Analysis Overview
SHA256
a56fd8aa5ffdaddaf58e4fbe8cbb2359fd11f2a93f34d9d0df610baf96972207
Threat Level: Shows suspicious behavior
The file BlueStacksInstaller_5.21.600.1019_native_37af3e2585987908aa6f7b6cf80f61e7_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Downloads MZ/PE file
Modifies Windows Firewall
Adds Run key to start application
Checks computer location settings
Drops file in System32 directory
Enumerates processes with tasklist
Checks installed software on the system
Drops file in Program Files directory
Loads dropped DLL
Executes dropped EXE
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious behavior: RenamesItself
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious use of WriteProcessMemory
Modifies system certificate store
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 19:13
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 19:13
Reported
2024-11-09 19:16
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden" | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.21.600.1019_native_37af3e2585987908aa6f7b6cf80f61e7_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_5.21.600.1019_native_37af3e2585987908aa6f7b6cf80f61e7_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\BlueStacksInstaller.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\storage.json | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
| File opened for modification | C:\Windows\system32\storage.json | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\radioButton | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\language\de.qm | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\plugins\access\libaccess_imem_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libequalizer_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\plugins\codec\libfluidsynth_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\api-ms-win-core-processthreads-l1-1-1.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\CloudGame\TitlebarRefresh.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\email.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\HvDialog_Tips.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\Search\Promotes_Title.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\CloudGame_hover.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\Marketplace.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\api-ms-win-core-file-l1-2-0.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\api-ms-win-crt-convert-l1-1-0.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\plugins\video_chroma\libyuy2_i422_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\fa.pak | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\fr.pak | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\sw.pak | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\api-ms-win-crt-heap-l1-1-0.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\plugins\aws\aws-cpp-sdk-s3.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\plugins\misc\libfingerprinter_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\plugins\mux\libmux_ps_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\Qt5QmlModels.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\ucrtbase.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\account\discord.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\MIM.ico | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\Tutorial\PremiumGames\Icon_title.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\language\ja.qm | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\plugins\codec\libschroedinger_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\xplugins\StrategyPlugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\account\Choose_img1.png | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\api-ms-win-crt-runtime-l1-1-0.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\plugins\services_discovery\libwindrive_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\CloudGame\TitlebarMinimize.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\language\en.qm | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\mediaservice\qtmedia_audioengine.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\plugins\audio_output\libafile_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\plugins\codec\libaraw_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\UIControl.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\position\qtposition_winrt.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\Gallery\close_normal.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\radioButton\selected_hover.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\CloudGame.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\kn.pak | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\api-ms-win-crt-filesystem-l1-1-0.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\api-ms-win-crt-multibyte-l1-1-0.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libsepia_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\account\icon_ photoicon_camera.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libfreeze_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\plugins\video_output\libcaca_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\iconengines | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\Gallery\next_disabled.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\nowgg_logo.png | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\resources\qtwebengine_devtools_resources.pak | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\libvlc.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\plugins\access\libhttp_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libugly_resampler_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\ko.pak | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\translations\qt_nl.qm | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\7z.exe | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\plugins\mux\libmux_dummy_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\config | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\imageformats\qjpeg.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\HD-CheckCpu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_5.21.600.1019_native_37af3e2585987908aa6f7b6cf80f61e7_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC2B3B979\HD-CheckCpu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.21.600.1019_native_37af3e2585987908aa6f7b6cf80f61e7_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\BlueStacksServicesSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\bstsrvs\shell\open | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\ = "URL:BlueStacksX Protocol Handler" | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\URL Protocol | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\ | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\bstsrvs\URL Protocol | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\bstsrvs | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\bstsrvs\ = "URL:bstsrvs" | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\bstsrvs\shell\open\command | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command\ = "\"C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe\" -open \"%1\"" | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\bstsrvs\shell | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon\ = "C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe,0" | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\ | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\BlueStacksInstaller.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_5.21.600.1019_native_37af3e2585987908aa6f7b6cf80f61e7_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe
