Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

MSI APP Player.exe

windows11-21h2-x64

6

Analysis

  • max time kernel
    95s
  • max time network
    98s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    05/10/2024, 01:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MSI APP Player.exe

  • Size

    1.1MB

  • MD5

    98341684249edae864b1ed61c1b0fd7c

  • SHA1

    788c46a8814f5f39e56aa408711179bab5be398f

  • SHA256

    ab28a0f279d19c9c0c507a677b74616971f3e443277f0709bb619feffe40daf7

  • SHA512

    1c7695754dfa5ebe0a06023ba4795571e68cd02ffa30c2648633aec468dc4aacef59b281e10fe86401d0eeca4d36f64a3e32cdb697afa6e780c6ddb8eb588f58

  • SSDEEP

    24576:HivtCX8jrlikZ3NzhXV0Oy5zCsP2/KzFazfA4hUlIiKPQk/sy:CtCX8nl9XxV07zCukz4BwUy

Score
6/10
discoveryevasionpersistenceprivilege_escalationspywarestealer

Malware Config

Signatures

  • Downloads MZ/PE file
  • Modifies Windows Firewall 2 TTPs 4 IoCs
    evasion
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Executes dropped EXE 9 IoCs
  • Loads dropped DLL 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 12 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 17 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
    evasionspywaretrojan
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MSI APP Player.exe
    "C:\Users\Admin\AppData\Local\Temp\MSI APP Player.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:660
    • C:\Users\Admin\AppData\Local\Temp\7zS49227F77\BlueStacksInstaller.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS49227F77\BlueStacksInstaller.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: RenamesItself
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4504
      • C:\Users\Admin\AppData\Local\Temp\7zS49227F77\HD-CheckCpu.exe
        "C:\Users\Admin\AppData\Local\Temp\7zS49227F77\HD-CheckCpu.exe" --cmd checkHypervEnabled
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4172
      • C:\Users\Admin\AppData\Local\Temp\7zS49227F77\HD-CheckCpu.exe
        "C:\Users\Admin\AppData\Local\Temp\7zS49227F77\HD-CheckCpu.exe" --cmd checkSSE4
        3⤵
        • Executes dropped EXE
        PID:1044
      • C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.12.120.6303_msi5.exe
        "C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.12.120.6303_msi5.exe" -s
        3⤵
        • Drops file in Program Files directory
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4360
        • C:\Windows\SysWOW64\WScript.exe
          "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\BlueStacks X_msi5\green.vbs"
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:5112
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\System32\cmd.exe" /c green.bat
            5⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2300
            • C:\Windows\SysWOW64\netsh.exe
              netsh advfirewall firewall delete rule name="BlueStacksWeb"
              6⤵
              • Modifies Windows Firewall
              • Event Triggered Execution: Netsh Helper DLL
              • System Location Discovery: System Language Discovery
              PID:2612
            • C:\Windows\SysWOW64\netsh.exe
              netsh advfirewall firewall delete rule name="Cloud Game"
              6⤵
              • Modifies Windows Firewall
              • Event Triggered Execution: Netsh Helper DLL
              • System Location Discovery: System Language Discovery
              PID:4772
            • C:\Windows\SysWOW64\netsh.exe
              netsh advfirewall firewall add rule name="BlueStacksWeb" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X_msi5\BlueStacksWeb.exe"
              6⤵
              • Modifies Windows Firewall
              • Event Triggered Execution: Netsh Helper DLL
              • System Location Discovery: System Language Discovery
              PID:3140
            • C:\Windows\SysWOW64\netsh.exe
              netsh advfirewall firewall add rule name="Cloud Game" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X_msi5\Cloud Game.exe"
              6⤵
              • Modifies Windows Firewall
              • Event Triggered Execution: Netsh Helper DLL
              • System Location Discovery: System Language Discovery
              PID:276
      • C:\Users\Admin\AppData\Local\BlueStacksSetup\MSI APP Player.exe
        "C:\Users\Admin\AppData\Local\BlueStacksSetup\MSI APP Player.exe" -versionMachineID=2f3fd398-05bb-45d9-890f-c2ab0f8cb88c -machineID=a6a4181a-f2be-4474-ba3f-9c4d395bae3e -pddir="C:\ProgramData\BlueStacks_msi5" -defaultImageName=Nougat32 -imageToLaunch=Nougat32 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.0.30.6340 -country=GB -skipBinaryShortcuts
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:8216
        • C:\Users\Admin\AppData\Local\Temp\7zS81004FD8\BlueStacksInstaller.exe
          "C:\Users\Admin\AppData\Local\Temp\7zS81004FD8\BlueStacksInstaller.exe" -versionMachineID=2f3fd398-05bb-45d9-890f-c2ab0f8cb88c -machineID=a6a4181a-f2be-4474-ba3f-9c4d395bae3e -pddir="C:\ProgramData\BlueStacks_msi5" -defaultImageName=Nougat32 -imageToLaunch=Nougat32 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.0.30.6340 -country=GB -skipBinaryShortcuts
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:9184
          • C:\Users\Admin\AppData\Local\Temp\7zS81004FD8\HD-CheckCpu.exe
            "C:\Users\Admin\AppData\Local\Temp\7zS81004FD8\HD-CheckCpu.exe" --cmd checkHypervEnabled
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:5448
      • C:\Program Files (x86)\BlueStacks X_msi5\MSI App Player.exe
        "C:\Program Files (x86)\BlueStacks X_msi5\MSI App Player.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Checks processor information in registry
        • Modifies registry class
        • Modifies system certificate store
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1964
        • C:\Program Files (x86)\BlueStacks X_msi5\BlueStacksWeb.exe
          BlueStacksWeb.exe --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=3700 /prefetch:1
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          PID:6348
        • C:\Program Files (x86)\BlueStacks X_msi5\BlueStacksWeb.exe
          BlueStacksWeb.exe --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3776 /prefetch:1
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          PID:6200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\BlueStacks X_msi5\MSI App Player.exe
    Filesize

