d5f4a1ee1638cc486dfdbf69f83e3459b37f26f5bdb046bd6b090147dec0d873

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
07/08/2024, 02:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlueStacks10Installer_10.41.501.1001_native_7f08208f3f1d0145b5d9f9ad3fb65883_MzsxNSwwOzUsMTsxNSw0OzE.exe
Size

912KB
MD5

1e04e52e6350fccae205836ceb331f38
SHA1

15cb90096c3e0fbacb2ff1cab022bb385ea59eef
SHA256

d5f4a1ee1638cc486dfdbf69f83e3459b37f26f5bdb046bd6b090147dec0d873
SHA512

a49b47684be14d467dbbe65f2f7ff7ba93ee0af6d302050c186cad786dfdabbd39e97c11565e065b2463fa58cd430b695244cc2d05ff2e4e891a888423875cd2
SSDEEP

12288:WivtCXQd0gjKX7zuqGKY5Ha3z1cNoaMt7bi7xgjL4kKaCHZMptFiquFhIK75cZm:WivtCXWeGKY8f7bi7qLERHSPuFqecZm

Score

4^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2292	BlueStacksInstaller.exe
1956	HD-CheckCpu.exe

Loads dropped DLL 4 IoCs

pid	Process
2420	BlueStacks10Installer_10.41.501.1001_native_7f08208f3f1d0145b5d9f9ad3fb65883_MzsxNSwwOzUsMTsxNSw0OzE.exe
2420	BlueStacks10Installer_10.41.501.1001_native_7f08208f3f1d0145b5d9f9ad3fb65883_MzsxNSwwOzUsMTsxNSw0OzE.exe
2420	BlueStacks10Installer_10.41.501.1001_native_7f08208f3f1d0145b5d9f9ad3fb65883_MzsxNSwwOzUsMTsxNSw0OzE.exe
2420	BlueStacks10Installer_10.41.501.1001_native_7f08208f3f1d0145b5d9f9ad3fb65883_MzsxNSwwOzUsMTsxNSw0OzE.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueStacks10Installer_10.41.501.1001_native_7f08208f3f1d0145b5d9f9ad3fb65883_MzsxNSwwOzUsMTsxNSw0OzE.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BlueStacksInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	BlueStacksInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BlueStacksInstaller.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2292	BlueStacksInstaller.exe
2292	BlueStacksInstaller.exe
2292	BlueStacksInstaller.exe
2292	BlueStacksInstaller.exe
2292	BlueStacksInstaller.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2292	BlueStacksInstaller.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2292	2420	BlueStacks10Installer_10.41.501.1001_native_7f08208f3f1d0145b5d9f9ad3fb65883_MzsxNSwwOzUsMTsxNSw0OzE.exe	30
PID 2420 wrote to memory of 2292	2420	BlueStacks10Installer_10.41.501.1001_native_7f08208f3f1d0145b5d9f9ad3fb65883_MzsxNSwwOzUsMTsxNSw0OzE.exe	30
PID 2420 wrote to memory of 2292	2420	BlueStacks10Installer_10.41.501.1001_native_7f08208f3f1d0145b5d9f9ad3fb65883_MzsxNSwwOzUsMTsxNSw0OzE.exe	30
PID 2420 wrote to memory of 2292	2420	BlueStacks10Installer_10.41.501.1001_native_7f08208f3f1d0145b5d9f9ad3fb65883_MzsxNSwwOzUsMTsxNSw0OzE.exe	30
PID 2292 wrote to memory of 1956	2292	BlueStacksInstaller.exe	32
PID 2292 wrote to memory of 1956	2292	BlueStacksInstaller.exe	32
PID 2292 wrote to memory of 1956	2292	BlueStacksInstaller.exe	32
PID 2292 wrote to memory of 1956	2292	BlueStacksInstaller.exe	32

C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.501.1001_native_7f08208f3f1d0145b5d9f9ad3fb65883_MzsxNSwwOzUsMTsxNSw0OzE.exe
"C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.501.1001_native_7f08208f3f1d0145b5d9f9ad3fb65883_MzsxNSwwOzUsMTsxNSw0OzE.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Users\Admin\AppData\Local\Temp\7zS47938996\BlueStacksInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS47938996\BlueStacksInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2292
- - C:\Users\Admin\AppData\Local\Temp\7zS47938996\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS47938996\HD-CheckCpu.exe" --cmd checkHypervEnabled
    3⤵
    - Executes dropped EXE
    PID:1956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
cbf67b24bac48abbe24518c7a24c9315

