55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

Analysis

max time kernel
1799s
max time network
1791s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
10/02/2024, 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.0MB
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

8^/10

discovery evasion persistence spyware stealer upx

Malware Config

Signatures

Stops running service(s) 3 TTPs
evasion

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000700000001b047-23483.dat	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe

Downloads MZ/PE file

Modifies Windows Firewall 2 TTPs 8 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
9248	netsh.exe
9292	netsh.exe
4776	netsh.exe
1688	netsh.exe
5428	netsh.exe
4624	netsh.exe
5936	netsh.exe
5536	netsh.exe

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000\Control Panel\International\Geo\Nation	BlueStacksInstaller.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000\Control Panel\International\Geo\Nation	BlueStacks X.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000\Control Panel\International\Geo\Nation	BlueStacksWeb.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000\Control Panel\International\Geo\Nation	BlueStacksWeb.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000\Control Panel\International\Geo\Nation	BlueStacksServices.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000\Control Panel\International\Geo\Nation	BlueStacksServices.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\BlueStacks_nxt\concrt140.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\QtGraphicalEffects\private\DropShadowBase.qmlc	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\image\Tutorial\InstantPlay\Icon_tip2.svg	BSX-Setup-5.20.105.1004_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\ru.pak	BSX-Setup-5.20.105.1004_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\audio\qtaudio_windows.dll	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\BstkProxyStub.dll	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\api-ms-win-core-synch-l1-2-0.dll	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\libssl-1_1-x64.dll	7zr.exe
File created	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\gu.pak	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\pt-PT.pak	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\codec\libspeex_plugin.dll	BSX-Setup-5.20.105.1004_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libedgedetection_plugin.dll	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\en-GB.pak	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\xplugins\MainWindowPlugin.dll	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\msvcp140_2.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\QtQuick\Layouts\qmldir	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\image\account\google.svg	BSX-Setup-5.20.105.1004_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\MyGames\no_game_image.png	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libparam_eq_plugin.dll	BSX-Setup-5.20.105.1004_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\librotate_plugin.dll	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\HD-ComRegistrar.exe.config	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\image\banner_default.jpg	BSX-Setup-5.20.105.1004_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\Gallery\pre_enable.svg	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Logo_Nowgg.svg	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\home_hover.svg	BSX-Setup-5.20.105.1004_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\nowgg_logo.png	BSX-Setup-5.20.105.1004_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\Microsoft.WindowsAPICodePack.Shell.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\QtQuick\Shapes\qmldir	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\te.pak	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\styles\qwindowsvistastyle.dll	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\QtMultimedia	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\image\CloudMode\Icon_CloseTips.svg	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Search\History_ButtonDelete_hover.svg	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\mr.pak	BSX-Setup-5.20.105.1004_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libinvert_plugin.dll	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_filter	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\xplugins\SimulatorMgrPlugin.dll	BSX-Setup-5.20.105.1004_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hu.pak	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\opengl32sw.dll	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\liberase_plugin.dll	BSX-Setup-5.20.105.1004_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\QtQuick\Layouts\qquicklayoutsplugin.dll	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\config.json	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\family\Rubik-Regular.ttf	BSX-Setup-5.20.105.1004_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\checkBox\uncheck_pressed.svg	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\resources\qtwebengine_resources_200p.pak	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\account\discord.svg	BSX-Setup-5.20.105.1004_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\BstkDDU.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\msvcp140_atomic_wait.dll	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\bg.pak	BSX-Setup-5.20.105.1004_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\hu.pak	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe	7zr.exe
File created	C:\Program Files\BlueStacks_nxt\mediaservice\wmfengine.dll	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\aws\aws-cpp-sdk-s3.dll	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libanaglyph_plugin.dll	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\Qt5Gui.dll	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\HD-Astcdecoder_SSE42.dll	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\language	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\browser_loading.gif	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\MyGames\pc_refresh_holding.svg	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\settings\Image_Broken.svg	BSX-Setup-5.20.105.1004_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\HD-WerHandler.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\pt-PT.pak	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\mux\libmux_avi_plugin.dll	BSX-Setup-5.20.105.1004_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\position\qtposition_winrt.dll	BSX-Setup-5.20.105.1004_nxt.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Executes dropped EXE 36 IoCs

pid	Process
5876	BlueStacksInstaller_5.20.105.1004_native_58c998f4456358c55de5c6b20e3fb6b9_MDs1LDM7MTUsMTsxNSw0OzE1.exe
5124	BlueStacksInstaller.exe
652	HD-CheckCpu.exe
5504	HD-CheckCpu.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
2864	BlueStacksInstaller_5.20.105.1004_native_58c998f4456358c55de5c6b20e3fb6b9_MDs1LDM7MTUsMTsxNSw0OzE1.exe
1932	Bootstrapper.exe
3136	BlueStacksInstaller.exe
5128	7zr.exe
6164	7zr.exe
7428	HD-ForceGPU.exe
7472	HD-GLCheck.exe
7164	BlueStacksServicesSetup.exe
7528	HD-GLCheck.exe
7600	HD-GLCheck.exe
8032	HD-GLCheck.exe
7976	HD-GLCheck.exe
7892	HD-GLCheck.exe
8276	HD-CheckCpu.exe
8312	7zr.exe
8916	HD-GLCheck.exe
9564	HD-GLCheck.exe
9844	7zr.exe
5140	HD-GLCheck.exe
10132	BlueStacksServices.exe
368	BlueStacksServices.exe
4440	BlueStacksServices.exe
6468	7zr.exe
7232	7zr.exe
8804	BlueStacksServices.exe
9384	HD-CheckCpu.exe
5900	7zr.exe
2744	BlueStacks X.exe
8748	BlueStacksWeb.exe
9100	BlueStacksWeb.exe
7072	BlueStacksServices.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
9508	sc.exe