    473KB

    MD5

    02645676b1a9762d796be495f5c91e91

    SHA1

    e4c8d748ecceab30a77c929ec7a5c3df4f4eacf4

    SHA256

    b260fe85b6793142572efa6827b6ae0312ffc6b79f1de2cb03e4b88a9a9bbbd3

    SHA512

    1b50c1399cd0a37983ebfcbf0e538e2eb481da15dcc3a7d93b201c78915489e539d6eed17c95b366af97a042f90a3350726b585e07b5e4901e20facca25d7ba0

    Download Submit

  • C:\Program Files (x86)\BlueStacks X_msi5\image\LocalAPK\close_disabled.svg
    Filesize

    569B

    MD5

    e7fdf6a9c8cae1fc1108dc5a803a1905

    SHA1

    2853f9ff5e63685ebb1449dcf693176b17e4ab60

    SHA256

    8ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e

    SHA512

    a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9

    Download Submit

  • C:\Program Files (x86)\BlueStacks X_msi5\image\LocalAPK\close_hover.svg
    Filesize

    653B

    MD5

    d3dd013e3dca616d3a6c08a6c1b3fd10

    SHA1

    1a7a729c4c24710847068e55541390137b29b7c3

    SHA256

    7b191722443d02f3716db38c73ba789fa9cb2adca7c9d2868f59d46eb3f54c52

    SHA512

    d12bc66bf17bf255dece58b5212b4076d1e0007e2d3fe887afbb2c779372be69d2a285df5a01872aa9c7f7a3128000abe489b775fdf1ced0bb744f0d9a83c3eb

    Download Submit

  • C:\Program Files (x86)\BlueStacks X_msi5\image\LocalAPK\close_normal.svg
    Filesize

    569B

    MD5

    3221ac69d7facd8aa90ffa15aea991b0

    SHA1

    e0571f30f4708ec78addc726a743679ca0f05e45

    SHA256

    92aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537

    SHA512

    5e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328

    Download Submit

  • C:\Program Files (x86)\BlueStacks X_msi5\image\LocalAPK\close_pressed.svg
    Filesize

    653B

    MD5

    02766d9659c7cdcf0c2b079065882df5

    SHA1

    db83f76c1aa3af76de79d5374f7f2442f84225f6

    SHA256

    cfa710391fdf13a97b5d5e202b535eb8367ceda61ed0589fd11f33a10408890d

    SHA512

    9c9040a44d7ad5fcdbee78d4d38007fb61d0954ee94e1f246bbfe0a9f79970cbd29335e3cd4e1a4f9212c83991eadad0bc4f8d5e74c700978f80f553329c726c

    Download Submit

  • C:\Users\Admin\AppData\Local\MSI App Player\Log\2024-10-05 02-00-32.txt
    Filesize

