Analysis

  • max time kernel
    15s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    17/11/2024, 03:29

General

  • Target

    BlueStacksInstaller_5.21.600.1019_native_a2dd660d2ed14f232e1cf3aea7ede127_MDs1.exe

  • Size

    913KB

  • MD5

    86b016ee6a71a5219f56779885f691ef

  • SHA1

    1a40a93403e1004f7f8033c5afee8196db16700a

  • SHA256

    a56fd8aa5ffdaddaf58e4fbe8cbb2359fd11f2a93f34d9d0df610baf96972207

  • SHA512

    9f9860782ad93a3a43a9d4509635ac5a08317d3ee60ae314ebdaf4b61855c0a697ca0e5561b5452040763bec719394baaaa1ac4c23c00842be4806ab4dde42a7

  • SSDEEP

    12288:tivtCXQd0gjKX7zuqGKY5Ha3z1cNoaMq+zfxUEwOwGPaGb4hmsLBeJs0RXfGPtRF:tivtCXWeGKY81Oq8wX5RXfGPTSKdvaU

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies system certificate store 2 TTPs 14 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_5.21.600.1019_native_a2dd660d2ed14f232e1cf3aea7ede127_MDs1.exe
    "C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_5.21.600.1019_native_a2dd660d2ed14f232e1cf3aea7ede127_MDs1.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Users\Admin\AppData\Local\Temp\7zS0E71FED6\BlueStacksInstaller.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS0E71FED6\BlueStacksInstaller.exe"
      2⤵
      • Executes dropped EXE
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:920
      • C:\Users\Admin\AppData\Local\Temp\7zS0E71FED6\HD-CheckCpu.exe
        "C:\Users\Admin\AppData\Local\Temp\7zS0E71FED6\HD-CheckCpu.exe" --cmd checkHypervEnabled
        3⤵
        • Executes dropped EXE
        PID:2576

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

          Filesize

          1KB

          MD5

          55540a230bdab55187a841cfe1aa1545

          SHA1

          363e4734f757bdeb89868efe94907774a327695e

          SHA256

          d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

          SHA512

          c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7

          Filesize

          1KB

          MD5

          c6150925cfea5941ddc7ff2a0a506692

          SHA1

          9e99a48a9960b14926bb7f3b02e22da2b0ab7280

          SHA256

          28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996

          SHA512

          b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

          Filesize

          230B

          MD5

          d9a52c304b1781e64d6c68d8d9481400

          SHA1

          c9ce3a97aceddcde6582f54690415f6e9186b245

          SHA256

          ad10a9c3ca312cfaf1623c395de0cb6f9ee81581f46cbc0ec7a7585ebbcbd7f9

          SHA512

          7adaece4aa1eb94c1970a272c67ff250975354af18afedd66100e75b32d9915e30930f3d94c7c48bb80483b25cc0d513d193555d562a6cf087dcc11ac1599e57

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a40a116ea7f315cbb2c16a918705a4fb

          SHA1

          8a0c12d4aa711840cd709841e3629c3515e32ad7

          SHA256

          73cb0b2f7ac94f256be621c563d6ffe2446a781206896a10ec12f10464649c9a

          SHA512

          3a0c1d0f0fdc5328119275f91862505d86ed5b66d8314cf18a110225f1cdd0eb4653f02a3136932948a4c470fa1b9b7763dd06261d9575e32d97120d020a90f6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          cbce2bdb62cfb3ad5c3760db3b3c34d5

          SHA1

          5fdb0472cdb36dfba615e38cac0b7cb51b2a50ac

          SHA256

          51fcbf4cffb3013b3bb401ee36c7fc793992cb261a04d0d2c572aa7efae1d066

          SHA512

          227024b208731796d68624cea5b153030dbc1b2a34647ff1117e987ff8cfc86b597076992936c696d695e5d1ca01b9090b14ca6e5751ac6ee901cb8603136a61

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          27c46e7a711637e36f99f94253323c40

          SHA1

          6b81a19b6034c151a016739a201cc58da9017417

          SHA256

          b71f29bfbb9bfc3a662bed4d4db5cf33dfa1ee8fadf9416d5d1a60158b90ee05

          SHA512

          6b27dc775414384993f56aa3d281b78626a90d7cf07a44ae26f9c331cf109a01113b66d4191417ba2df4a9f7f9e1924a00e969edf5401bd96f5eb5adae13d3e9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          45c2d356361984982b8a174c0629dabc