Loads dropped DLL 64 IoCs

pid	Process
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	BlueStacks X.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	BlueStacksInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	BlueStacksInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	BlueStacks X.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	BlueStacks X.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	BlueStacks X.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
7752	tasklist.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bluestacks.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\support.bluestacks.com\ = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete	MicrosoftEdge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\URL Protocol	BSX-Setup-5.20.105.1004_nxt.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bluestacks.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 25843634325cda01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Packa = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bluestacks.com\NumberOfSubdom = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e391c534325cda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\	BSX-Setup-5.20.105.1004_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open	BSX-Setup-5.20.105.1004_nxt.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\bstsrvs	BlueStacksServices.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bluestacks.com\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\BlueStacksInstaller_5.20.105.1004_native_58c998f4456358c55de5c6b20e3fb6b9_MDs1LDM7MTUsMTsxNSw0OzE1.exe:Zone.Identifier	firefox.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2744	BlueStacks X.exe

Suspicious behavior: EnumeratesProcesses 38 IoCs

pid	Process
2356	AnyDesk.exe
2356	AnyDesk.exe
5124	BlueStacksInstaller.exe
5124	BlueStacksInstaller.exe
5124	BlueStacksInstaller.exe
5124	BlueStacksInstaller.exe
5124	BlueStacksInstaller.exe
5124	BlueStacksInstaller.exe
5124	BlueStacksInstaller.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
6096	BSX-Setup-5.20.105.1004_nxt.exe
1932	Bootstrapper.exe
1932	Bootstrapper.exe
1932	Bootstrapper.exe
1932	Bootstrapper.exe
1932	Bootstrapper.exe
1932	Bootstrapper.exe
1932	Bootstrapper.exe
1932	Bootstrapper.exe
3136	BlueStacksInstaller.exe
3136	BlueStacksInstaller.exe
3136	BlueStacksInstaller.exe
3136	BlueStacksInstaller.exe
3136	BlueStacksInstaller.exe
3136	BlueStacksInstaller.exe
3136	BlueStacksInstaller.exe
7164	BlueStacksServicesSetup.exe
7164	BlueStacksServicesSetup.exe
7752	tasklist.exe
7752	tasklist.exe
9100	BlueStacksWeb.exe
8748	BlueStacksWeb.exe
7072	BlueStacksServices.exe
7072	BlueStacksServices.exe
2744	BlueStacks X.exe
2744	BlueStacks X.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2744	BlueStacks X.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
628	Process not Found