    3KB

    MD5

    d3132a0af18f61d3caddd9500c09365c

    SHA1

    fe6ffe81125bc9cc77224e495bde80493f740141

    SHA256

    fb45b68d054668e91b214c94cf1e062d87c9bf6cc3d8c04fba161848cb9e4c52

    SHA512

    ce685bc9830eea4149650aac587a1000a28880c52b00780aedf7f5b4238d963c816114c454dba40dd2d04cbf458c6d6e0451e810409d875b484b60b75d728445

    Download Submit

  • C:\Users\Admin\AppData\Local\MSI App Player\Log\2024-10-05 02-00-32.txt
    Filesize

    4KB

    MD5

    581390dd5b38f5b197e7ff5655744ba0

    SHA1

    426df0fb3ba36f5d6860f322b834fbae6b7aac64

    SHA256

    080b70fbe56990912cb06b3ea99ccc9d0bf632b76427e81277b2aca15b696e5c

    SHA512

    d232a000b28083b19014afe7506a6e3323d1769f86e9983b66ec8527a455ba2703387eb07fd0cf00562a3c9dcee57eaae0ecdd6cd66a8c56586f8a29b8fc3441

    Download Submit

  • C:\Users\Admin\AppData\Local\MSI App Player\QtWebEngine\Default\Local Storage\leveldb\CURRENT
    Filesize

    16B

    MD5

    46295cac801e5d4857d09837238a6394

    SHA1

    44e0fa1b517dbf802b18faf0785eeea6ac51594b

    SHA256

    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

    SHA512

    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

    Download Submit

  • C:\Users\Admin\AppData\Local\MSI App Player\cache\QtWebEngine\Default\Cache\f_00001f
    Filesize

    244KB

    MD5

    229f8aea79d2e549cc2daccbb6404e65

    SHA1

    3c0f1f826b032dd4a902968a4cb29cb68f3c41bf

    SHA256

    2c95c387a1f60ad967b066610648051d4b337920adf342e480fb20a4aaa9ac2f

    SHA512

    b2b14a6ef95b2a64f3d9d5839287d28b7e95afa78f7ab74be97e43b9ae3caa2aef69fab037c47c56ba62beb263ed3abe9896d51fef231e540aa771c941bae077

    Download Submit

  • C:\Users\Admin\AppData\Local\MSI App Player\cache\pcGames\com.bluepoch.m.en.reverse1999
    Filesize

    164KB

    MD5

    58c2792457abbd7cb5eb8eeff69bb457

    SHA1

    72f44d46fa129ec82c238cf6ce6e9d0a6ad27c45

    SHA256

    0d226b76bc35cc209faaec4fa28e83be3db9cc3a7f45d1bd1dbd018526423924

    SHA512

    2c680d9aec47f414912ee60f1b0305f67df1e7181a62a0240c3db36cc16aec78fa5d4d340cb8038167c9c8de46ddc5bc61d17404f894c352689d11ecf75ee540

    Download Submit

  • C:\Users\Admin\AppData\Local\MSI App Player\cache\pcGames\com.fmjwyen.id24
    Filesize

    57KB

    MD5

    bbc4187abbb2f9a9ae9900c932a5765c

    SHA1

    89a3cb9f9c8a0c45405e63b3732c43ba9c144e22

    SHA256

    57e1bdb4cb31bd97a6766042daef89d87ff179f625d0dea038c96351b24b9949

    SHA512

    6860f1f7e776dd8368b5dc6c38485b390b5ceaec4a17c41a4661821f7287a21cd32a8d159c3f0f287c723b83adca5ff930c816d2402e66ddaf2fe52ed59f8e42

    Download Submit

  • C:\Users\Admin\AppData\Local\MSI App Player\cache\pcGames\com.goatgames.dhs.gb.gp
    Filesize

    81KB

    MD5

    c6a432755115cd10432bf3a5cd1c09f4

    SHA1

    46c9e67a41a72c15db9f280adc0c989cfef93bd4

    SHA256

    a667b801f675c0187d64938b48c193172d2ef233b0be3c2239392773a3966f43

    SHA512

    14095a538662176584ad7b65895327c31d68209dd419e4e3701b9bffbc97eb2005e239efe47d7b64663771c228f7948d64e58440a2fbce4ea641f6a4d4872884

    Download Submit

  • C:\Users\Admin\AppData\Local\MSI App Player\cache\pcGames\com.igg.android.vikingriseglobal
    Filesize