          SHA1

          a0909016c10eba1362412aa4240a83a0d99414d0

          SHA256

          e5826e29020571e47122485f94acf1970893cd8fdd44253680c27e3980f477a5

          SHA512

          a9b1d06a76eda5448421c13f803cb0fa88d2a28ed52b8bfd0971c7e5ca314e1315548436a69b05b166609e903707b020643c452d8662e261a9dbf25bfffd1125

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          82bcb85707f8943f65431a8dfe5f1554

          SHA1

          07c8b7274f617e9fda14a8bac0d319a38221f637

          SHA256

          5d3210b4fc94e94e37a64f95bac6abc1c6b7d9ba1ce3456d4c57f7fc9c605a60

          SHA512

          08d4b99714e686f49e11f0319ed3696dec42ecccb1879410d665828cd5749d81e586e28f5cc0b9ae699ddafc9dd686617b8e1551010953387899d721f8921d57

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0872be1eb6281de2ece7489be17ee8a3

          SHA1

          9ce85a86020a371ae69ebecc47dc0c66cb41e952

          SHA256

          79b77225ab340c9ce8737cf33364aac5c4df43fb492c60b5522a9b0bd646c2c1

          SHA512

          4b77374a478a4979b7eddade32ec249be737e83295467d38b43be04a870f79a2a742582f7a01b4869a116686d2db6166d32a970525a68647ceeb59de97ec5046

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c53c2beaea9d83e29b1dd3b77bc41ae2

          SHA1

          f7f7e85b0da9c8524b07ce8db821ff0d14b3cc4c

          SHA256

          2758b6acb5c87871f8e5984991a87d423e239c066d4392b7b24b4c3714d90324

          SHA512

          b61eccfcf0625aad718895adf1c8ef7de8b9644a1d52fd609a82cda2b67562c76d7d541eee74a045553761b4dc08821a955182f06345f6ec86bae0c7d1b4e35b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d8839869fba583131a44d38d7538ca03

          SHA1

          9b7ca767b06b8fd1710fc78cef04b0907f273915

          SHA256

          fad9913e6c5fe618a7e882928dc3f78dbe6958284c3d758594d9479ea4dc3936

          SHA512

          35f8c0a496e1c2c17c0dbb8ae6c9c5a23babacc62e267bb5e9b97b7a0e501c30dd6d01836ac752021f41f4f471966de1a6596e12ac79fc5babd92017c400960f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          fc611c095b5496781c32210b5a4e2d0f

          SHA1

          e3eedd980673a0f1b4cb699c58c47b96020bf2c0

          SHA256

          0acfb97a3a802c63e14d1610e66d88febf6d9eec9d951c1662047f0952df30c4

          SHA512

          b37df90381598d394a4e7c7adb40c6e74b339682075bbf9b64b1fb1a275935beb5510eb50712ddf09b9b8baa23cd3b3fb56b4c3b49bfdc20b402f13b51b932d3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          102c0afbd52432e1fbfda8d84c3e31ee

          SHA1

          641753c9a4850f74868a40551396610a5437259b

          SHA256

          08e6a0e6c921c8472fb130841178634995287c36e809fa94fb12290317a7d7fb

          SHA512

          39dc4f89ad8d179d899c565d1c1208d9c376a0b837dfa9cc29eee73b788682a507a08a3e3987707d23b945a643edbf941053bb417e22c02a0b10d97745f35cb3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3d98efec43ea873b3cfa709eb5ef1dee

          SHA1

          9eb1eb0b7c77be7814b045b3ce78bd5005d21c02

          SHA256

          2611b715aa42fda5b7a1aca54e86f377ab26d2e981f4ea3234adf3f31ce9261f

          SHA512

          f80656a0481291b588370ed27766e398f8224e7aac1810433698184f02a0ffc052c2226aa560688b2076a4d9d3edd61011cbe7f80e46f6ff3df026bf41a46e4e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1801ca321aceaaba8790f7bd0b8e0cfb

          SHA1

          454a7dbdc0ec3a529dd2cfba88ccc429e408f08e

          SHA256

          326cd9d81b577b08085b9cb221cbc67d8f36e87aa4435cd2dcedf6d630342108

          SHA512

          6921a1f0def0b4c1ed96a3518c0ec1288f80ec329da41deb4309c66ca11bf8ab05aa4e116208074e6d5fb42582ba54ac7e553ad34ea7a9392c7e33d8a52e5941

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d8c5e4c0154678d80799fde1795f4993