"C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_5.21.600.1019_native_37af3e2585987908aa6f7b6cf80f61e7_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe"
C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\BlueStacksInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\BlueStacksInstaller.exe"
C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\HD-CheckCpu.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\HD-CheckCpu.exe" --cmd checkHypervEnabled
C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\HD-CheckCpu.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\HD-CheckCpu.exe" --cmd checkSSE4
C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe
"C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.600.1019_nxt.exe" -s
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\BlueStacks X\green.vbs"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c green.bat
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="BlueStacksWeb"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Cloud Game"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="BlueStacksWeb" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="Cloud Game" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\Cloud Game.exe"
C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.21.600.1019_native_37af3e2585987908aa6f7b6cf80f61e7_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe
"C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.21.600.1019_native_37af3e2585987908aa6f7b6cf80f61e7_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe" -versionMachineID=6b110b44-8474-4776-8873-6ac16999d922 -machineID=fe173be2-e75e-401d-b1fb-ded775d6e875 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Nougat32 -imageToLaunch=Nougat32 -isSSE4Available=1 -appToLaunch=bs5 -bsxVersion=10.41.600.1015 -country=GB -isWalletFeatureEnabled
C:\Users\Admin\AppData\Local\Temp\7zSC2B3B979\BlueStacksInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC2B3B979\BlueStacksInstaller.exe" -versionMachineID=6b110b44-8474-4776-8873-6ac16999d922 -machineID=fe173be2-e75e-401d-b1fb-ded775d6e875 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Nougat32 -imageToLaunch=Nougat32 -isSSE4Available=1 -appToLaunch=bs5 -bsxVersion=10.41.600.1015 -country=GB -isWalletFeatureEnabled
C:\Users\Admin\AppData\Local\Temp\7zSC2B3B979\HD-CheckCpu.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC2B3B979\HD-CheckCpu.exe" --cmd checkHypervEnabled
C:\ProgramData\BlueStacksServicesSetup.exe
"C:\ProgramData\BlueStacksServicesSetup.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq BlueStacksServices.exe" | find "BlueStacksServices.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq BlueStacksServices.exe"
C:\Windows\SysWOW64\find.exe
find "BlueStacksServices.exe"
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --hidden --initialLaunch
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1736,i,316497326302899999,948044775098825017,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\cscript.exe
cscript.exe
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1780 --field-trial-handle=1736,i,316497326302899999,948044775098825017,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\system32\cscript.exe
cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices
C:\Windows\system32\cscript.exe
cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices
C:\Windows\system32\cscript.exe
cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A
C:\Windows\system32\cscript.exe
cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A
C:\Windows\system32\cscript.exe
cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id=com.bluestacks.services --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2700 --field-trial-handle=1736,i,316497326302899999,948044775098825017,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\cscript.exe
cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
C:\Windows\system32\cscript.exe
cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
C:\Windows\system32\cscript.exe
cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\cscript.exe
cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt
C:\Windows\system32\cscript.exe
cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cscript.exe
cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
C:\Windows\system32\cscript.exe
cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt
C:\Windows\system32\cscript.exe
cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
C:\Windows\system32\cscript.exe
cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cloud.bluestacks.com | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.210.23.2.in-addr.arpa | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 8.8.8.8:53 | 181.86.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-bgp.bluestacks.com | udp |
| GB | 2.19.117.102:443 | cdn-bgp.bluestacks.com | tcp |
| US | 8.8.8.8:53 | 102.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ak-build.bluestacks.com | udp |
| GB | 2.19.117.88:443 | ak-build.bluestacks.com | tcp |
| US | 8.8.8.8:53 | 88.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| N/A | 127.0.0.1:59663 | tcp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| N/A | 127.0.0.1:59672 | tcp | |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:52546 | tcp | |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wallet.now.gg | udp |
| US | 34.96.124.47:443 | wallet.now.gg | tcp |
| US | 8.8.8.8:53 | 47.124.96.34.in-addr.arpa | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 8.8.8.8:53 | wallet.now.gg | udp |
| US | 8.8.8.8:53 | wallet.now.gg | udp |
| US | 34.96.124.47:443 | wallet.now.gg | tcp |
| US | 34.96.124.47:443 | wallet.now.gg | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fcmregistrations.googleapis.com | udp |
| GB | 142.250.180.10:443 | fcmregistrations.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| BE | 142.250.110.188:5228 | mtalk.google.com | tcp |
| US | 8.8.8.8:53 | 188.110.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 34.96.124.47:443 | wallet.now.gg | udp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\Assets\change_hover.png
| MD5 | 57092634754fc26e5515e3ed5ca7d461 |
| SHA1 | 3ae4d01db9d6bba535f5292298502193dfc02710 |
| SHA256 | 8e5847487da148ebb3ea029cc92165afd215cdc08f7122271e13eb37f94e6dc1 |
| SHA512 | 553baf9967847292c8e9249dc3b1d55069f51c79f4d1d3832a0036e79691f433a3ce8296a68c774b5797caf7000037637ce61b8365885d2a4eed3ff0730e5e2a |
C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\BlueStacksInstaller.exe
| MD5 | 0d021ad9fc86a22215cd014b088f307e |
| SHA1 | 531e18244b9a43798562c1297c09ccc0239adb61 |