    389KB

    MD5

    44e793965fc21f4d7a2df10b87a1523e

    SHA1

    6c53e1c21a9ce5a039d1346117b5633e0efc3938

    SHA256

    7de1d80122686b079332c36890f3a0f74a3bd675969936452f137c8b51d06090

    SHA512

    85ab41d8d53ce0f7364fa698d7c55749f9f69cf0af86905e4ead01b1a465c738dfcb2a08b8a546d61a6962daacd275800b78d7d62f031c16e32274e44073968b

    Download Submit

  • C:\Users\Admin\AppData\Local\MSI App Player\cache\pcGames\com.jfgame.doomsday.nowgg
    Filesize

    69KB

    MD5

    d7423ad5e5fcc0d5c21df952ae65001e

    SHA1

    4e3d75f62345eebba74a60b10aee0a6ec8fc7db8

    SHA256

    14c6ce9596d8532cece793dc91a474eeeb9213e261934a26b5fecb5c97cb4dab

    SHA512

    c0fc94b340d64570cc408aac1d9654b782fafac01768f7277ba5d8ccb69df9d6f5e718b0586de7844a943a4c1b69894376fcd4be246801eea09a8e4223a3654f

    Download Submit

  • C:\Users\Admin\AppData\Local\MSI App Player\cache\pcGames\com.plarium.raidlegends
    Filesize

    51KB

    MD5

    46c679a3023496f18b0cd0c78f6cfe2f

    SHA1

    ae97a79f92f44c54983bfdfeb1c5db725468302d

    SHA256

    cf3cdb9dddfc1bc5c534a7cf4822f21456421a5e000b4eea6d7d44ed8c09a167

    SHA512

    e0f9c90d06b5e880ce27d3abaedf3d206556ae43bfea36b56f8d018066da81730b8648578dc9d56264672197665b8de848dbe69c15faaa5b097abe126182d31e

    Download Submit

  • C:\Users\Admin\AppData\Local\MSI App Player\cache\pcGames\com.ripostegames.shopr
    Filesize

    201KB

    MD5

    762d651b3659b78aaadd643672f395b4

    SHA1

    475f84a6cb0eda14d196ffae0b05ff224aa25ca1

    SHA256

    b15960fc83e52326bab2318e7d9966a7e2bb749f909a20ec8c79de9e67136588

    SHA512

    a3d62d4841571c5d0a89dc9ca17f3080be8a86e83aa059ba7e2c9e3dd57e7b65ea940f3713fb00f82207914a6a390d138c600a7c8f3cb7c3b1066dee297285df

    Download Submit

  • C:\Users\Admin\AppData\Local\MSI App Player\cache\pcGames\com.skyvu.trumprun.nowgg
    Filesize

    65KB

    MD5

    ff8ea563b62ed7f75ce2111cbb99ba21

    SHA1

    40b3d1d58be6c4541e09dcc06eab478b655ccf7e

    SHA256

    2532e1afec6209476b87e3c5efc66d83c020a0491cd3c76fb7df9383017e5a11

    SHA512

    f62b26c420cd3a3d60cf361d7313d3742ffb6906cfbd856c8f7d55cd22469be6fce7ae85760acf4696d82e40e01771a95ea48dfbe449318707549e6cae821eb2

    Download Submit

  • C:\Users\Admin\AppData\Local\MSI App Player\cache\pcGames\com.xxx.rpg.en.an
    Filesize

    118KB

    MD5

    8eab831074a5c3ba808096aa08365c15

    SHA1

    137b86a463f39db6b45bace79ff3187998c0e247

    SHA256

    175aa9c83bf429db91313711fd74b20f0e143486f8e1ec4754b4a04b83d8b850

    SHA512

    e95535132dff4a6ba658932f22024579ad548696491696abd9c6de95752dc1bbafa13ef4cc9e67b6082e9806f201bae7dc5edc2592c7c783aac9a659ce2515e9

    Download Submit

  • C:\Users\Admin\AppData\Local\MSI App Player\cache\pcGames\net.wooga.junes_journey_hidden_object_mystery_game
    Filesize

    62KB

    MD5

    e4f93f980309a23162ce2a9e08d46ba8

    SHA1

    2b564a0b038a5151762bee0cf617b75912036b97

    SHA256

    4c9c9a4a39686db7d4e510429ef2f500596fb2f5658adb14992b8e219ee26a2a

    SHA512

    7996266438c55d19060d407758200af7540fb88d674fad7f65523d7de353b01bd66002f3c161abd0e53f188bf81ed470516f98bf4e72213b2bf704bf9152c61a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS49227F77\Assets\backicon.png
    Filesize