SHA1
1dfda1c46889edeeca39e69dc30f9e5b6793198e

SHA256
ed38554eacfa4a3f86da083bf1f73e244275ce8792df567ad52c33e28375b9a3

SHA512
bcb62111a5f0b1a589b6835401440f2eb25f920e50589d3c363ef1c71c539a400fe85a14775ec31664a78f3a59ea74d795ea35ad6bdd0350de772ba6949486bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c95be82cfcb6cadd2059233d4cdb6c43

SHA1
ffa53b4b412205fa42378f5e0ccd89edc8825fb0

SHA256
6e87c469bd27520233f78f4ec03ab456589b6dbf2ce84b30734a20d8521bc8e1

SHA512
4b92727d44f2942348623a2a77a337bf3dae0dddbb766b459418dec0592d9ab4df2683aa9017895c725b552c1b3cf91c1643c18d93de97fb04f673814d29c5b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa8f5ab0be64bb5d3332acb07b93ffa7

SHA1
92d6ce34945e7adfd20a70968e1cdd95e73c7562

SHA256
e3e95c3d640f35ad484ace8b00081953708c8d47534155e5bdaaea6088e0a1f4

SHA512
e70d1948632ad574456b476fb82659c6aa48dd20b4d21dfe55cf5596af1dc47c0892a30368e9a3c8517f3cd553b0e7c8af254d4e1e69aeff96fc09df8554b9ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7bba7df3b2858013e61d2c353d368465

SHA1
6b2ca73b4037e6a2a283cbb224ddb703681cd87e

SHA256
08ad6e43d767ee2489b0ec6df29f5da107ef44beff213b5230322eaa79525c79

SHA512
662579301c5a74e013cd0315d922113ec0257d32ba8ec073d027a6e7faadffdd315282bdac41f6fb867d8d185779f045cd691d947ef8c10f76ef261d47416d83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09f585f31d66232f60c70b36fda3c6b4

SHA1
52294af449e65779b2d90b764b6d5e704f237ea0

SHA256
af653083befed52307365bb8a46e918745a9a9fb64348bb47f9935bcd4a7b57d

SHA512
9d170df7728358e69da095685fd3ba467e1c50bd1bb6d774f99dd57f8b3e056e01ad9187abc27266d0447ee16406a11d6f9401c764a98dc387d0f9785ac14e3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cdb573a2bd6d19fc3176f34294c75a75

SHA1
5f34d05227b24d921ad0722722ec836703b9ff9a

SHA256
bc8a807abe0f53aa700a3e7a0a24272af90811188aa6a8d7c33aa05b585ca5dd

SHA512
377bd5c61a8961fa258426b71a7565f5ffb36c9f87b88f1a317db48f7919e40c55d4186f0bceaa0ff5942666035fd219aa73d613c9fd7f3c21d94aa90ab4d1e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e941d5516a34353d478d336593bd6c4

SHA1
0dce9a0ff136ff5e99925152f8f389cbb0a7954b

SHA256
cfb7315b53d54dc0243affe3c0fb9e215d3d2a69030541335fb3b8dc45843bf1

SHA512
6d06518cba9776c1c490d08a399ad0b3636ad929ef53c0587cda68e0d2ca26326e5aab289bc799a0e29a9b209564711fd8c6d2786a6adbd758b86f47fe2746c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1668b0532a8915194092aa6ee093c6b3

SHA1
8e26dd428ce3463460f179d33839619b24da67a6

SHA256
d947c8ea156a79c2429eaa5b7d0d6969cfe5f627ebc69087ccc19d0bb8bdc8d1

SHA512
03b3556cabbbf74bcc5297109023eaf76b3205e16b7b00b84863c45e57a6ffd6cf4c4f5b427e198b511b52543c6c0a7cd227e13b36fab9a39f9cfb87ee845af5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b24bdcc3cdae81fe8357f7e3f467f1b7

SHA1
2c5c61f6242084a5a568071c1033dd70e1d86030

SHA256
b31dd69255766dc0779aee4eeb7d0cdb568b7cc2dbb9257d6e8f6c78e6ca7645

SHA512
a5bfe1ec1a38a70918ebddd88be8bec17f15d2af7099ef979d65e479ea466fc44c3c26c5a959c17b3f37ad59d4845fa42c6867f4d47a2e7377f62aee2836179c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b37a574c73947b542ba9b87e38ef6801