          SHA1

          7144c4238dc2d1ceee5d714c10a8b63e4ca1c50f

          SHA256

          edee620f8db08bac70e0789f1e6d02633f3f776ecdb56d4f51ee8b4dcc441910

          SHA512

          ab9dfe1292c77871a04a4c41096bfaccb3899cd7547b64820758f5f2883733510a82130f1983303ddd024e18f6470304707102a71a99db97443c526c4d649689

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          eff76776b4bb885c054c09b50c2ca14b

          SHA1

          54ddc0e9a3f26c7e3478dcccef42400452e42682

          SHA256

          af4ee5de06868e75df0039e209a38e97ddc773428520bb64c00d192d8405c523

          SHA512

          7a438d13f7c08643b64c216bddd9ac61d338460f0f531db62337cf724e9defce31f083b05dea1620f2e70807fe5d578f9f992aa0b064d1a281f6e9ba849e64e2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          69fdee4d2d2dfa188bed8b2a2a43e488

          SHA1

          5826f3e0eced944ef2e850b9882e4c9e665a3565

          SHA256

          f143aad5ad4b31f7acb9c6c2d0d99a2b7cba896263a2affc4652d7748631fb56

          SHA512

          e25f824a3f83c9d3f664af1dcc8a92c140fde1c38247bc2f2a32613d777d34109cab68ff5fe18fb77d19be88265b426fec4f446fcccfdc610c61170a1053d1fc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c744ca5276d4c7e54d30d3eaa4b4e95b

          SHA1

          da88255313f2038ac72d2be553ea110f93027943

          SHA256

          0991ed507bce56e2b193c370d23d23fb663ce20e275826c837d602b215f9c846

          SHA512

          e23e0587797266902e6085a944680404c5dd9145fe05acde0b4fe5dee53ed96143ee3ce672ad08dad4df6ba0182b019cadb341443c5b790f7c6b72a5e47b0f94

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7348038121260f26323f679cc666c33d

          SHA1

          f413c158aafd6aa51adf8bd206cdf53d74e0431b

          SHA256

          5a04370bf766a335ddde6fd279ec2d57a4fa495b81cab1cfedd15e355369a6bc

          SHA512

          d64469afe0d784f16f2d4de2713b6d9958a7c4ef86b356ab353df400d591938877d45ad21bf83e47140c47924b0437cc8eef92daefd43ad921f96f6895fe6424

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DABA17F5E36CBE65640DD2FE24F104E7

          Filesize

          276B

          MD5

          731534cd7441e37ee789f772c1ac4ffe

          SHA1

          6ab51df76218be73e36074cd3bda7d2f2aaea2df

          SHA256

          32df0658c84c29725d3d9fc7af9add0f64d750083854820ca8e2ba269aaefbd4

          SHA512

          cfacec3c84320d0566794c5ce7191dad9087e50ba99bda8546dd13d9cc253e84713104271e10522ac892f9b7b0a9d0184196e624fed1a5a9a01924a9489c7639

        • C:\Users\Admin\AppData\Local\Temp\7zS0E71FED6\Assets\change_hover.png

          Filesize

          310B

          MD5

          57092634754fc26e5515e3ed5ca7d461

          SHA1

          3ae4d01db9d6bba535f5292298502193dfc02710

          SHA256

          8e5847487da148ebb3ea029cc92165afd215cdc08f7122271e13eb37f94e6dc1

          SHA512

          553baf9967847292c8e9249dc3b1d55069f51c79f4d1d3832a0036e79691f433a3ce8296a68c774b5797caf7000037637ce61b8365885d2a4eed3ff0730e5e2a

        • C:\Users\Admin\AppData\Local\Temp\7zS0E71FED6\Assets\error_icon_72.png

          Filesize

          1KB

          MD5

          4aaf83d2b3fd56ad806708e60474df39

          SHA1

          144777a265879b69fadea3eb3ac6939458918578

          SHA256

          84e59d14d9433e6c3d92daeb8c443063b5e3be6c0b297f0403dbde473a05cb3f

          SHA512

          3b8485f054fe6ed2374bc81cb1786f09741219fbfcb22503707b11cf5db1ab262ba4349633597d5d9ddabc3415b170fa8eebc932f58d211d7092b8fb96fa1304