    778B

    MD5

    bb32b6c0cb2fd3b9329f0813e1b4239d

    SHA1

    241b75e5e21aa3e7a6aae5066de65d65db49651f

    SHA256

    77533707194f691af85e6c990d852b949c09018378c8f9d87763b54b1c118f67

    SHA512

    e3aa89c3ba19f4d0a26fc6f3fd725c5201f3609b7e3f91bd8fa1fe95aa8cfdac5d684893ccac3e81b290ad241c048264d12bb1c6aa4b9646e604879b54bb9d33

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS49227F77\Assets\checked_gray.png
    Filesize

    659B

    MD5

    f5273eda49f641257ccb5fc5235cee80

    SHA1

    ac2f52d7a0b34facc5cebf4745fb72e15c0e5c8d

    SHA256

    fc88b72393b58799ad747a988b76c1b9d8ce3dbaedfd0463e74d6a33be0878b6

    SHA512

    95457d926dbb7dbcd7c5b30fe6ec45634ab7c0f3dbd5820c8956d21d33a0f5feddc36e0d52d40abbb8b0ba07c005e4594dd56dab1cb278ee3104ec14d8ca921f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS49227F77\Assets\close_red.png
    Filesize

    1KB

    MD5

    3759fdf92c29556e5740a6282507e1f9

    SHA1

    23960cb0edd610083edd8f817c03add5e883453d

    SHA256

    8cd75e91be69cf7cc6e6979c14b394a11fe683be7b62d5163da1073bb568b7d9

    SHA512

    d0773ead77552514a2cd7fd7e55abe730579b4fab24981eb976ac43a821fc5a06ae02626e48dff83a58acb37db23d5527444faf5d4b7cb2fc78df33b065b80d3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS49227F77\Assets\custom.png
    Filesize

    580B

    MD5

    07c7f00c7498d32e8045c1a0eda0727d

    SHA1

    bebf52df35cf5a95dd6ff5da778b83c5eafeb052

    SHA256

    8eaab641d186f93f50d2d2bbae6ac5b3c937ca30665bf916321a35c83253eca3

    SHA512

    142752b1ab40a23f654293a15e075321020322fc0f19efdab93e69716cc0ff5dc2148a83f7db149b7dcd8c30b7f542c0f89ac52bd50470e756b07b00ec78f5b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS49227F77\Assets\installer_bg.jpg
    Filesize

    353KB

    MD5

    49875ca1499a58b4ca9abda4d34adea5

    SHA1

    091155113dd5cf955211fd7a932ecba32f8bf136

    SHA256

    15bde105d61a562560d354614e0254dc4259000d8f610b32be8a965bf26829ca

    SHA512

    08cf0ce98b4c31f5879789f9458f14526fa3483096efd5feeca0f9b477456d80eb542a1e2f5823593e6d7d4d9d106bae0a7a7f096bacb638ee6fcfc67e13623a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS49227F77\Assets\installer_logo.png
    Filesize

    19KB

    MD5

    7ad11e07d8f30571debb2a69f77833c2

    SHA1

    6351d8968889c6a636abafa2a989b788fd477822

    SHA256

    fe59d96de7342bcbfea62564e92d8e27530fc52c16399399be5f1d6c45340246

    SHA512

    7bc37d326a0d0fcf80231b2e69f3491f7ea8a714fa70b91d5606f9a03054b2c9113b4caf5bb5c980f53c5c73a769a11d1634660cd7c1e1e213124d6b55b2fbc6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS49227F77\Assets\installer_minimize.png
    Filesize

    157B

    MD5

    857bcef475b0d4c1d669bf47a143e85e

    SHA1

    072746be2f79c9571ec9b7e3b702a8cdef5a2b66

    SHA256

    8e6e37b79756bfebb943d51d3571926fe4992748c4a673bbb6d78b22e87bc7f6

    SHA512

    b7e236edefe3f4aceefd912f2b6cfcecee034125ff082d3bac5fdf6db57c89dc2dfb4a96897529aed8834a423529680cc0ba1c94d497eb8d9c4f450ff70cf79c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS49227F77\Assets\loader.png
    Filesize