| SHA256 | c14eb1c61d737e195ce06cb84ba2b05925dcf36ac35c1078f260e423b1ad3485 |
| SHA512 | e5d977d5a3f5a5888e054521168a9ac22712892d5aea225a6f545e9be885deef1983fbcd963927367b2d7439c18b2e6c71a6b143a924a41f5acabc76e0a6e993 |
C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\BlueStacksInstaller.exe.config
| MD5 | 1b456d88546e29f4f007cd0bf1025703 |
| SHA1 | e5c444fcfe5baf2ef71c1813afc3f2c1100cab86 |
| SHA256 | d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb |
| SHA512 | c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6 |
memory/2120-125-0x00007FF91CDF3000-0x00007FF91CDF5000-memory.dmp
memory/2120-126-0x0000000000360000-0x0000000000400000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\JSON.dll
| MD5 | f5fd966e29f5c359f78cb61a571d1be4 |
| SHA1 | a55e7ed593b4bc7a77586da0f1223cfd9d51a233 |
| SHA256 | d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156 |
| SHA512 | d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be |
memory/2120-128-0x000000001C6E0000-0x000000001C748000-memory.dmp
memory/2120-129-0x00007FF91CDF0000-0x00007FF91D8B1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\Locales\i18n.en-US.txt
| MD5 | a1e3293265a273080e68501ffdb9c2fc |
| SHA1 | add264c4a560ce5803ca7b19263f8cd3ed6f68f0 |
| SHA256 | 1cb847f640d0b2b363ce3c44872c4227656e8d2f1b4a5217603a62d802f0581f |
| SHA512 | cb61083dc4d7d86f855a4cc3fe7c4938232a55188ad08b028a12445675fbff6188bb40638bd1ce4e6077f5bfc94449c145118c8f9b8929d4e9c47ed74cf7bece |
C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\HD-CheckCpu.exe
| MD5 | 81234fd9895897b8d1f5e6772a1b38d0 |
| SHA1 | 80b2fec4a85ed90c4db2f09b63bd8f37038db0d3 |
| SHA256 | 2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c |
| SHA512 | 4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16 |
memory/2120-134-0x00007FF91CDF0000-0x00007FF91D8B1000-memory.dmp
memory/2120-136-0x00007FF91CDF0000-0x00007FF91D8B1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\Assets\loader.png
| MD5 | 03903fd42ed2ee3cb014f0f3b410bcb4 |
| SHA1 | 762a95240607fe8a304867a46bc2d677f494f5c2 |
| SHA256 | 076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1 |
| SHA512 | 8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857 |
memory/2120-138-0x000000001DE70000-0x000000001E398000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\ThemeFile
| MD5 | c3e6bab4f92ee40b9453821136878993 |
| SHA1 | 94493a6b3dfb3135e5775b7d3be227659856fbc4 |
| SHA256 | de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6 |
| SHA512 | a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895 |
memory/2120-140-0x000000001DDB0000-0x000000001DDE8000-memory.dmp
memory/2120-141-0x000000001DB40000-0x000000001DB4E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\Assets\installer_minimize.png
| MD5 | 38b539a1e4229738e5c196eedb4eb225 |
| SHA1 | f027b08dce77c47aaed75a28a2fce218ff8c936c |
| SHA256 | a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2 |
| SHA512 | 2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc |
C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\Assets\close_red.png
| MD5 | 93216b2f9d66d423b3e1311c0573332d |
| SHA1 | 5efaebec5f20f91f164f80d1e36f98c9ddaff805 |
| SHA256 | d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb |
| SHA512 | 922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32 |
C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\Assets\installer_logo.png
| MD5 | e33432b5d6dafb8b58f161cf38b8f177 |
| SHA1 | d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a |
| SHA256 | 9f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183 |
| SHA512 | 520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf |
C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\Assets\setpath.png
| MD5 | b2e7f40179744c74fded932e829cb12a |
| SHA1 | a0059ab8158a497d2cf583a292b13f87326ec3f0 |
| SHA256 | 5bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b |
| SHA512 | b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c |
C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\Assets\custom.png
| MD5 | 03b17f0b1c067826b0fcc6746cced2cb |
| SHA1 | e07e4434e10df4d6c81b55fceb6eca2281362477 |
| SHA256 | fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b |
| SHA512 | 67c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2 |
C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\Assets\backicon.png
| MD5 | 7ff5dc8270b5fa7ef6c4a1420bd67a7f |
| SHA1 | b224300372feaa97d882ca2552b227c0f2ef4e3e |
| SHA256 | fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1 |
| SHA512 | f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef |
memory/2120-150-0x0000000021740000-0x0000000021748000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4A3DDAA7\Assets\installer_bg.jpg
| MD5 | 3478e24ba1dd52c80a0ff0d43828b6b5 |
| SHA1 | b5b13bbf3fb645efb81d3562296599e76a2abac0 |
| SHA256 | 4c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904 |
| SHA512 | 5c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d |
memory/2120-154-0x00007FF91CDF3000-0x00007FF91CDF5000-memory.dmp
memory/2120-155-0x00007FF91CDF0000-0x00007FF91D8B1000-memory.dmp
memory/2120-156-0x00007FF91CDF0000-0x00007FF91D8B1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsv1EFE.tmp\nsDui.dll
| MD5 | 11b5dc4c5f5c61593479b90e588903e7 |
| SHA1 | 18af8549ace57f3d59afa251887a4dc8a4001bbb |
| SHA256 | 8580d6533654e42473fb6f4b5aedf1add6875ed3f84d1e44d7741fef38628aa0 |
| SHA512 | 65b96f113b727dd3f563dbb8fc182896540ab94cae166a145c752791d9f5cd358c8e98e694de5bb8bc6a077941421353bde711456d4ee9b2ba7dda543b04b8c6 |
C:\Users\Admin\AppData\Local\Temp\nsv1EFE.tmp\BgWorker.dll
| MD5 | 36c81676ada53ceb99e06693108d8cce |
| SHA1 | d31fa4aebd584238b3edc4768dd5414494610889 |
| SHA256 | a9e4f7ec65670d2ce375ffaf09b6d07f4cd531132ca002452287a4d540154a38 |
| SHA512 | 1300de7b3e1ac9e706e0aad0b70e3e2a21db8c860e05b314a52e63dd66b5dffdf6be1e38ab6ede13bfd3a64631cc909486bf4b1403e7d821e3b566edc514c63c |
C:\Users\Admin\AppData\Local\Temp\nsv1EFE.tmp\nsDialogs.dll
| MD5 | f7b92b78f1a00a872c8a38f40afa7d65 |
| SHA1 | 872522498f69ad49270190c74cf3af28862057f2 |
| SHA256 | 2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e |
| SHA512 | 3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79 |
C:\Users\Admin\AppData\Local\Temp\nsv1EFE.tmp\nsis7z.dll
| MD5 | 95f6f6ab9509bc366ab9215defe4251a |
| SHA1 | e3f4a6effd6ca5838cfe91a01967cb72edcc7b0b |
| SHA256 | a896a9ece055d334d431cd0f856113ab925d9ee86d2dee383c0bfbbef11a5b50 |
| SHA512 | a853f70d2ea7f384df99be067724bf3ca73c63f3c3573c112f5528fc86a96bd34509d934b038e2a81833f3abb3eedbc5894921291139100e01df6e35696c0ecc |
C:\Users\Admin\AppData\Local\Temp\nsv1EFE.tmp\System.dll
| MD5 | 959ea64598b9a3e494c00e8fa793be7e |
| SHA1 | 40f284a3b92c2f04b1038def79579d4b3d066ee0 |
| SHA256 | 03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b |
| SHA512 | 5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64 |
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_pressed.svg
| MD5 | dfddf8d0788988c3e48fcbfb2a76cd20 |
| SHA1 | 463bb61f0012289e860c32f1885a3a8f57467f2e |
| SHA256 | 9585f41eb6202e89f2087266fa31852d7f41ca8cc659b907c96753fe165f937d |
| SHA512 | e708c5114c60f7574589d6a56c9faedda26ee4a40f0eeb25f5e12eadcf790f24fdbf393fa0aa6ad449b5337d625b092d6f8822472fa8a6ce1339aca59c50c3ca |