SHA1
874e075a6b7a8a85c94421b5d159df33e1c14f85

SHA256
355ba8754364cf02971e08cbb09399b96dc23e03fa17f54b9cf4f4af407aee27

SHA512
4624f7185f4874a7c0d98c3de3366167700bef98440553bf5f83bae81972ed416cf089b2dd9ee48bf8e9886c6a1eafa90e6d5bcfa6ffdffba172ccf831c12829

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
62b77e786d894f4bd3af5638db83d72d

SHA1
b9a6cc01497c58c243879359cb2f56b7d6a98cb4

SHA256
afd6e51ac37bf0c36032480463d7429bd7b03743acdf96e1343171703b65cd1b

SHA512
9c114523a0901792ea7175f8f4770888c12218a9178068001c7cdbac8d04f438e145c9e58f00155b0a8fb5ca86558ff3c21bc3e3714c7aa341786bd8ab923cc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f287ba2eefb1f9bf9fcfc11e4ac54f8

SHA1
71faafdfb7c94a8d8ef5fef6bd3de988a6e3fc4d

SHA256
429233314c0e74b48c5f03ac3148f4b7e1e6cf84de4af8e9c168d605ecbe7802

SHA512
5c3e79544d14032897db364cfe6f1147179c1c7a38d32b1988301c9f031b1a3417613c7a6903b9a27419549078ee0d17f9a3ac5cd61a04d1045801594aab43ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af4ee12f13a65851c584c657eeb8284c

SHA1
e019fd5ff4db4940e027651545c5ca8c37359c3d

SHA256
2ee3a2a07a8eaf7927de4096ebf8cd4339b4d712e9c928ed51d8620ec8b1adc5

SHA512
ed744664554e3a966826aae9c6dc35f033d1657c87c1685c035cc982a55176db56735eb88344000021c67fc48fefe7a9416ba8c4c5239556d460419e82577373

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78e70e0bdb59814eca688038797f0187

SHA1
082b4934488065a8601c5986b0460d2fdbc2d5ed

SHA256
be8359311846e5ff80dd73bceb7eb4729e393814bc319607b2e2428d7357b4cb

SHA512
a62fb153aa1777d2fda30aa88451aad7d2eed26a9cf7d9447ebc5a3caf40940a19c250a5af72476833d521f92e78687e7d4ab23c30fb251d47284fe6f1205c20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4895a47fe5b936bd91ce870a6baf8cf

SHA1
3db7252e89b5eb58cc5bc89b3f3688d557b2aecd

SHA256
3ea05cb0c9e7606f080a17c6fe24955a2d5b38d775bca5be8516788a357ac2e2

SHA512
1ed19fcf5d3c63a2b7058b4091a6d81d9164ed0773f1ead4c45815db0ec30972ce0c40cf7fa2e204d7ff0a1eb3e7de3f92d9f769de49def174da46f5aa927135

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8695a566910a0fb17146a54f89126cc7

SHA1
5d98e12429886685866d38f4be8fd113fae235d3

SHA256
2ef396e6b21cfa13a482349a35b8168efd1341217ae5d2a0080372eab619415f

SHA512
13e6f565ae2040734bfbe71fc67009e2a5a6313e66ca017868a99a3646bfbdccd8683d82e463f2ba2322b6312771bef1613792d4a1036a05eb0cf45389e5cd14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57e75dea7b546741a6b9f29aac4fe9f8

SHA1
6879c45b05209185b1c5764d97c5cbb7ebddac96

SHA256
e82f75d1a7726d95bfc6ce333a52c7395df5f90784845305748202fb6705b581

SHA512
a31ccb822965153ddd36c970d10528722992471f0d4f037357aceec891c4f898802856378648e73855ef3b687921a4cd18f1e4a62d2497467f835edc79526acb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69f7d768fe7c8df1a445f51fbb7d1d68

SHA1
456d3c74b5eab576c1443ca5074c01be6bbfcb7a

SHA256
0524620bb1c77b67112d11e7929f917f2789b25ebc15d2457a6b75138f442acc

SHA512
719fd16b78fdb173caf9d48a126b20ffcaed9b94e6e849d60f3b184992cdd833a674e68b8053fa43fee2b94caa1f209be60ad67dca02a326277414f924bb407a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58ee32e4fda65916d41e200143bf5c18

SHA1
0c72651940f5b9cd1e3b6e07121068ac01f9c7c5

SHA256
c91b4288b538e0cfd1510b3f0508d33beaa4a2c3486fd0ff4a6f1c080d2b344a

SHA512
0da3f9d7621065e4a55146204cedee00ed5e2bf410b4c3f19043acafa30ebeb9eb42ce0b479137eb8a10a32254082ee377fd70cf043ed2d797ec68091d36c7ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS47938996\Assets\change_hover.png