    279B

    MD5

    03903fd42ed2ee3cb014f0f3b410bcb4

    SHA1

    762a95240607fe8a304867a46bc2d677f494f5c2

    SHA256

    076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1

    SHA512

    8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS49227F77\Assets\setpath.png
    Filesize

    355B

    MD5

    f4c65de79fb292fd6104eb1a160ca09b

    SHA1

    52173df03e93433d88b50ebcd7d3bdbc32bd4165

    SHA256

    9ea14db4e8d39be52c9b55a39119d5f95dc331a0559d38de44fd8e72e8677718

    SHA512

    db4bca2ed5582efe9ca27ec67bff59ed2a66c471dc4e4247818e3b79838b57a00cd69d92b709c3a7e0628d7c9e9508335aff877279d30741de18226f0626dced

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS49227F77\Assets\unchecked_gray.png
    Filesize

    321B

    MD5

    8b3031b63549708b7ef422da8dfc42a5

    SHA1

    46407a76af6ac9887a15bd682533922c4b2d09da

    SHA256

    8355a9b447991ed53c3e1c768f397b622f9535faadb26913e4f2298cc3621c5c

    SHA512

    97b2fe161483b90abafc0bff3e4839f357aa3c0765b1d5d54e5210fcd9d543480eb4ff3671f2706def344ccc83548fe8d064b9ba1bb15abae9e718b87b91298d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS49227F77\BlueStacksInstaller.exe
    Filesize

    599KB

    MD5

    bb2236d5046a01067d4be45e5a188900

    SHA1

    da71f9f9b3d6b5eb3bc63a43bb21d6ca6aa94846

    SHA256

    b1c4692a370d1871a77d4308d2c65f5507168caf0508e14d9b12bea218f4ba84

    SHA512

    7cf34504b82248275049e272e1afaa5f47d3981f656d7cb9e4791f63823b2dceeadee9f51ada834e7f41467195b93fbc05747067e9786b921787c8fb5c621b90

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS49227F77\BlueStacksInstaller.exe.config
    Filesize

    324B

    MD5

    1b456d88546e29f4f007cd0bf1025703

    SHA1

    e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

    SHA256

    d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

    SHA512

    c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS49227F77\HD-CheckCpu.exe
    Filesize

    200KB

    MD5

    81234fd9895897b8d1f5e6772a1b38d0

    SHA1

    80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

    SHA256

    2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

    SHA512

    4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS49227F77\JSON.dll
    Filesize

    411KB

    MD5

    f5fd966e29f5c359f78cb61a571d1be4

    SHA1

    a55e7ed593b4bc7a77586da0f1223cfd9d51a233

    SHA256

    d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

    SHA512

    d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS49227F77\Locales\i18n.en-US.txt
    Filesize

    18KB

    MD5

    2e67781c074a702af42f2c2259a9e94d

    SHA1

    c40ec186835abd9e8cd1976b0005e57e17c672f2

    SHA256

    858f09be7e462198c0e77b2b84de544158789f53eff200be78eab70a6acadd1a

    SHA512

    4adbf7cb6f1621ed1d3904beaad55eb5229475c9007c7ba41720d9dcc9b3f63c849b9a5cd9aaf86c5a063693b80c1b39fdf41eb2b026f35cd15a5d92d5ce843a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS49227F77\ThemeFile
    Filesize

    79KB

    MD5

    51e4b1a661b3e96697b54899cb2317de

    SHA1

    1cacf6e055023cd2cd7100e2537a6d2dee7d9a84

    SHA256

    87bbd881c9603d6032564b787a85a1c040fc1a2c216f25a1b0b62e26fedcdf69

    SHA512

    55dbe855478a32ba78f15b0611847f609279fe262a7940c024a09378d58e1b84397038847aad03cd113ab5d1e4026fb323fb07d3024e0470f40eefa18949e7d3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS81004FD8\Assets\exit_close.png
    Filesize

    670B

    MD5

    26eb04b9e0105a7b121ea9c6601bbf2a

    SHA1

    efc08370d90c8173df8d8c4b122d2bb64c07ccd8

    SHA256

    7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

    SHA512

    9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS81004FD8\Assets\minimize_progress.png
    Filesize

    212B

    MD5

    1504b80f2a6f2d3fefc305da54a2a6c2

    SHA1

    432a9d89ebc2f693836d3c2f0743ea5d2077848d

    SHA256

    2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

    SHA512

    675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nszDCE4.tmp\BgWorker.dll
    Filesize