Suspicious behavior: MapViewOfSection 6 IoCs

pid	Process
4132	MicrosoftEdgeCP.exe
4132	MicrosoftEdgeCP.exe
4132	MicrosoftEdgeCP.exe
4132	MicrosoftEdgeCP.exe
4132	MicrosoftEdgeCP.exe
4132	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3304	firefox.exe
Token: SeDebugPrivilege	3304	firefox.exe
Token: SeDebugPrivilege	5124	BlueStacksInstaller.exe
Token: SeSecurityPrivilege	6096	BSX-Setup-5.20.105.1004_nxt.exe
Token: SeDebugPrivilege	1932	Bootstrapper.exe
Token: SeDebugPrivilege	3136	BlueStacksInstaller.exe
Token: SeRestorePrivilege	5128	7zr.exe
Token: 35	5128	7zr.exe
Token: SeSecurityPrivilege	5128	7zr.exe
Token: SeSecurityPrivilege	5128	7zr.exe
Token: SeRestorePrivilege	6164	7zr.exe
Token: 35	6164	7zr.exe
Token: SeSecurityPrivilege	6164	7zr.exe
Token: SeSecurityPrivilege	6164	7zr.exe
Token: SeDebugPrivilege	7752	tasklist.exe
Token: SeSecurityPrivilege	7164	BlueStacksServicesSetup.exe
Token: SeRestorePrivilege	8312	7zr.exe
Token: 35	8312	7zr.exe
Token: SeSecurityPrivilege	8312	7zr.exe
Token: SeSecurityPrivilege	8312	7zr.exe
Token: SeRestorePrivilege	9844	7zr.exe
Token: 35	9844	7zr.exe
Token: SeSecurityPrivilege	9844	7zr.exe
Token: SeSecurityPrivilege	9844	7zr.exe
Token: SeShutdownPrivilege	10132	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	10132	BlueStacksServices.exe
Token: SeRestorePrivilege	6468	7zr.exe
Token: 35	6468	7zr.exe
Token: SeSecurityPrivilege	6468	7zr.exe
Token: SeSecurityPrivilege	6468	7zr.exe
Token: SeShutdownPrivilege	10132	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	10132	BlueStacksServices.exe
Token: SeRestorePrivilege	7232	7zr.exe
Token: 35	7232	7zr.exe
Token: SeSecurityPrivilege	7232	7zr.exe
Token: SeSecurityPrivilege	7232	7zr.exe
Token: SeShutdownPrivilege	10132	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	10132	BlueStacksServices.exe
Token: SeShutdownPrivilege	10132	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	10132	BlueStacksServices.exe
Token: SeShutdownPrivilege	10132	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	10132	BlueStacksServices.exe
Token: SeShutdownPrivilege	10132	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	10132	BlueStacksServices.exe
Token: SeShutdownPrivilege	10132	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	10132	BlueStacksServices.exe
Token: SeShutdownPrivilege	10132	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	10132	BlueStacksServices.exe
Token: SeShutdownPrivilege	10132	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	10132	BlueStacksServices.exe
Token: SeShutdownPrivilege	10132	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	10132	BlueStacksServices.exe
Token: SeShutdownPrivilege	10132	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	10132	BlueStacksServices.exe
Token: SeShutdownPrivilege	10132	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	10132	BlueStacksServices.exe
Token: SeShutdownPrivilege	10132	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	10132	BlueStacksServices.exe
Token: SeShutdownPrivilege	10132	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	10132	BlueStacksServices.exe
Token: SeShutdownPrivilege	10132	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	10132	BlueStacksServices.exe
Token: SeShutdownPrivilege	10132	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	10132	BlueStacksServices.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
696	AnyDesk.exe
696	AnyDesk.exe
696	AnyDesk.exe
3304	firefox.exe
3304	firefox.exe
3304	firefox.exe
3304	firefox.exe
3304	firefox.exe
3304	firefox.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
696	AnyDesk.exe
696	AnyDesk.exe
696	AnyDesk.exe
3304	firefox.exe
3304	firefox.exe
3304	firefox.exe
3304	firefox.exe
3304	firefox.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
3304	firefox.exe
3304	firefox.exe
3304	firefox.exe
3304	firefox.exe
7976	HD-GLCheck.exe
9564	HD-GLCheck.exe
9740	MicrosoftEdge.exe
4132	MicrosoftEdgeCP.exe
10068	MicrosoftEdgeCP.exe
4132	MicrosoftEdgeCP.exe
2744	BlueStacks X.exe
2744	BlueStacks X.exe
2744	BlueStacks X.exe
2744	BlueStacks X.exe
2744	BlueStacks X.exe
2744	BlueStacks X.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4064 wrote to memory of 2356	4064	AnyDesk.exe	75
PID 4064 wrote to memory of 2356	4064	AnyDesk.exe	75
PID 4064 wrote to memory of 2356	4064	AnyDesk.exe	75
PID 4064 wrote to memory of 696	4064	AnyDesk.exe	74
PID 4064 wrote to memory of 696	4064	AnyDesk.exe	74
PID 4064 wrote to memory of 696	4064	AnyDesk.exe	74
PID 788 wrote to memory of 3304	788	firefox.exe	87
PID 788 wrote to memory of 3304	788	firefox.exe	87
PID 788 wrote to memory of 3304	788	firefox.exe	87
PID 788 wrote to memory of 3304	788	firefox.exe	87
PID 788 wrote to memory of 3304	788	firefox.exe	87
PID 788 wrote to memory of 3304	788	firefox.exe	87
PID 788 wrote to memory of 3304	788	firefox.exe	87
PID 788 wrote to memory of 3304	788	firefox.exe	87
PID 788 wrote to memory of 3304	788	firefox.exe	87
PID 788 wrote to memory of 3304	788	firefox.exe	87
PID 788 wrote to memory of 3304	788	firefox.exe	87
PID 3304 wrote to memory of 1852	3304	firefox.exe	88
PID 3304 wrote to memory of 1852	3304	firefox.exe	88
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89
PID 3304 wrote to memory of 1688	3304	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:4064
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:696
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2356

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:788
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.0.555558660\1046157399" -parentBuildID 20221007134813 -prefsHandle 1688 -prefMapHandle 1684 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c568a8e-a1d8-4f40-954f-d16ffb8dbcbd} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 1764 1d8766f6658 gpu
    3⤵
    PID:1852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.1.105101457\786269684" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73cc4e9d-c1b3-4e96-9748-ebe38ad04067} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 2120 1d86b672858 socket
    3⤵
    - Checks processor information in registry
    PID:1688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.2.187968243\1839510821" -childID 1 -isForBrowser -prefsHandle 2900 -prefMapHandle 2716 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {591f7db6-2db3-4b17-96ef-40f6b7e74645} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 3056 1d876659a58 tab
    3⤵
    PID:4132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.3.83209740\1052488880" -childID 2 -isForBrowser -prefsHandle 1028 -prefMapHandle 988 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a67bffc3-8a83-4897-9384-78c07791ee63} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 3264 1d86b662858 tab
    3⤵
    PID:3552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.4.2140030618\1756721325" -childID 3 -isForBrowser -prefsHandle 4204 -prefMapHandle 4200 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0418c99f-20ab-4d4b-b9a1-255fe5010ef2} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 4216 1d87c684458 tab
    3⤵
    PID:3480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.7.1991786267\711184112" -childID 6 -isForBrowser -prefsHandle 5204 -prefMapHandle 5208 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9616af47-0f92-474d-a0e0-d4d08f15f57a} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 5196 1d87cda3758 tab
    3⤵
    PID:524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.6.93727642\590135188" -childID 5 -isForBrowser -prefsHandle 5012 -prefMapHandle 5016 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac2a4468-7a2e-456b-8f7f-8772b3323957} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 5004 1d87cda5858 tab
    3⤵
    PID:2672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.5.1142572886\202903266" -childID 4 -isForBrowser -prefsHandle 4868 -prefMapHandle 4864 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdbc3bbe-d466-4e73-bb9f-af758a9e72e9} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 4876 1d878d56258 tab
    3⤵
    PID:3300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.9.422339874\80707527" -childID 8 -isForBrowser -prefsHandle 5604 -prefMapHandle 5608 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {336d06d3-6752-4c93-9e4f-404e6d16efd7} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 5692 1d87e1bb458 tab
    3⤵
    PID:5540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.8.583540084\1869850145" -childID 7 -isForBrowser -prefsHandle 5568 -prefMapHandle 4540 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34fdcb3b-2d65-492e-817b-dc03cdfd5f6f} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 5528 1d87e1bab58 tab
    3⤵
    PID:5532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.10.736009910\26189019" -childID 9 -isForBrowser -prefsHandle 4992 -prefMapHandle 5284 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e712352b-bcf1-4d8c-af12-98c0489f2bf9} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 5172 1d87e318458 tab
    3⤵
    PID:5088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.11.195163969\7982712" -childID 10 -isForBrowser -prefsHandle 9496 -prefMapHandle 9500 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8340a478-6ba6-4558-8cfa-0901aeb01b2a} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 9488 1d87f14f158 tab
    3⤵
    PID:1444