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_normal.svg
| MD5 | 3221ac69d7facd8aa90ffa15aea991b0 |
| SHA1 | e0571f30f4708ec78addc726a743679ca0f05e45 |
| SHA256 | 92aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537 |
| SHA512 | 5e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328 |
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_hover.svg
| MD5 | 76166804e6ce35e8a0c92917b8abc071 |
| SHA1 | 8bd38726a11a9633ac937b9c6f205ce5d36348b0 |
| SHA256 | 1bca2e912184b8168ee8961de68d1d839f4f9827fde6f48ab100fb61e82eff90 |
| SHA512 | 93c4f1af7e9f89091a207ab308e05ddd4c92406c039f7465d3b8aca7e0cc7a6c922a22e1eee2f5c88db5e89016ef69294b2a0905d7d6a90fd32835bc11929005 |
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_disabled.svg
| MD5 | e7fdf6a9c8cae1fc1108dc5a803a1905 |
| SHA1 | 2853f9ff5e63685ebb1449dcf693176b17e4ab60 |
| SHA256 | 8ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e |
| SHA512 | a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9 |
C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe
| MD5 | 39ed2ccd44b675779a3c52d770959590 |
| SHA1 | edcec83de7a2c152ce07e444ddcd2382deca6e33 |
| SHA256 | 03d75c338a4ae5c94bba108783a41fff403a91bb08fbe6d9c82856b092e72f35 |
| SHA512 | 9fd7843c944a5e642a4136823664a7e981305baa7e6ca7d2646a8a8669aa62b41203e3e9babb4c789e80bccd888e6041cba13b047c9904d3a21d037221cd2cc8 |
C:\Users\Admin\AppData\Local\Temp\7zSC2B3B979\Assets\minimize_progress.png
| MD5 | 1504b80f2a6f2d3fefc305da54a2a6c2 |
| SHA1 | 432a9d89ebc2f693836d3c2f0743ea5d2077848d |
| SHA256 | 2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6 |
| SHA512 | 675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94 |
C:\Users\Admin\AppData\Local\Temp\7zSC2B3B979\Assets\exit_close.png
| MD5 | 26eb04b9e0105a7b121ea9c6601bbf2a |
| SHA1 | efc08370d90c8173df8d8c4b122d2bb64c07ccd8 |
| SHA256 | 7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157 |
| SHA512 | 9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68 |
memory/5028-9553-0x0000000000400000-0x000000000045D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nso33B9.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
memory/2120-9756-0x00007FF91CDF0000-0x00007FF91D8B1000-memory.dmp
memory/5028-9799-0x0000000000400000-0x000000000045D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nso33B9.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Temp\nso33B9.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nso33B9.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
C:\Users\Admin\AppData\Local\Temp\nso33B9.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nso33B9.tmp\Registry.dll
| MD5 | 2b7007ed0262ca02ef69d8990815cbeb |
| SHA1 | 2eabe4f755213666dbbbde024a5235ddde02b47f |
| SHA256 | 0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d |
| SHA512 | aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca |
memory/8608-10056-0x00007FF93A390000-0x00007FF93A391000-memory.dmp
memory/8608-10055-0x00007FF939B50000-0x00007FF939B51000-memory.dmp
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json
| MD5 | 51b8737d49c01c3041402fdda00aec3d |
| SHA1 | 8c1616efad46c8b95900533cbac5167476da8ba8 |
| SHA256 | 89f4cfb46bbd6b14c21e77d4608db9560f8a5853d2fecd63a8d9b7f58cb9c6bb |
| SHA512 | 305d03734bd5df29e6cd6ab23c7462e1e8bbaf3721dead0417012442923a28ef4349c33454ed0e94d30d6b80898d4ee7ad2bb46c516bc165d81b673431182b9e |
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json.tmp-11797328545a284e
| MD5 | eac1e45ec32239cb6daefd5b2c432a83 |
| SHA1 | 405efd5ad2fdc7334c912aeae2a3fbade79144ed |
| SHA256 | b44159321b7c4ce1abb7b1d9e46e969a7b64a48e37def4b05f0d9d502e208034 |
| SHA512 | 521b1666295d731f19f45acca185d444e8234961d6bb360e355f8b5bebd94e09b5a7059ea93af6cfbaf9930a771e86903fad86425497ef86adb565b6c6685ebf |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json
| MD5 | ec12bd498ab4d286db0ea55b9dae4ba2 |
| SHA1 | f3a228c7bc0fc7172352db1cc148ea97747e1320 |
| SHA256 | 532cd180359234cc0ff8b2f9c297683db647b8af1f2828fa7534c8d934d21734 |
| SHA512 | a839841da0d56cb7c5948c528ab46ba14d0d9bf57415230f81e105a6bd30707eb894f80201f1e7dba32a73372eb63bcb42bf1030712268bc231fe870490e88ca |
C:\Windows\System32\storage.json
| MD5 | 75d803935059785011954267bdb0814c |
| SHA1 | 2e7c964d7f6d9abae2aee4bcfc2c3a64f9fb4b38 |
| SHA256 | 1245552f1e44239aa0dfdc7aa0af24ac1e588d66abaee3ad10ddcb82a229f2ef |
| SHA512 | 6bd607670a9f1702c193f672802678e790bbf3fa385043c08f5eeea7ea7598ee20cc8660f36711e1ecce7c29090b505a938b5b4ab23d1bddad7d94f2c22f39e7 |
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json
| MD5 | 5deaa05a55e71b8482ec6623bf8d3a4f |
| SHA1 | df49273aa0428cbb998f5ee442b6360b7d9c4b97 |
| SHA256 | 4d933442260bd35d7e96c4c1a18409b586d55fb396b6b6acdb2af3751ce48774 |
| SHA512 | cb46fbe92a8f0b6611fc3ade7394bab8777c0e727ee7e7d69734325b77ec801f9fb555ac45493b1bb08ed0dd12b1c61d1c3b29f760d3e79a469694cbb1dad8c1 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 19:13
Reported
2024-11-09 19:16
Platform
win7-20240708-en
Max time kernel
141s
Max time network
144s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\BlueStacksInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\HD-CheckCpu.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksMicroInstaller5.21.301.1005_native_37af3e2585987908aa6f7b6cf80f61e7.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS428021E6\BlueStacksInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS428021E6\HD-CheckCpu.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksMicroInstaller5.21.301.1005_native_37af3e2585987908aa6f7b6cf80f61e7.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_5.21.600.1019_native_37af3e2585987908aa6f7b6cf80f61e7_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FEB3CAB1-9ECE-11EF-AC2A-E6BAD4272658} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\SystemCertificates\CA\Certificates\9E99A48A9960B14926BB7F3B02E22DA2B0AB7280 | C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\BlueStacksInstaller.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\SystemCertificates\CA\Certificates\9E99A48A9960B14926BB7F3B02E22DA2B0AB7280\Blob = 0300000001000000140000009e99a48a9960b14926bb7f3b02e22da2b0ab72801400000001000000140000009c5f00dfaa01d7302b3888a2b86d4a9cf2119183040000000100000010000000c6150925cfea5941ddc7ff2a0a5066920f00000001000000200000008408d5e5010ab8da67eb33a7d79ace944dd0ac103ae6ead3ff30dec571066b0319000000010000001000000014d4b19434670e6dc091d154abb20edc180000000100000010000000fd960962ac6938e0d4b0769aa1a64e26200000000100000079040000308204753082035da003020102020900a70e4a4c3482b77f300d06092a864886f70d01010b05003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3039303930323030303030305a170d3334303632383137333931365a308198310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313b303906035504031332537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100d50c3ac42af94ee2f5be19975f8e8853b11f3fcbcf9f20136d293ac80f7d3cf76b763863d93660a89b5e5c0080b22f597ff687f9254386e7691b529a90e171e3d82d0d4e6ff6c849d9b6f31a56ae2bb67414ebcffb26e31aba1d962e6a3b5894894756ff25a093705383da847414c3679e04683adf8e405a1d4a4ecf43913be756d60070cb52ee7b7dae3ae7bc31f945f6c260cf1359022b80cc3447dfb9de90656d02cf2c91a6a6e7de8518497c664ea33a6da9b5ee342eba0d03b833df47ebb16b8d25d99bce81d1454632967087de020e494385b66c73bb64ea6141acc9d454df872fc722b226cc9f5954689ffcbe2a2fc4551c75406017850255398b7f050203010001a381f03081ed300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604149c5f00dfaa01d7302b3888a2b86d4a9cf2119183301f0603551d23041830168014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7304f06082b0601050507010104433041301c06082b060105050730018610687474703a2f2f6f2e7373322e75732f302106082b060105050730028615687474703a2f2f782e7373322e75732f782e63657230260603551d1f041f301d301ba019a0178615687474703a2f2f732e7373322e75732f722e63726c30110603551d20040a300830060604551d2000300d06092a864886f70d01010b05000382010100231de38a57ca7de917794cf11e55fdcc536e3e470fdfc655f2b20436ed801f53c45d34286bbec755fc67eacb3f7f90b233cd1b58108202f8f82ff51360d405cef18108c1dda775974f18b96ddef7939108ba7e402cedc1eabb769e3306771d0d087f53dd1b64ab8227f169d54d5eaef4a1c375a758442df23c7098acba69b695777f0f315e2cfca0873a4769f0795ff41454a4955e1178126027ce9fc277ff2353775dbaffea59e7dbcfaf9296ef249a35107a9c91c60e7d99f63f19dff57254e115a907597b83bf522e468cb20064761c48d3d879e86e56ccae2c0390d7193899e4ca09195bff0796b0a87f3449df56a9f7b05fed33ed8c47b730035df4038c | C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\BlueStacksInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\BlueStacksInstaller.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\BlueStacksInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\BlueStacksInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 | C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\BlueStacksInstaller.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\BlueStacksInstaller.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\BlueStacksInstaller.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\BlueStacksInstaller.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\BlueStacksInstaller.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\BlueStacksInstaller.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7zS428021E6\BlueStacksInstaller.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_5.21.600.1019_native_37af3e2585987908aa6f7b6cf80f61e7_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe
"C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_5.21.600.1019_native_37af3e2585987908aa6f7b6cf80f61e7_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe"
C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\BlueStacksInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\BlueStacksInstaller.exe"
C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\HD-CheckCpu.exe
"C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\HD-CheckCpu.exe" --cmd checkHypervEnabled
C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksMicroInstaller5.21.301.1005_native_37af3e2585987908aa6f7b6cf80f61e7.exe
"C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksMicroInstaller5.21.301.1005_native_37af3e2585987908aa6f7b6cf80f61e7.exe"
C:\Users\Admin\AppData\Local\Temp\7zS428021E6\BlueStacksInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\7zS428021E6\BlueStacksInstaller.exe"
C:\Users\Admin\AppData\Local\Temp\7zS428021E6\HD-CheckCpu.exe
"C:\Users\Admin\AppData\Local\Temp\7zS428021E6\HD-CheckCpu.exe" --cmd checkHypervEnabled
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://cloud.bluestacks.com/bs3/help_articles?article=RawMode_help_Win7&oem=nxt&locale=en-US&image_name=Nougat32
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2620 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cloud.bluestacks.com | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 8.8.8.8:53 | delegate.bluestacks.com | udp |
| US | 18.233.114.124:443 | delegate.bluestacks.com | tcp |
| US | 18.233.114.124:443 | delegate.bluestacks.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| NL | 18.239.83.98:80 | crt.rootg2.amazontrust.com | tcp |
| NL | 18.239.83.98:80 | crt.rootg2.amazontrust.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 8.8.8.8:53 | ak-build.bluestacks.com | udp |
| GB | 2.19.117.88:443 | ak-build.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 8.8.8.8:53 | delegate.bluestacks.com | udp |
| US | 18.233.114.124:443 | delegate.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 18.233.114.124:443 | delegate.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\Assets\change_hover.png
| MD5 | 57092634754fc26e5515e3ed5ca7d461 |
| SHA1 | 3ae4d01db9d6bba535f5292298502193dfc02710 |
| SHA256 | 8e5847487da148ebb3ea029cc92165afd215cdc08f7122271e13eb37f94e6dc1 |
| SHA512 | 553baf9967847292c8e9249dc3b1d55069f51c79f4d1d3832a0036e79691f433a3ce8296a68c774b5797caf7000037637ce61b8365885d2a4eed3ff0730e5e2a |
\Users\Admin\AppData\Local\Temp\7zS089EFFA6\BlueStacksInstaller.exe
| MD5 | 0d021ad9fc86a22215cd014b088f307e |
| SHA1 | 531e18244b9a43798562c1297c09ccc0239adb61 |
| SHA256 | c14eb1c61d737e195ce06cb84ba2b05925dcf36ac35c1078f260e423b1ad3485 |
| SHA512 | e5d977d5a3f5a5888e054521168a9ac22712892d5aea225a6f545e9be885deef1983fbcd963927367b2d7439c18b2e6c71a6b143a924a41f5acabc76e0a6e993 |
C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\BlueStacksInstaller.exe.config
| MD5 | 1b456d88546e29f4f007cd0bf1025703 |
| SHA1 | e5c444fcfe5baf2ef71c1813afc3f2c1100cab86 |
| SHA256 | d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb |
| SHA512 | c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6 |
memory/984-127-0x000007FEF5693000-0x000007FEF5694000-memory.dmp
memory/984-129-0x0000000000F80000-0x0000000001020000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\JSON.dll
| MD5 | f5fd966e29f5c359f78cb61a571d1be4 |
| SHA1 | a55e7ed593b4bc7a77586da0f1223cfd9d51a233 |
| SHA256 | d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156 |
| SHA512 | d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be |
memory/984-131-0x0000000000CF0000-0x0000000000D58000-memory.dmp
memory/984-132-0x000007FEF5690000-0x000007FEF607C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab9D0C.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9D2E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\Locales\i18n.en-US.txt
| MD5 | a1e3293265a273080e68501ffdb9c2fc |
| SHA1 | add264c4a560ce5803ca7b19263f8cd3ed6f68f0 |
| SHA256 | 1cb847f640d0b2b363ce3c44872c4227656e8d2f1b4a5217603a62d802f0581f |
| SHA512 | cb61083dc4d7d86f855a4cc3fe7c4938232a55188ad08b028a12445675fbff6188bb40638bd1ce4e6077f5bfc94449c145118c8f9b8929d4e9c47ed74cf7bece |
C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\HD-CheckCpu.exe
| MD5 | 81234fd9895897b8d1f5e6772a1b38d0 |
| SHA1 | 80b2fec4a85ed90c4db2f09b63bd8f37038db0d3 |
| SHA256 | 2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c |
| SHA512 | 4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16 |
memory/984-190-0x000000001A7A0000-0x000000001A7AA000-memory.dmp
memory/984-189-0x000000001A7A0000-0x000000001A7AA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\Assets\loader.png
| MD5 | 03903fd42ed2ee3cb014f0f3b410bcb4 |
| SHA1 | 762a95240607fe8a304867a46bc2d677f494f5c2 |
| SHA256 | 076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1 |
| SHA512 | 8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857 |
C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\ThemeFile
| MD5 | c3e6bab4f92ee40b9453821136878993 |
| SHA1 | 94493a6b3dfb3135e5775b7d3be227659856fbc4 |