        • C:\Users\Admin\AppData\Local\Temp\7zS0E71FED6\Assets\exit_close.png

          Filesize

          670B

          MD5

          26eb04b9e0105a7b121ea9c6601bbf2a

          SHA1

          efc08370d90c8173df8d8c4b122d2bb64c07ccd8

          SHA256

          7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

          SHA512

          9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

        • C:\Users\Admin\AppData\Local\Temp\7zS0E71FED6\Assets\loader.png

          Filesize

          279B

          MD5

          03903fd42ed2ee3cb014f0f3b410bcb4

          SHA1

          762a95240607fe8a304867a46bc2d677f494f5c2

          SHA256

          076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1

          SHA512

          8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

        • C:\Users\Admin\AppData\Local\Temp\7zS0E71FED6\Assets\minimize_progress.png

          Filesize

          212B

          MD5

          1504b80f2a6f2d3fefc305da54a2a6c2

          SHA1

          432a9d89ebc2f693836d3c2f0743ea5d2077848d

          SHA256

          2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

          SHA512

          675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

        • C:\Users\Admin\AppData\Local\Temp\7zS0E71FED6\BlueStacksInstaller.exe.config

          Filesize

          324B

          MD5

          1b456d88546e29f4f007cd0bf1025703

          SHA1

          e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

          SHA256

          d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

          SHA512

          c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

        • C:\Users\Admin\AppData\Local\Temp\7zS0E71FED6\HD-CheckCpu.exe

          Filesize

          200KB

          MD5

          81234fd9895897b8d1f5e6772a1b38d0

          SHA1

          80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

          SHA256

          2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

          SHA512

          4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

        • C:\Users\Admin\AppData\Local\Temp\7zS0E71FED6\JSON.dll

          Filesize

          411KB

          MD5

          f5fd966e29f5c359f78cb61a571d1be4

          SHA1

          a55e7ed593b4bc7a77586da0f1223cfd9d51a233

          SHA256

          d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

          SHA512

          d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

        • C:\Users\Admin\AppData\Local\Temp\7zS0E71FED6\Locales\i18n.en-US.txt

          Filesize

          20KB

          MD5

          a1e3293265a273080e68501ffdb9c2fc

          SHA1

          add264c4a560ce5803ca7b19263f8cd3ed6f68f0

          SHA256

          1cb847f640d0b2b363ce3c44872c4227656e8d2f1b4a5217603a62d802f0581f

          SHA512

          cb61083dc4d7d86f855a4cc3fe7c4938232a55188ad08b028a12445675fbff6188bb40638bd1ce4e6077f5bfc94449c145118c8f9b8929d4e9c47ed74cf7bece

        • C:\Users\Admin\AppData\Local\Temp\7zS0E71FED6\ThemeFile

          Filesize

          80KB

          MD5

          c3e6bab4f92ee40b9453821136878993

          SHA1

          94493a6b3dfb3135e5775b7d3be227659856fbc4

          SHA256

          de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6

          SHA512

          a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

        • C:\Users\Admin\AppData\Local\Temp\CabD2C.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarD6E.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • \Users\Admin\AppData\Local\Temp\7zS0E71FED6\BlueStacksInstaller.exe

          Filesize

          629KB

          MD5

          0d021ad9fc86a22215cd014b088f307e

          SHA1

          531e18244b9a43798562c1297c09ccc0239adb61

          SHA256

          c14eb1c61d737e195ce06cb84ba2b05925dcf36ac35c1078f260e423b1ad3485

          SHA512

          e5d977d5a3f5a5888e054521168a9ac22712892d5aea225a6f545e9be885deef1983fbcd963927367b2d7439c18b2e6c71a6b143a924a41f5acabc76e0a6e993

        • memory/920-132-0x000007FEF5BC0000-0x000007FEF65AC000-memory.dmp

          Filesize

          9.9MB

        • memory/920-127-0x000007FEF5BC3000-0x000007FEF5BC4000-memory.dmp

          Filesize

          4KB

        • memory/920-131-0x0000000000E30000-0x0000000000E98000-memory.dmp

          Filesize

          416KB

        • memory/920-189-0x0000000000A80000-0x0000000000A8A000-memory.dmp

          Filesize

          40KB

        • memory/920-129-0x0000000000EC0000-0x0000000000F60000-memory.dmp

          Filesize

          640KB

        • memory/920-190-0x0000000000A80000-0x0000000000A8A000-memory.dmp

          Filesize

          40KB

        • memory/920-850-0x000007FEF5BC3000-0x000007FEF5BC4000-memory.dmp

          Filesize

          4KB

        • memory/920-851-0x000007FEF5BC0000-0x000007FEF65AC000-memory.dmp

          Filesize

          9.9MB

        • memory/920-852-0x0000000000A80000-0x0000000000A8A000-memory.dmp

          Filesize

          40KB