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5788

C:\Users\Admin\Downloads\BlueStacksInstaller_5.20.105.1004_native_58c998f4456358c55de5c6b20e3fb6b9_MDs1LDM7MTUsMTsxNSw0OzE1.exe
"C:\Users\Admin\Downloads\BlueStacksInstaller_5.20.105.1004_native_58c998f4456358c55de5c6b20e3fb6b9_MDs1LDM7MTUsMTsxNSw0OzE1.exe"
1⤵
- Executes dropped EXE
PID:5876
- C:\Users\Admin\AppData\Local\Temp\7zS4F65FC69\BlueStacksInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS4F65FC69\BlueStacksInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5124
- - C:\Users\Admin\AppData\Local\Temp\7zS4F65FC69\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS4F65FC69\HD-CheckCpu.exe" --cmd checkHypervEnabled
    3⤵
    - Executes dropped EXE
    PID:652
- - C:\Users\Admin\AppData\Local\Temp\7zS4F65FC69\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS4F65FC69\HD-CheckCpu.exe" --cmd checkSSE4
    3⤵
    - Executes dropped EXE
    PID:5504
- - C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.20.105.1004_nxt.exe
    "C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.20.105.1004_nxt.exe" -s
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:6096
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\BlueStacks X\green.vbs"
      4⤵
      PID:10228
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c green.bat
        5⤵
        
        PID:6000
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall delete rule name="BlueStacksWeb"
        6⤵
        Modifies Windows Firewall
        
        PID:4776
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall delete rule name="Cloud Game"
        6⤵
        Modifies Windows Firewall
        
        PID:1688
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall add rule name="BlueStacksWeb" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe"
        6⤵
        Modifies Windows Firewall
        
        PID:5428
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall add rule name="Cloud Game" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\Cloud Game.exe"
        6⤵
        Modifies Windows Firewall
        
        PID:4624
- - C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.20.105.1004_native_58c998f4456358c55de5c6b20e3fb6b9_MDs1LDM7MTUsMTsxNSw0OzE1.exe
    "C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.20.105.1004_native_58c998f4456358c55de5c6b20e3fb6b9_MDs1LDM7MTUsMTsxNSw0OzE1.exe" -versionMachineID=75ce4ee7-c54e-4cad-ab0f-17679e7f008e -machineID=357892bd-1eea-4a3f-9d62-cef2727915e0 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Nougat32 -imageToLaunch=Nougat32 -isSSE4Available=1 -appToLaunch=bs5 -bsxVersion=10.10.7.1001 -country=GB -isWalletFeatureEnabled
    3⤵
    - Executes dropped EXE
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\Bootstrapper.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\Bootstrapper.exe" -versionMachineID=75ce4ee7-c54e-4cad-ab0f-17679e7f008e -machineID=357892bd-1eea-4a3f-9d62-cef2727915e0 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Nougat32 -imageToLaunch=Nougat32 -isSSE4Available=1 -appToLaunch=bs5 -bsxVersion=10.10.7.1001 -country=GB -isWalletFeatureEnabled
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\BlueStacksInstaller.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\BlueStacksInstaller.exe" -versionMachineID="75ce4ee7-c54e-4cad-ab0f-17679e7f008e" -machineID="357892bd-1eea-4a3f-9d62-cef2727915e0" -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName="Nougat32" -imageToLaunch="Nougat32" -appToLaunch="bs5" -bsxVersion="10.10.7.1001" -country="GB" -isWalletFeatureEnabled -parentpath="C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.20.105.1004_native_58c998f4456358c55de5c6b20e3fb6b9_MDs1LDM7MTUsMTsxNSw0OzE1.exe" -md5=58c998f4456358c55de5c6b20e3fb6b9 -app64=
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Checks processor information in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\CommonInstallUtils.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\" -aoa
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\QtRedistx64.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\" -aoa
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\HD-ForceGPU.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\HD-ForceGPU.exe" 1 "C:\Program Files\BlueStacks_nxt"
        6⤵
        Executes dropped EXE
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\HD-GLCheck.exe" 1 2
        6⤵
        Executes dropped EXE
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\HD-GLCheck.exe" 4 2
        6⤵
        Executes dropped EXE
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\HD-GLCheck.exe" 2 2
        6⤵
        Executes dropped EXE
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\HD-GLCheck.exe" 1 1
        6⤵
        Executes dropped EXE
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\HD-GLCheck.exe" 4 1
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\HD-GLCheck.exe" 2 1
        6⤵
        Executes dropped EXE
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\HD-CheckCpu.exe" --cmd checkSSE4
        6⤵
        Executes dropped EXE
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\PF.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa
        6⤵
        Drops file in Program Files directory
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\\HD-GLCheck.exe" 2
        6⤵
        Executes dropped EXE
        