| SHA256 | de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6 |
| SHA512 | a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c782295dc7c66293d72306469e950887 |
| SHA1 | acdaabe6f7faaf5510ea2c4f1a6b3450e89efc23 |
| SHA256 | aee6d0cb05abd314d07f6c48902ab5ed0fa08eabc12ce8fbdb733bc340d55110 |
| SHA512 | 5ae1b7cfdb806c83f3a5eca7ce96f0e1ab86c127a02d8eceded0634b7090a1dff778ffcc1453ce5c6dc474d57e8ba45d221126392d7c986dbb3d025f5f39f4fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0ca0d7777c104c2db3fbc32b0d45113 |
| SHA1 | 081e24f54360d7962bbc12307c9a1c5ea11d0cf0 |
| SHA256 | c8a2e633dea171d69934dcd893d84f91dc2b7f706feeea3320f10b4d1609c575 |
| SHA512 | 2e07b0a953d6d08975f9146d26ed01a298864ffdc7a42fbba257f53eb262c12bbfd8b3cfdca73ac18fb0a9e4b1895b3803764b18d69ebac387ce7ca1ffb52452 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3b25c5ddcecb0223ae4e3db588a105c |
| SHA1 | f375280ce850dced14534670da0b11895205dba2 |
| SHA256 | 9be77fbe86f314f10ce255d291180a976722b14137d034d6a2559ca537346011 |
| SHA512 | 42b72722bdfd6d63324da4e38dcba6957ed4ebd1a9087948f37ccf8db8e21a4caf5ad8d284c93ddc3fc47e0c5d719a5240659f804b7f5f86e8c085f8ad87851f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ecfe5b94d184e2b2b9325d229f6a183 |
| SHA1 | 26d24b0420829faa95ee74e44f7e9bb41aa67e7d |
| SHA256 | f5f5398a9958dd06af420d0a1a60dad3d1f6f96d5f44b1c6e6716e24b6658193 |
| SHA512 | e95dd9bab0cccfa8404f38da44f628833f1f56706f37bb78d59bdf16f3d074caa61c69883376298e115a79cf5ca52f2a6d418ffb7131a2184bbb1749ef49e4b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fa0bd7ce03aaec67cfed5d30f3ae5a3 |
| SHA1 | 4647c66f97eacae17e4bc9acd90370c550b4a110 |
| SHA256 | d513c49d6c3a05a04e6321e4c4a4274c00375c0a2f23421cc533919510db4361 |
| SHA512 | d27330bff08443f6588c464f00f709ec03c5fa713d0060c23572876fe871d8409f51d9d4537c902990cf1ae8827366daf6044a6c5e40b52a54875ead86ffe21b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef2fbe1be1c49112cf3b74362b6649f5 |
| SHA1 | a64b57bdebe0670afd78b37a0348bf8d320f9b87 |
| SHA256 | 48ff1f1272274469d0644b093253ab784f163d1399662f5d598420a302c30e3a |
| SHA512 | 99da6b6263232c2509ce2436d014815fe580035758c989511788d1af68d82528364ed1ca625cdb4634dd2714b007b2d79ba639f3f917f4bc9bb4a8ca8016af8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbc2e0cd2b870c8efc4b4f14205cc745 |
| SHA1 | 49ebf80953a00de7aca7c782a551875354e6d50c |
| SHA256 | 4b2f951836d1a16fb799b2473f896c3c39f731d71f1e7b996fd12ef4f84484ec |
| SHA512 | 20dcc15913f4a15f33b91d74dcb5c89a8091159db93f327c37bba772be6542a27edc65e67a4722dc5c160c7d0c7813174fddcc0541a1ae51f42876eb73907d8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c89820be1946b9fec7d6cba15266757 |
| SHA1 | 23da9c21ec38b2397b9ec5cdb1fbbebe6a4a1f4f |
| SHA256 | 98f1bbdfd60b6099abbe6df76d6795aaf433d49f86235db76fb3ba3cece668c2 |
| SHA512 | 4204474613728ee7f75e385543f1f6edd5346eefa1878258c06910ab76dabf4ef0a2216d19e4a14f05d6fe2e10f8542ffff9c43ca200bc4d02bacf77e86b2a1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1caca5ec3ba4dfcfb7ef3a05b4c2218e |
| SHA1 | 1666bbeb1a20b71b2b791ff72b50df9b2f4e93b3 |
| SHA256 | 880c666e4544086464caf4eacfd71d44640e41b1697e2ebe7b84f770f8cdd6cd |
| SHA512 | dfc3867471c5fa5c1bfc2fc20bfefe9a857a1bcc15278e233f2cfeeb29333558f0155081de984a34efbbe9c20ca931e6a5b122254b18ebef1c822728b5f428ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 873317641e63da422af07a2a21993b65 |
| SHA1 | 6bd60166e44ade6c33a8023571933dff057472b5 |
| SHA256 | 4a38dc0a208ccf0fee7d2726688e937a74a66b6d4e1f6d5a39a8711a27df1e3e |
| SHA512 | 4d426da8a9fe0a5c84249cd9de4bd0441f1ee21dc40315b34748c53c540657cd7bff9bbb5ce0630c5c818759513e582520669534338224bada351f9be767e99e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f04d3d52b8209d82dd6575899145417d |
| SHA1 | 71fd8dd64c5864000d55e28ecc8253d2b330044b |
| SHA256 | b152bad6a588442cf2fe7f3bd81000364a3cabab30910a6a5726c9d7fb2b0103 |
| SHA512 | 7977891f48e832040377046d0f8160fffa00ae8a61a69bd70a95327adc3270ca2ef36a177a45ff131cdf32fdb1c2561fea163ef22e6ca99f2468443de28e9565 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5646555ecf2aad4e1058e6625c9cf92 |
| SHA1 | 94a06f14d98ec7e9f09ebeac6722f72eb1b912af |
| SHA256 | d7deffa473c198399de342d6166bf7c4d69190385c97c95bb3ebdf406eac9b18 |
| SHA512 | 4fdf3d71ff99796a9914717bd0d85a9aeae0a7a048ad6c73d1f39f181ab5dc373b35841f28f831826bc832f7a42ee61c6bb2bb25f0a98c006ae75c8a51873f99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 084582aceee50d122ed70d3e25bcc856 |
| SHA1 | 647c44808558efa1ea4ffcd0758fb870bc14c90f |
| SHA256 | 731b646f2cca1a28d5ed98c6449ef4105f6b9577269aa5df2903c08628c8d4b5 |
| SHA512 | 4d7a1364b03c22255443424f2827d6e7b1ed0bf055d98dea74286ce84bc4d47695e95d0a56607326bdca347afd673b1ca06dafe09a25d019e7bccf7356164620 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 8917fda047b7f712e168a335e18a375a |
| SHA1 | 8f945df60c912e3ace44fc5af90fb21a9f803539 |
| SHA256 | 0a7f9216ca2a7a65fccefd75fbd47e16f37b379fc598e991b1cc3bb739d2b850 |
| SHA512 | b0190ebe3c0da33555c3a07beaafd52f21ee1d51aaee14e8920998e4eb84a6e121d3909a5fa9a993f7bd153d2232492f3b3dabbd00b6a6158aa2c21a6d79ddc6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7
| MD5 | c6150925cfea5941ddc7ff2a0a506692 |
| SHA1 | 9e99a48a9960b14926bb7f3b02e22da2b0ab7280 |
| SHA256 | 28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996 |
| SHA512 | b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18a225c198d446b50139a68de54d7d86 |
| SHA1 | eb70edf14412eecc5a56396ce5c4d34569cd93d6 |
| SHA256 | 94725b7f3c0ee18cdd04e2884fa08093474abcc563a2b4cd83747939d279ce09 |
| SHA512 | 9a4ef134f3250c3c765fe5c2956df6edc2c01bcc935dbde4079564431d9e7632712982879e090fa415a0cb7a042fffc4ef973289416d4732ba31fad3ddd2b8d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 532019f28d0c392f00ca5ad78299c27a |
| SHA1 | e6d91f00a63959210df28f7d1cc807f9e28610e4 |
| SHA256 | 52047dbd221c03ecdfa8a68a2f21880325a0e4539f1ed27a74b677b00f4ea0e8 |
| SHA512 | 6c60d4a03ac904c67576a17d7403c749ce5931321e7fa6ab585642aac56b55b688de1df93edabeff8354b901de72c63dc95ea2d59d6a3c3ce76e258db98f2414 |
C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\Assets\exit_close.png
| MD5 | 26eb04b9e0105a7b121ea9c6601bbf2a |
| SHA1 | efc08370d90c8173df8d8c4b122d2bb64c07ccd8 |
| SHA256 | 7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157 |
| SHA512 | 9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68 |
C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\Assets\minimize_progress.png
| MD5 | 1504b80f2a6f2d3fefc305da54a2a6c2 |
| SHA1 | 432a9d89ebc2f693836d3c2f0743ea5d2077848d |
| SHA256 | 2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6 |
| SHA512 | 675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94 |
C:\Users\Admin\AppData\Local\Temp\7zS089EFFA6\Assets\error_icon_72.png
| MD5 | 4aaf83d2b3fd56ad806708e60474df39 |
| SHA1 | 144777a265879b69fadea3eb3ac6939458918578 |
| SHA256 | 84e59d14d9433e6c3d92daeb8c443063b5e3be6c0b297f0403dbde473a05cb3f |
| SHA512 | 3b8485f054fe6ed2374bc81cb1786f09741219fbfcb22503707b11cf5db1ab262ba4349633597d5d9ddabc3415b170fa8eebc932f58d211d7092b8fb96fa1304 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25291cd860864e0ef5410d8ad1fa7438 |
| SHA1 | ea73e11980940c534167258a4f82f65ef7bb694e |
| SHA256 | 1e55796bcab0310d8d8f48723dfeb42d44077be853307e05fe22c616e81e3549 |