    11KB

    MD5

    4908fd4ede7b20e3bddb898a4b1dfe87

    SHA1

    9eb6b8adea38282ea5e113d86179b15d71f270d7

    SHA256

    b7997801ed63a13e23b0f93f1efd36e8b1d0259a3da7f1932c90a869c2295d58

    SHA512

    478f868c5f72dc54ce31f89eaec6539d0c149bc272ad300d83b61296589ad847001e5c31cf0d5c3f831bfbba3bca3e8469e0c84edf1ef625ef0486ebf6a69c43

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nszDCE4.tmp\System.dll
    Filesize

    19KB

    MD5

    55b1f5fb63896e30d78a14aa4aa3b8df

    SHA1

    e881520cb5c147ab50705529783fe93720d05acc

    SHA256

    7d31195d18d166c76d3ad56044d73ab76c5bd19e92be10c46648c58b776396fa

    SHA512

    239b385f90796a6eb848262d0fd5faeb8cf8bc157e5efecc101d3dca21eb02faabdec835758945d52adc5f410a12c2939c0b926e007c83a250f70d6cd0fc8220

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nszDCE4.tmp\nsDialogs.dll
    Filesize

    18KB

    MD5

    a687ad6a55a325cf425fc3d0119a018c

    SHA1

    40d32e19ca4943a22f92203d70467911c9a286f3

    SHA256

    9933f4a2f589b874e782eee6fd0518529bdcb9baf2bc72eb6166ff664fdfcb8f

    SHA512

    99b5a9a7762b325b4f8ae355eafbc65b68b73db686fee285f26285fbabcff5caeed77d7ea867133e5160f714f0329e0555faf85ae36a17a874eab175e3630020

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nszDCE4.tmp\nsDui.dll
    Filesize

    2.5MB

    MD5

    ba8314d202dd3ae7db3b3392d4ec8fe7

    SHA1

    65c0499d8c87ab33279413ca83a5231fb4f7f265

    SHA256

    60546e5917de51b290c1b45acaf33f50bdf9aef8bbd3aabfe28975028fc4d7fc

    SHA512

    11ce3b764674b9847866ba760f07137613634395799c0a613da3362f03e514c07318a2ed088daf91a01753a53ce293479e7fcb336a9681d9add349f5e46778f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nszDCE4.tmp\nsis7z.dll
    Filesize

    432KB

    MD5

    509715e6a06460142f777ac80652f50b

    SHA1

    52ffc1f903015467dc28d7707e6e6f558526e20a

    SHA256

    56cb147d8ada5d266f1e0f7e8745b00cd4756d426ab043bb66a045f98898032f

    SHA512

    afc620f0a007e8055426e971e16d498a030ef8cc7e34f4218b6baed0e204a6da5719751d504033b51f03f803e54f6675d61e1d53996903a73e1f52b4f09f4d0e

    Download Submit

  • memory/660-10219-0x0000000000400000-0x0000000000450000-memory.dmp

    Filesize

    320KB

    Download

  • memory/660-10108-0x0000000000400000-0x0000000000450000-memory.dmp

    Filesize

    320KB

    Download

  • memory/4504-133-0x000000001BFB0000-0x000000001BFE8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/4504-10177-0x00007FFE8B1B0000-0x00007FFE8BC72000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4504-148-0x00007FFE8B1B0000-0x00007FFE8BC72000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4504-147-0x00007FFE8B1B0000-0x00007FFE8BC72000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4504-146-0x00007FFE8B1B3000-0x00007FFE8B1B5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4504-144-0x000000001FA00000-0x000000001FA08000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4504-134-0x000000001BF80000-0x000000001BF8E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4504-130-0x00007FFE8B1B0000-0x00007FFE8BC72000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4504-127-0x000000001C9E0000-0x000000001CF08000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/4504-126-0x00007FFE8B1B0000-0x00007FFE8BC72000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4504-119-0x00007FFE8B1B0000-0x00007FFE8BC72000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4504-118-0x000000001B650000-0x000000001B6B8000-memory.dmp

    Filesize

    416KB

    Download

  • memory/4504-116-0x0000000000670000-0x000000000070A000-memory.dmp

    Filesize

    616KB

    Download

  • memory/4504-114-0x00007FFE8B1B3000-0x00007FFE8B1B5000-memory.dmp

    Filesize

    8KB

    Download