        PID:8916
      - C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\\HD-GLCheck.exe" 3
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:9564
      - C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\QtRedistx64.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa
        6⤵
        Drops file in Program Files directory
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\\HD-GLCheck.exe" 1
        6⤵
        Executes dropped EXE
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\PD.zip" -o"C:\ProgramData\BlueStacks_nxt" -aoa
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\7zr.exe" x "C:\ProgramData\Nougat32_5.20.105.1004.exe" -o"C:\ProgramData\BlueStacks_nxt\Engine\Nougat32" -aoa
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:7232
      - C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"
        6⤵
        Modifies Windows Firewall
        
        PID:5936
      - C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\HD-Player.exe" enable=yes
        6⤵
        Modifies Windows Firewall
        
        PID:5536
      - C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall delete rule name="BlueStacksAppplayerWeb"
        6⤵
        Modifies Windows Firewall
        
        PID:9248
      - C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall add rule name="BlueStacksAppplayerWeb" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe" enable=yes
        6⤵
        Modifies Windows Firewall
        
        PID:9292
      - C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\HD-CheckCpu.exe" --cmd checkSSE3
        6⤵
        Executes dropped EXE
        
        PID:9384
      - C:\Windows\SYSTEM32\cmd.exe
        
        "cmd.exe" /c "sc.exe delete BlueStacksDrv_nxt"
        6⤵
        
        PID:9460
        
        C:\Windows\system32\sc.exe
        
        sc.exe delete BlueStacksDrv_nxt
        7⤵
        Launches sc.exe
        
        PID:9508
      - C:\Windows\SYSTEM32\reg.exe
        
        "reg.exe" EXPORT HKLM\Software\BlueStacks_nxt "C:\Users\Admin\AppData\Local\Temp\qtsi2nsf.z21\RegHKLM.txt"
        6⤵
        
        PID:9524
      - C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\7zr.exe" a "C:\Users\Admin\AppData\Local\Temp\Installer.zip" -m0=LZMA:a=1 "C:\Users\Admin\AppData\Local\Temp\qtsi2nsf.z21\*"
        6⤵
        Executes dropped EXE
        
        PID:5900

C:\ProgramData\BlueStacksServicesSetup.exe
"C:\ProgramData\BlueStacksServicesSetup.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:7164
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq BlueStacksServices.exe" | find "BlueStacksServices.exe"
  2⤵
  PID:7688
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq BlueStacksServices.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:7752
- - C:\Windows\SysWOW64\find.exe
    find "BlueStacksServices.exe"
    3⤵
    PID:7744

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --hidden --initialLaunch
1⤵
- Adds Run key to start application
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:10132
- C:\Windows\system32\cscript.exe
  cscript.exe
  2⤵
  PID:10212
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1404 --field-trial-handle=1596,i,676080523558850837,17660048027993342674,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices
  2⤵
  PID:5316
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1868 --field-trial-handle=1596,i,676080523558850837,17660048027993342674,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices
  2⤵
  PID:6072
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A
  2⤵
  PID:6504
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A
  2⤵
  PID:5752
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:5624
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id=com.bluestacks.services --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2416 --field-trial-handle=1596,i,676080523558850837,17660048027993342674,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:8804
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:8820
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt
  2⤵
  PID:8996
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1596,i,676080523558850837,17660048027993342674,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:7072

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:9740

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:9816

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:4132

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:10068

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5360

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:7132

C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe
"C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Checks processor information in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2744
- C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
  BlueStacksWeb.exe --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=3692 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:8748
- C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
  BlueStacksWeb.exe --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3796 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:9100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe

Filesize
476KB

MD5
81f60fbe52372cb2b2fd79981ab1661d

SHA1
0bf8a29dcdd98c1c047dfcc0e3ce17cff6c0bf4c

SHA256
874636c3bc3df8e46e896db455cf2cf509900847808b8a071f2a44324ccea9b1

SHA512
1c53e1738e42d2842685558d7cac4e2033c8be22c1df0a975e4f3666640f8267522577e853eef07fede155d65b125e507b5372aba62785987224ac771a671ed7

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_disabled.svg

Filesize
569B

MD5
e7fdf6a9c8cae1fc1108dc5a803a1905

SHA1
2853f9ff5e63685ebb1449dcf693176b17e4ab60

SHA256
8ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e

SHA512
a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_hover.svg

Filesize
653B

MD5
76166804e6ce35e8a0c92917b8abc071

SHA1
8bd38726a11a9633ac937b9c6f205ce5d36348b0

SHA256
1bca2e912184b8168ee8961de68d1d839f4f9827fde6f48ab100fb61e82eff90

SHA512
93c4f1af7e9f89091a207ab308e05ddd4c92406c039f7465d3b8aca7e0cc7a6c922a22e1eee2f5c88db5e89016ef69294b2a0905d7d6a90fd32835bc11929005

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_normal.svg

Filesize
569B

MD5
3221ac69d7facd8aa90ffa15aea991b0

SHA1
e0571f30f4708ec78addc726a743679ca0f05e45

SHA256
92aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537

SHA512
5e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_pressed.svg

Filesize
653B

MD5
dfddf8d0788988c3e48fcbfb2a76cd20

SHA1
463bb61f0012289e860c32f1885a3a8f57467f2e

SHA256
9585f41eb6202e89f2087266fa31852d7f41ca8cc659b907c96753fe165f937d

SHA512
e708c5114c60f7574589d6a56c9faedda26ee4a40f0eeb25f5e12eadcf790f24fdbf393fa0aa6ad449b5337d625b092d6f8822472fa8a6ce1339aca59c50c3ca