| SHA512 | ef333f5d57132368c99ac22d54915ae22c3fef84c0d3bc1a30d291c65aa665e53cbdd02c62dbf6e77927eb796e0f3aa2cea70c1b36e707414564e0a952d92824 |
memory/984-837-0x000007FEF5693000-0x000007FEF5694000-memory.dmp
memory/984-838-0x000007FEF5690000-0x000007FEF607C000-memory.dmp
memory/984-839-0x000000001A7A0000-0x000000001A7AA000-memory.dmp
C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksMicroInstaller5.21.301.1005_native_37af3e2585987908aa6f7b6cf80f61e7.exe
| MD5 | 75bcb927b59b52ec59208f12d02ae1b4 |
| SHA1 | 63d892e26cc322f7f3e630154ded1236693deeb3 |
| SHA256 | 3128acdfb50a840a1a841b7d3a6d06762d9733d1cc35c743102d0ec100568578 |
| SHA512 | f67a9cd9cecbcb50d456740792235d2ffbc187448f9f66a8d7801c08708e23969cee46d21f829abbfa16d9cf44eaa908596c3a6b09e560ff1bfce331491b80a1 |
\Users\Admin\AppData\Local\Temp\7zS428021E6\BlueStacksInstaller.exe
| MD5 | 8734859b771d26d4b937371217d8d4da |
| SHA1 | 83b5b32715718a90ddb68db49fc5e4405e456313 |
| SHA256 | aed0c389f812cfe56c4ca0423935c7eed17e85318be99f654b57428dd6c0b881 |
| SHA512 | 453900ddcd101f750b634c4c89f9bf81a4a267e8af5a2989727bc035d61b65e140838b7f12214cde491f9f7564f3511de625d7d7f65fb25a7d98a4646c3a930f |
C:\Users\Admin\AppData\Local\Bluestacks\Logs.log
| MD5 | ca58d23d0c2a67e0d1e779f167fbd0d2 |
| SHA1 | c7724499680c5766377638996ff5538a8a740353 |
| SHA256 | cd20caeb8530231375fca498ac7b7c68d6335a28f01b2e0ac5c913962fb008ff |
| SHA512 | 7326762148f5d5e51c6594b5105682260b4afea79d6f9b0373f00a7688054877ff731a129d1ff78f5031eaf4ffe6bde288d2ec5dfefd79c6e1f4b8e0d28cac6e |
memory/2756-1073-0x0000000000EB0000-0x0000000000F4E000-memory.dmp
memory/2756-1076-0x0000000000C00000-0x0000000000C68000-memory.dmp
memory/984-1086-0x000007FEF5690000-0x000007FEF607C000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a1abb6f374e66f82a123db51d6bc940 |
| SHA1 | ccf4eb126d54001203a88e8a5dab603c71fa3238 |
| SHA256 | 3baf5366010d009b0fe6f77dc117c5be2e166f655378671dd4c2f09ec61b2ea7 |
| SHA512 | ca275d510e00502d27d1f13d930ee7bd01fe9b0d85655bae714a67f83ae9123bf744ffa307073810eadeb252144bf08561f3e3a46e514e53fb872b3c74fdd8df |
C:\Users\Admin\AppData\Local\Temp\7zS428021E6\Locales\i18n.en-US.txt
| MD5 | 0a041eb21be673b37a9a43f751d83400 |
| SHA1 | cf98837aeb730d05ec55252277d2ed41ef58f0ba |
| SHA256 | 708132b01a012c3a43a5a7e5550318f6fe72a98139bba7e4f5fb352b9e46db29 |
| SHA512 | 476051e9cc528c8b72a1ff0aec6f9e05cce4e7069ff4af7e75558664f02a7018304a4d840e694ee811d08895b628da072b1c72b8f605e4212b75a84db66b8b14 |
memory/2756-1194-0x00000000005C0000-0x00000000005CA000-memory.dmp
memory/2756-1193-0x00000000005C0000-0x00000000005CA000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0f1005157c09290388580f607aef93c |
| SHA1 | 35ab2b7a4f3922ffa8c9059c63e613f18607d771 |
| SHA256 | 4a985e23299b72b0e321b4a761ebc72b35fb4de91c03ccb16cc8ff417959aad7 |
| SHA512 | 004b6d1cd22e77d72ba67cfd646d92be0dd5ae31fe5a119f099981696f398f12b3b05c14c2ceca1ee22eebbba074b1fc4faeb3dd777c39d39e7e3b57bfc5c5e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbb8da159e99fbac56c0b0949cb5bafe |
| SHA1 | 9b66ef03f7884f8ce9698ef9ae65851a7352cf43 |
| SHA256 | 0c94f0705d22ffd59d64ae2559eace77df73765f958e1eccaa50bb44440207b6 |
| SHA512 | 8ef260ad70adc7dd875aa324c951087a4cb1662fbff34c7aad8a46c4b4083661cf78586a35ce094fa3606ed72153128cbd77ef55fdcea602176e2b0dd45f4fbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 265276519c9c7326a1925891ea682014 |
| SHA1 | 2f22eef258365c002a8d19afc9b2386babebecd9 |
| SHA256 | 3ad2e67de13d15fd0aea2688250922776f69778e1bd1e88175bcbd6c042ff175 |
| SHA512 | 11e057f17e6bd3d65e00b67bb07713fd0e9a9a8a04b2096cc295f87938557dcc2897dd31ff2882b62e2c91abac2652040487f45ce7852f1c23390832dc0b4bbe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ab0cd7284931402dd92c2d118c34e99 |
| SHA1 | e80bf7006dc04ebf87e6167eeb381554a0189921 |
| SHA256 | 8a010b805aaa1b18bc5c5d7337911a4189a69bbe26f3fbb5713b4e50aab267ce |
| SHA512 | 069f2f05356b5598cfae4c3290b3556ecf072a06f127cc91bf297a94d110caf8631ed4315d98a0f4886d45dd7d6f94e3ce9c6096986c61a6f23db389e60b7e46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28dcd2e11b74a7cfd5ec538cd38007bd |
| SHA1 | 5fe9f4058921a2c9b9ac0446e9e14d8b6951a64d |
| SHA256 | 5a1be80f52278482ff444c52220626c4e83db2f8aa2d05c4f62b912d074df7eb |
| SHA512 | d85b1f072e55b3b1fb6757e4e8546ff7f0817f1b306f72de9f4ad9f9ab85af27f3f159186d999bc49192c121a1a18405e554312221219c7c5a5f6d46b93ca555 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b064651241c2c7dca36a8dc22c25306f |
| SHA1 | d65865cce9ab45c440bcbf676fb704e38c80f932 |
| SHA256 | d53dd5675b96b9dd07b460a37f6ebccd0f2ce510ea178fc4260b0723f683fb04 |
| SHA512 | 41d2d2f94ed03fa22532e827b308d668b96b18b1730c980625739f689c5058691a19e0acd27f2728f25c7a8f0a049f57785fe0c928c235d15f91e5cd0667fcb3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fc302660a8b2cb2cea1634f29785989 |
| SHA1 | aa9f0d20d55d335a9c213e1abee8da890a5e1206 |
| SHA256 | ea6450530871e6a38217a2e36771d2cca3a73def48b05a68e9d68b5dbd0d3619 |
| SHA512 | 6b6b04b263e3c9dc745e407e6ed63a03f44cf3da0670e83c980227186e130f7ca2770514dedf19ff157f302eca98d90f798064d30962c6d2e63c1bd931405120 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d059c1e86ff6eaf3bcf80ac760378df |
| SHA1 | f85da89eaa1744c1dcfffd33dd41e260b9fe6f5a |
| SHA256 | 9a36504cec69ae97ecabc88473723d0f032a14d6e894ca768e9c56538054b832 |
| SHA512 | 21e027755f716f6eb7866f5edf492b371c039d8e5c9fcff5fd67676debfe73d9ae1c0788d0da4e48b1bd6d77951f55a9d15c8cf2b5de04752e6656c50020cbb5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3264b0d09f0c62907c4b10c121220295 |
| SHA1 | 83e18a867e8075642717932451534df9ba9d2b7a |
| SHA256 | 5901e3de28b733e88c3e536b02ee046f681d951eccffff38ea97bbbb643e8005 |
| SHA512 | 6854e95b5c7f92b033a23996d915f64d3ca40f4ab6a7eb0b8ae9481820dd7025a0737661a7444100fb8ca39787fcb4f721b9d3f6760163ca34ded73b237f149a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03b1cf4c4a262b61a5a517c62c8ee018 |
| SHA1 | 2114f3ea644e1f44eb1f8c6fbe53f169b9c24acd |
| SHA256 | 1111b2bd05a830ecbbdc9ba2f07049da83420fb5235870ba481edcf107dde236 |
| SHA512 | 3169861a45b16a334c060c7731099c8bbbf2bfeadbbff570db35e3a92e2994fdd2592b5b67fb143fc566512c4b5c90196391262346698f3edd1ec03f24b108fb |
C:\Users\Admin\AppData\Local\Temp\7zS428021E6\Assets\link.png
| MD5 | ae2c73ee43d722c327c7fb6fdbee905c |
| SHA1 | 96f238bf53ac80f5b7a9ad6ef2531e8e3f274628 |
| SHA256 | 28c0abc6bfe7a155815104883a37a53dd783d142300471064c95eddf3cae0eaf |
| SHA512 | 5a1e341f727cf1cb4832cced8e96c5a74971451629603c48bfb91ceb4561d0122ab9ae701f8b34681d5f13115a384467d430ccb8282494b40f4577ebc3ad825b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5370480c5b4947214cbc6addef0fa8a5 |
| SHA1 | 814779f4986e7d51e91d65e5a20c08bdc66f9991 |
| SHA256 | 2abbba134570c28ef1037357a6f03258983f115213ae304982bbf64cf4ac90b2 |
| SHA512 | c33d7fd2bf40f02c4e570f77109551e6cdd5bb13b02c0fe5c453df57bf3f779d353d8c33ea9272a3f673f6e80be17a6c6f9d16ae8d89d70036881f945778b237 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba1c11883ae4676a14d2bc452f8f1722 |
| SHA1 | 9dd46447c4e10f810b678b9b2250607ddd059943 |
| SHA256 | 61add5f04296c4baf771f07eedf480beb7b1f1a53b3a761c54d357601999cffd |
| SHA512 | 5ccfe8dbc83afa379dc59672c499ce2912dd2ffb755450122b7fc160e5b8ae5e93a85297d53cf4d9eecce5aff945e900479e2f58ea0ecb88d379046ff3a998d0 |