Filesize
310B

MD5
57092634754fc26e5515e3ed5ca7d461

SHA1
3ae4d01db9d6bba535f5292298502193dfc02710

SHA256
8e5847487da148ebb3ea029cc92165afd215cdc08f7122271e13eb37f94e6dc1

SHA512
553baf9967847292c8e9249dc3b1d55069f51c79f4d1d3832a0036e79691f433a3ce8296a68c774b5797caf7000037637ce61b8365885d2a4eed3ff0730e5e2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS47938996\Assets\error_icon_72.png

Filesize
1KB

MD5
4aaf83d2b3fd56ad806708e60474df39

SHA1
144777a265879b69fadea3eb3ac6939458918578

SHA256
84e59d14d9433e6c3d92daeb8c443063b5e3be6c0b297f0403dbde473a05cb3f

SHA512
3b8485f054fe6ed2374bc81cb1786f09741219fbfcb22503707b11cf5db1ab262ba4349633597d5d9ddabc3415b170fa8eebc932f58d211d7092b8fb96fa1304

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS47938996\Assets\exit_close.png

Filesize
670B

MD5
26eb04b9e0105a7b121ea9c6601bbf2a

SHA1
efc08370d90c8173df8d8c4b122d2bb64c07ccd8

SHA256
7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

SHA512
9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS47938996\Assets\loader.png

Filesize
279B

MD5
03903fd42ed2ee3cb014f0f3b410bcb4

SHA1
762a95240607fe8a304867a46bc2d677f494f5c2

SHA256
076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1

SHA512
8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS47938996\Assets\minimize_progress.png

Filesize
212B

MD5
1504b80f2a6f2d3fefc305da54a2a6c2

SHA1
432a9d89ebc2f693836d3c2f0743ea5d2077848d

SHA256
2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

SHA512
675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS47938996\BlueStacksInstaller.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS47938996\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS47938996\JSON.dll

Filesize
411KB

MD5
f5fd966e29f5c359f78cb61a571d1be4

SHA1
a55e7ed593b4bc7a77586da0f1223cfd9d51a233

SHA256
d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

SHA512
d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS47938996\Locales\i18n.en-US.txt

Filesize
20KB

MD5
a1e3293265a273080e68501ffdb9c2fc

SHA1
add264c4a560ce5803ca7b19263f8cd3ed6f68f0

SHA256
1cb847f640d0b2b363ce3c44872c4227656e8d2f1b4a5217603a62d802f0581f

SHA512
cb61083dc4d7d86f855a4cc3fe7c4938232a55188ad08b028a12445675fbff6188bb40638bd1ce4e6077f5bfc94449c145118c8f9b8929d4e9c47ed74cf7bece

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS47938996\ThemeFile

Filesize
80KB

MD5
c3e6bab4f92ee40b9453821136878993

SHA1
94493a6b3dfb3135e5775b7d3be227659856fbc4

SHA256
de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6

SHA512
a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD7CB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD7DD.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\7zS47938996\BlueStacksInstaller.exe

Filesize
627KB

MD5
90f0e1ff5d78ab353e727d5b2b5d7bf7

SHA1
93115af687d0e81b280194e4bb905973f8faa0fc

SHA256
9db932a1accfa976adda89c81a446036fbd25a8bbde61a8d5b15119d5f3dbd2c

SHA512
72fbc9095966b133e078c8fe3b7bb4f26b3ecfa78863ba5db2d804fca0d8bfb059e722343b633b77a96a3873a062dae6a6faa1789528aafe6369c2b2acf1fe37

Download Submit
memory/2292-127-0x000007FEF5C93000-0x000007FEF5C94000-memory.dmp

Filesize
4KB

Download
memory/2292-129-0x00000000002D0000-0x0000000000370000-memory.dmp

Filesize
640KB

Download
memory/2292-190-0x00000000002C0000-0x00000000002CA000-memory.dmp

Filesize
40KB

Download
memory/2292-131-0x0000000000370000-0x00000000003D8000-memory.dmp

Filesize
416KB

Download
memory/2292-132-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download
memory/2292-189-0x00000000002C0000-0x00000000002CA000-memory.dmp

Filesize
40KB

Download
memory/2292-827-0x000007FEF5C93000-0x000007FEF5C94000-memory.dmp

Filesize
4KB

Download
memory/2292-828-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download
memory/2292-829-0x00000000002C0000-0x00000000002CA000-memory.dmp

Filesize
40KB

Download