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\checked_gray.png

Filesize
538B

MD5
ce144d2aab3bf213af693d4e18f87a59

SHA1
df59dc3dbba88bdc5ffc25f2e5e7b73ac3de5afa

SHA256
d8e502fab00b0c6f06ba6abede6922ab3b423fe6f2d2f56941dabc887b229ad3

SHA512
0f930edd485a0d49ef157f6cc8856609c087c91b77845adeb5cc8c8a80ebc7ec5416df351ffa1af780caad884dbb49dcc778b0b30de6fb7c85ffef22d7220ebe

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\checked_gray_hover.png

Filesize
412B

MD5
ea22933e94c7ab813b639627f2b38286

SHA1
c5358c5cb7fb1a0744c775f8148c2376928fb509

SHA256
d7c79677d2ef897fa0ad1efc90e916c46da29f571208f78f24505603b7165c20

SHA512
ba447a1aedec49419e2b4a8de85c6047886f1a5ebb94f1c45e205a3780c6826f412a3892e97115b35e43839f43e346f3c72ffbf0c57d57f6d26b360ae61b3964

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\close_red_click.png

Filesize
15KB

MD5
6db7460b73a6641c7621d0a6203a0a90

SHA1
d39b488b96f3e5b5fe93ee3eecb6d28bb5b03cf3

SHA256
d5a7e6fc5e92e0b29a4f65625030447f3379b4e3ac4bed051a0646a7932ce0cd

SHA512
a0e6911853f51d73605e8f1a61442391fad25ff7b50a3f84d140d510fd98e262c971f130fb8a237a63704b8162c24b8440a5f235f51a5c343389f64e67c1c852

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\close_red_hover.png

Filesize
15KB

MD5
5ceab43aa527bc146f9453a1586ddf03

SHA1
88ffb3cadccb54d4be3aabf31cf4d64210b5f553

SHA256
7c625ae4668cc03e37e4ffc478b87eace06b49b77e71e3209f431c23d98acdd0

SHA512
8a5c81c048fb7d02b246ed23a098ae5f95cdf6f4ca58fd3d30e4fe3001c933444310ca6391096cfaeed86b13f568236f84df4ea9a3d205c0677e31025616f19e

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\powered_by_bs.png

Filesize
9KB

MD5
7a2e5c21140aa8269c2aafd207f5dbaa

SHA1
4e0d9e7e1b09e67eba10100d73dc51623517821e

SHA256
3d2afe5236ec813d9e8063bc43eb34b88c2155784e1bce19c6a533c32767af35

SHA512
63f512559f2068a9702c7c527c126f6017cd8d1d16af52e41b884aa9a64ff4294a57243ec78c3a416f70fb6178a79877d68345357725ff92c935709a2ef8adde

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\unchecked_gray_hover.png

Filesize
176B

MD5
62d7f14c26608f8392537d68f43dece1

SHA1
add4f30e7c3af4f7622e6bc55d960db612f3bb0a

SHA256
a631e26bd5b6ea19c8c65b766a056c92ba8a47e1483768dcf12b05293c9a7a0d

SHA512
e41210a78e6076954f75a2f73c0f7628e8604a09ecbb1d2ee0972741d4ef1d814b366828977c02944736b03ed116bc559a2ae47ddb7cbc6f4e54578c8263edf4

Download Submit
C:\Program Files\BlueStacks_nxt\BlueStacksUninstaller.exe.config

Filesize
392B

MD5
ca0a329097316832e4a6ea5d870c9268

SHA1
4a36b93361d3dc9df9b00313f2c2b394be9e1e72

SHA256
4b7df915d706af6459c38d75b09c5e14f951842ae0678078400f204ad1c7a7c2

SHA512
51f9a874e84f130be4fa29fcc4bc934105318234b5dd9ceedaf569e3f0e6b38e29f3bec056044724476ae24295a510b16d8a737b994fd6f1268609defa315271

Download Submit
C:\Program Files\BlueStacks_nxt\HD-ForceGPU.exe

Filesize
169KB

MD5
736e73c5dcb738d1f4051413ebefd09c

SHA1
effadd06aabd42d6d487a3e864f2d402d391025e

SHA256
99172523f6b242e71cedf590c340a5b241ea436fcc6f064fd113a6c43136b008

SHA512
8e0cd6c2b8621674caa291953eaac84343001d81e00cff94403fd070b36211d37f0a95dc3084692dc264c11042fe520b69cfa6f955e8781fe7319a80d4a352f8

Download Submit
C:\Program Files\BlueStacks_nxt\HD-GLCheck.exe

Filesize
223KB

MD5
bd130ec303b3a51b6d0b77e8542d7c17

SHA1
1e5328a35e4bea1a2dbfc94528182c98d5f3b5c9

SHA256
5b13da3ecb312b34e464ae73eab5cfe77d5e4336dfcc00d334c6e0c641d407e7

SHA512
239f46b9eb4927ec4cd44da184eba78d6ea5d716e656b156918f3471d96bcfdf2eb468157fc510c4e7e6ed81eb7c71a29880c9d9a5d527b9cdc6322e13a589ed

Download Submit
C:\Program Files\BlueStacks_nxt\ProductLogo.ico

Filesize
131KB

MD5
169706218f98a42594a8c5c5a65771fe

SHA1
b8ded94180212578d86a031eb71ef93dcffe1a26

SHA256
3803045963af064936d7071c178de8e40854968b3d3f9171c57a182c869f3697

SHA512
1c3f18ed0a24ffa78fe938826eb88531eb8be134d6f209b87d7af5d0e8c4829f01947d7b0048996b9755562bbb7f52e000bcd15d07d646cacb2989ac881ce448