memory/2756-1632-0x00000000005C0000-0x00000000005CA000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c572a6879184181696491a74bf22fd9d |
| SHA1 | b2c85b23889638aa54a2f117caba22fe9db0e863 |
| SHA256 | 3fd9e392255cb49fa58629ad7805bf76bbfab2fcd61fe1a2ad549094b47f2fec |
| SHA512 | 99da5c7d402bdeadd4ba24a2eb03e431ad1a5b35c71655b1c76ab5446d3003553befff3985e72869d6b93399b5a1f4fa911b17d4241d2aea1dfe5f57505d4db3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4960c54233ed179319c51730af008af0 |
| SHA1 | 8ca0cc5688fe2cab6fdb5e93c844549e5850b851 |
| SHA256 | b0f4c179475cb4c6489002f020ceae4b75692169a265b53aaeef4bc76070857b |
| SHA512 | 9965fc16151c5c24d2a7afcb3697b9615144f993b4027c7af05127159f10ea1bf72d923fd79e4cb7ec5e4e965976a7d9addc2e6d3955bd57e17f3c1eb5cda92c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d324fb5a73a582b99b20621ea25b6bc3 |
| SHA1 | 5eec60ee43cedfa5cad6d8a79ebf6efda24026bf |
| SHA256 | d73fe8c06110adfa1e31bff81bdfa716af27b487fb89358b553e611f61555266 |
| SHA512 | efa2fc81d13c6838bd692833223a62cad2e51d486ab1bb472a60ea363d836213dc39fd65ec250a327473f1b805b279b531050960c29c9bb54600c4c00d6b7a1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6069e9fc76b06d8a639bc32c5b352098 |
| SHA1 | f86a948f58de6715ea895f93852543a801d4db7d |
| SHA256 | 50bb0d64f2e149dd1f425a5518eb30ffcd136ff7947805b7c5333c17392f230c |
| SHA512 | 4d7303fe210114e67cc1eacc9183e19a73da1d754b4b8d9b96c6536813a65d318c4ad0e60dfc7c033e4190704d699f353fa333247c701ae2ed0eb7fec3e6baa2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4444650f7ba9f75245e44836a95f80b |
| SHA1 | 67bb7e63f7b190cc145ebec31ac8fe4d3b9bc391 |
| SHA256 | 0d14c4705cb38aabbc63eb69edd2954cc52bec78e46a1ee52c3e71855542eb4b |
| SHA512 | 14298f3f77ea217334d119519c85be1ef5bce2348cf7d52e6b65efc623d33d4b5c3af4ff2ec4e0f180e705dbb68e4bcefc4f4c8596c29b7000a5ad8d3df94cb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a38617f904aaded8f670940e1c640b0 |
| SHA1 | 7ac3dccbece5b80ec62cb0d51b471ec6b5281874 |
| SHA256 | 9a5721f5f3734d1fdc6cbff9ac90eef71621570fd6ce3209e4cd7bfe41848615 |
| SHA512 | ca6aaa56e4d8e548d53586bef1f638ac428cbaf912854cbd755b38072c8be05e715771f84630e40227e01360108d6e983a1c73f931b2c7b2a2a96123c4ed68bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55bb3f655650ed0181d8806ebf283eef |
| SHA1 | 2907202fbd2cc9a0d04622858b569d8b420440ef |
| SHA256 | 2ed8b6d4be6cdfeaffb3fb25c7b1660d967cdfec14f2cd19e1c3e92b0a3f4f57 |
| SHA512 | f39a6e505e6458b872b200213762dd2d88f711ad3189b9e827a8d9819f239e487f8a439626a80cc2da4d83018759b19bdd4ee4a5fa4835f32014fe422cbcb20b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca690e0a369a57ac5b9a2552acc376f6 |
| SHA1 | c9184474b882f6f9fd36f99c8801bf91353d4098 |
| SHA256 | 763b188a95e0dbc998d6aec6c44d20c5b7af11694a8f37c626340c3479e32bd2 |
| SHA512 | 8ec44b5e81afd39e88fda9e507d81678877d28a5357c9e36fa2f3c9bdb3f6a212ecb538732236df3a2f38806bccc7d47ae96fd1049ab116a79203a1b56f0a6d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f41121d1cfc0ea88d1684b6e9e1524c |
| SHA1 | 843fcc68db26e389fb6661b17aace10216935cc7 |
| SHA256 | d1e98279f67d4c05a5e141bc6c4d1eb3c6acfe533dbe6ba4a051bf51f449b256 |
| SHA512 | a378d2c6e7399e3f7296cb203329cba98d4c1afa5cf4a737cde4a635008ec811ede968ea917a3ef0237cf52968eacdce5a5640871edf64ccb7ab89eabc1fac06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd6a6c92b407af9b5a172c21656dc072 |
| SHA1 | 531b85cfd35705bce03ba252f8f7add162c9affb |
| SHA256 | b10a24afe842f003d04dd499677f940db8d21c18d2f8b7957dd9dbb014ca893d |
| SHA512 | 597a9ce303aa8bdc02f258ab321a0e040352919193c881230e46dc9f57278039460cdb07c35ee7113291b606b08c5ba78fab79805f5bc7d1d1befc04866692b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02efea03724ad519b4f19d19c3519f05 |
| SHA1 | d0fbe7cedeba530ef1be776f548ef465187df4b8 |
| SHA256 | 5f2892a5df2381edcbda2efeafbdac4b5255c42587e313502304034685cae215 |
| SHA512 | 5aab2275dcfb564c9e8a4598f14c0e2256389c526f0b408ce962cb58f4a203107915dd13c99bed374ee045cba6f02bc376ff27aab19af39db891b17cd9e5aeaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3aebb2baebda3c9e90f7e8e9c5ff702 |
| SHA1 | 1ebac326f2a59633de00e999c9680dfa0264e0d2 |
| SHA256 | b7da960e486261ff60680bfedfba7a0587ec650277f872b8ebeae1915356c9a6 |
| SHA512 | 51f02f37fbfdd69b00fa88a4270186424ae29eacd9372f25d2b5100e90ffd057ef6a2b997deede3350f650bc173fdb5dbf3f49fb02aa608304e8db6e0a01d922 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 179e58cc5c868b4c1790ae046960a826 |
| SHA1 | 1326dadd6e597fb69eef8a86464f47c1a2a75d1b |
| SHA256 | e174cca96359d26b0c2f77f82aac0aa158dffb69958fcf4f67fe83ca7a5589c6 |
| SHA512 | 37a856ccc072f532b786ceea79c5e520bf20dcaa5f01b7f0d1e4130ce30e9bc0656bd622f1a2d505886488dd28b6db0b28dc019066d95dae9b1064dab046e036 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3fa638d757bca441fcf66cf67bab6e3b |
| SHA1 | 0098be44e7b0c3fac0c47dd6256e29fe880a1c89 |
| SHA256 | 34381ce2495ad5a7601897b3ae643a8d85356fdbafa719c84f2ec52889d53596 |
| SHA512 | 6a8690a0bcfd93149addd3630bb5523f7954f6e66c754b99f014d949ec17083cccf850a882937dbc6f688161e99ec1fc4f61ec9f367cc2b13c5584f943b358f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4cdf7da15ee658ffa2aaa312e74263dc |
| SHA1 | ec570f172e9bed15187e25f8aa1f96cfdfec2658 |
| SHA256 | 42b33bf4c91c356ea1fffd63449a2af74ca2cbd086d4c2e0e3d07f442ca6d0bb |
| SHA512 | 662b62d93428aafefe39fe2cff0af3f03c165ffc6f3c27cafb8df81113697acba37e32285aaa7dab8322f445ce3efcdd8033892d262fc150e6779785f72e52fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd6fd0f33674d545892c7c6760877143 |
| SHA1 | 6cfa6ec0cc644ea59e7af9797364da8461e4027e |
| SHA256 | c2fc24f2086f0852db056f50bb436625352b2cc6223b8d04f382a12d7a7aa58e |
| SHA512 | 7565c570ea1ef7f4b3f9aea3c4476afcdba910ab9d3ca68135652e2d50fa237a1a031b3a4192e8ef7d3e1a1d883df1662cd7379911faafd0c1d257226a89bdda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4eb2e8b3186277f360fb002abdaf52d1 |
| SHA1 | 49318d294f44e52e44c71dec3dcaa97b3984e8ca |
| SHA256 | 3cdde3955a54f29fc5a064cb520f8d48198936cbda89619ff6056152af906ce5 |
| SHA512 | cdf6784799e58f53f9a9a8e2d5caf9ec6c9bb4de922a3a35b2820c808faa48b890fb13400d9e02657cc906edd9a15d8503cd5bbfef83262c03f38cbd4d8fc421 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac8c1bd592690088b737e543d7fdaf8e |
| SHA1 | 0b7807d0783be03f3533ca3bd13c5d88b5b8d307 |
| SHA256 | 9123b95044ece3db273cd6a00cd26a0f10ee63d9c34df95ae215ffd0d54fe58e |
| SHA512 | f743f59f26e3445f2a867cba8baf07276d83c267ee416433e48384eda4b816d12b0bd34e90051ab41aa93bd8da1e6bbdf22dec6ea47c28b402110806d708dc17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4469b5bf35517bee31ee171883d1bba8 |
| SHA1 | 6de7ee507acde7808e65959cb400fe4db4795eaa |
| SHA256 | 2b6ebded8a8b81f5441f862b16a04b248472729cd0b2e087e1b7e053ceeba4db |
| SHA512 | 15fcbe0b2d9b078aa9c05823afbf459ca15bab30b8bffb18fc277f9c5b65f0aaff40d64a3cb2cb35dd09d1e69fda9a6e43f451c519475cd223a162d8d66b38bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a93cfe2e2f90f1343e748e2ab6ca266 |
| SHA1 | f1bb2e8bdf8c152d075a09d4942a125bafa7951f |
| SHA256 | 712d45243f5a0bdef7dea75fe80b63209c88af8d9ef2b3d6dcde8d0a59d5d5b6 |
| SHA512 | 6de68a37b34bb07f7b0be45baf2272aa3226dabefc8598dcd7c066327320fcb71dc167ac5a62ccc9fdf5df7fec042426d2e6d56b36c52772d09c1edd171a4605 |