54899cb2317de

SHA1
1cacf6e055023cd2cd7100e2537a6d2dee7d9a84

SHA256
87bbd881c9603d6032564b787a85a1c040fc1a2c216f25a1b0b62e26fedcdf69

SHA512
55dbe855478a32ba78f15b0611847f609279fe262a7940c024a09378d58e1b84397038847aad03cd113ab5d1e4026fb323fb07d3024e0470f40eefa18949e7d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab13F0.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1431.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8CB7C3D6\BlueStacksInstaller.exe

Filesize
599KB

MD5
bb2236d5046a01067d4be45e5a188900

SHA1
da71f9f9b3d6b5eb3bc63a43bb21d6ca6aa94846

SHA256
b1c4692a370d1871a77d4308d2c65f5507168caf0508e14d9b12bea218f4ba84

SHA512
7cf34504b82248275049e272e1afaa5f47d3981f656d7cb9e4791f63823b2dceeadee9f51ada834e7f41467195b93fbc05747067e9786b921787c8fb5c621b90

Download Submit
memory/2444-122-0x000007FEF5B80000-0x000007FEF656C000-memory.dmp

Filesize
9.9MB

Download
memory/2444-1185-0x000007FEF5B80000-0x000007FEF656C000-memory.dmp

Filesize
9.9MB

Download
memory/2444-121-0x000000001A7B0000-0x000000001A818000-memory.dmp

Filesize
416KB

Download
memory/2444-1121-0x000007FEF5B83000-0x000007FEF5B84000-memory.dmp

Filesize
4KB

Download
memory/2444-182-0x000000001A820000-0x000000001A82A000-memory.dmp

Filesize
40KB

Download
memory/2444-119-0x00000000008D0000-0x000000000096A000-memory.dmp

Filesize
616KB

Download
memory/2444-117-0x000007FEF5B83000-0x000007FEF5B84000-memory.dmp

Filesize
4KB

Download
memory/2444-181-0x000000001A820000-0x000000001A82A000-memory.dmp

Filesize
40KB

Download
memory/2444-1401-0x000000001A820000-0x000000001A82A000-memory.dmp

Filesize
40KB

Download