Download Submit
C:\Program Files\BlueStacks_nxt\resources\icudtl.dat

Filesize
7.9MB

MD5
7a98ce0966f10d6516f24ecebd9def87

SHA1
848db27d5e2148192a38524d7e65ea21ba2d565a

SHA256
a1c4c99d5286974d6080c34476daf9c6c88af0a214003abe0c2c29ba8c872130

SHA512
42a18b7c020345696b748187b517616e1f710441ce62b471919f69cacbf3fa508871c93941d99c59ebf9eff87844b11a7be9d491b50e4ba122e6ed8851c10fb3

Download Submit
C:\Program Files\BlueStacks_nxt\resources\qtwebengine_resources.pak

Filesize
2.4MB

MD5
aed2766cd70116ab1e0c430001a30b8f

SHA1
a06c62b35c333412dd61c493d6a6520a8c04537c

SHA256
4ed3a10f1bbc40b9a2ce3b8cb6dab6f00fe922d0c0e1c6ab5adfd8617cec9389

SHA512
a1ca058b88c1a6839b2e329b08423ee115800864f580f832bbc4f4720f0965984f893d210437951bd79dcfd3b917137b0b2e8f381e50d2a1bc2de37ca5555961

Download Submit
C:\Program Files\BlueStacks_nxt\resources\qtwebengine_resources_100p.pak

Filesize
191KB

MD5
8615f18dea34c152e8aeb8f4e01fd17b

SHA1
032b7bab09943cc5c8a380b0aba29652d5539153

SHA256
e7e2cd13fa9fbaa33c537e8eecfd542e4ce4a621bc0b94159ef9e6e4541652a6

SHA512
2a68ba854d473883f20e1a26375fa39b689cd39d2e284a963b07f25fa3eb6865ff3d8fea2241af23ffc731b83e20ec5b8147486de0a507e83413f75d71eab248

Download Submit
C:\Program Files\BlueStacks_nxt\resources\qtwebengine_resources_200p.pak

Filesize
250KB

MD5
de5e6a97c80d698256369b10255ce45d

SHA1
8d4b979a8c2ee33c2dbc01ed13a165b455a5fdfc

SHA256
669f9d3388438377c440419e5c62973362e33e84a5b247ddd0dd4568da75eb13

SHA512
5609ca5053f581e636c0fe10def704f076c7acf5d958e235991fec32a2ddebd72b312f36a6648d2462766d1cb141f3df12d39df1a344e0dfb4a9e2946dcf1206

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\am.pak

Filesize
420KB

MD5
2a8ca8692a60fe8d33d51d99c9084a9d

SHA1
919d8adacce240fd394d6faf2aa41d2e5b8460ec

SHA256
73f0a7c7632313613814b3ccf5962962aff99de940e084e0b609ecbad1ec1d44

SHA512
080e56cce041226592e7fa816fe8c5e362a1f172a8c671bda4092ff127f0cbe8238c40d41751099f6bac8f02c71faccc011df270b1c1bb8b772286ab95f5f1ea

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ar.pak

Filesize
441KB

MD5
143ffa8ca3ac0e6dca9a8b3e8ba3f3f5

SHA1
6186940350b3fdd936f6ce41f3091bbca397e9a2

SHA256
3f35466a80f4ca5a5167b2d3a3278e75afd90821206ac98801210a2117c913e2

SHA512
a12b5e3ae821e08aa76657cf84bd79def6f8fdb413e908b13944f6c2bc1aa9724193d0a9a0abd5dc0b87e0845d61b021d39024a5048443531dafa19de707944e

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\bg.pak

Filesize
475KB

MD5
154217351d415b13dca71e28727902c4

SHA1
096a1640b5e83a7b20afdfa7cfe2507b4128e0a5

SHA256
da4bb8513745180a0eb26228a315786a6bfb98d6594173491d25cdf9d59c5bcf

SHA512
f1676a8b05c00588308c57b2290c00a6d844811e9ad4495ba94d62ae71a8c58d504ccd2697cfbf822fd5c2ce6423f76da8a901b4eae55095dc4b9667d9c2a8eb

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\bn.pak

Filesize
624KB

MD5
304432105fbe28b1625f0d7b6be3e7bf

SHA1
2d5474854bc0bca3f3ead1b9199d76ef533f0850

SHA256
ac282f17c5f25b55d368d06b305b89b614949d41c2a1377f1dd5aecb57d1ca8e

SHA512
8ab35cf2069f70a3a99dde98a7b7782821000abcefa97eaeb07b8a717d26a7b6c5461d5bcd39110b47db98aad9c56e463ca2707b7e6b71cda1092b8cf3a91ab8

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ca.pak

Filesize
294KB

MD5
a2c61a98fe7407ded9ece126c4c9d057

SHA1
c7d64d8bdc2fd9e7f1c62dff79e0e56e13f9cd69

SHA256
4d583b753104ae98a1e5858bfe38dfa3195d477128441ca59c882d158d52ebf8

SHA512
7522ee10397140b5eb45ec3d5cb32e9212a7d3cae8fbc377b270872aaf6c7077e7b13465f6005a85b5fdd4d2e86b1731c3366ddfb2e4bccae4ae2d1a178e0b1c

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\cs.pak

Filesize
303KB

MD5
c0bb82986abc67281d8067e5f20625c7

SHA1
e7cc8888dd95d9edf226893f0e4c12e572bf6bf8

SHA256
217718dd6d64f45da33db0629e6d56da8084ae0fd8123eafda909e662a5e5b50

SHA512
80f4542345cc6e0d3589aeb76e0e5f19a824f2d3186d397c8fb71c1e9d6c056108df7f9a192a6515eb9ee43505b7844c0bf76b77596adcaa3c0ee783dd590ad9

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\da.pak

Filesize
271KB

MD5
5eba7377be8e34dd03db766300039ed2

SHA1
b3460fa050b93454b9e05586d86d7cf67881f557

SHA256
94157ad608b35b29dd176a3106caa4613ed6d4c20268ce00ac4ccf13a9950f94

SHA512
7d24210b60fe38b42fc6a4437ffb1e06333b7084025efe462b66e086cdee953254a1d6fec69ab3c8569118156f3a4a957aed5259e1432772ab46cf7905aa4385

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\de.pak

Filesize
292KB

MD5
01cc5b8a05a435482dc692baef032d3a

SHA1
229a4d1c9aea9111bb46895d096dfcaf488b8d4a

SHA256
53d5743a2606d6b553e8dbff871f2f1d3d53666baeb9ecca5b1ed624d48d5835

SHA512
082654e8385811d4e0f35544c017704b0f13638f850947d76c9abe093333fdaf9d1d08c184bb8107d16b0eae6ebcbe0c522ed18138dcee30a71d9d75ea8c3488

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\el.pak

Filesize
522KB

MD5
26afc001a706679413f5deaa3c6603e4

SHA1
c9d780d930775cfc17cf9160712a2e90ca55106e

SHA256
4c2a3552e84fdd08852073d25c99727c4270160260d159572715c7d37e5861bc

SHA512
743380b99f6d55ad892296e8361b74cf90254403fef15de37c3e5fc302bae2991f5bb4ae21ba84bddc30da3b5b31fb4e741b0c524feede1656bcd2d531d76ea1

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\en-GB.pak

Filesize
239KB

MD5
06da37b66f4dbbe8c5ae1bd7e4addc99

SHA1
ac190bbb14b76d14143dcc088f460d1be2ba2886

SHA256
60f87ec2b06329bdea7f835a61e9893fae147343f133caa2bfa5215797881ee0

SHA512
c436359e259c0a1cdc0dea1bb9ecd2bc22fe1124d76b9deac7e8c7751d97d66cbe61739aecef650908ed05363156fa11453490a9c9f23c74c683ac4e8c7c8c3e

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\en-US.pak

Filesize
242KB

MD5
1e958f35257ef1e2e5115d860602a593

SHA1
688afb781ce3c4c9a55fee9696145260d2ce1400

SHA256
4a65112f4d03cf38abf2ccff5e3fe8e161cb3e47d588b510504007c9bb876b37

SHA512
a996e8708f4e92794cf3eb6b7780d9ac8e567b1359aface4fd50d427630e4219678f4cdcd58764123ab6baf12a9c87a08b6ba5767fa8f6042a7319fb45b72a27

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\es-419.pak

Filesize
289KB

MD5
f21b0783d062082ee46aa573eff68df0

SHA1
84f62d15eb68858245e56bef0cf317e273918044

SHA256
859cb8ad8666e97a47f0e24df4ae85aad80002fbf842b4e68afd0a308d6597fe

SHA512
d87e2d51cedba8ba4eba3b0fd390bfb32b25c5cda98a0d6465b5ae351dc745a67ac174c223e7def8b02c9f00729244026e895791add2611680579dfec4b7b07b

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\es.pak

Filesize
293KB

MD5
03265b1a7f6a996513067866d55f3bcb

SHA1
427eecd7810cf24c8758dc9beae18afc9d8969a0

SHA256
516234550bfda93687b28c5cb3b7b5362212bf41b900d790ade52747bcf766da

SHA512
d6ace0340666eaffe28f57fb070eb4504460bd47517cf3c0b9c07671a605ec017c4fb45a38fbb96b9c54887dcee639b41ef03b2fd85ed9a666af56dbb73023dc

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\et.pak

Filesize
261KB

MD5
73e6f20f0c75a9beb72798167f8c6f91

SHA1
d01932a69626d23e8ce9e9bc240f6d99dd155fb4

SHA256
ff1b0d50f6f067b291199578b6a7757797bd7fdc6b0ac472c9361076bf9eadaf

SHA512
98966566211bba402352607a0622dca7f64ad4c056cec2b40cb70572cd1ce5ed92556490b4399a32ed1c04a14d80a3841fd1a758225120ee416c68e9314316db

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fa.pak

Filesize
422KB

MD5
f913ea1db8c9c99bff701ceeaf8138f3

SHA1
6bef3ff865b3a95dc1900ba3c94c5bf556c695a1

SHA256
b4e0d3f7cb858ce12b5a75a71ef14f2a36494cd4138181b29f6fb3d6bd386c4c

SHA512
edca9b945c6dc90586f6d20e73316f620d5fff61f3ad4fd35c7e9064f55b1988cc77d372a97d100cbf572a2906cd193777a18ace98fabadea1604df42c8823a5

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fi.pak

Filesize
269KB

MD5
f55358f58eb17b4bc6abb19592c1aba7

SHA1
6dc1d99757bc5a447b9761a4a0c90a2be521c6b0

SHA256
cf3b9a857c63022d671f4cc335728c270935628f085ac9a17568a2529daeb4c1

SHA512
d7cb03ec31a3cd8c7f13e1bae1439fbba3b76636f1f254ba5376c5da82b9a98e93684fc3cab3bbe8a4c892ba42f17c0db1eec1531950e17932aee16007081aab

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fil.pak

Filesize
301KB

MD5
f5257136ed900e1715979c9a96de292d

SHA1
217cbe02931f6466bdbdb27c85c876b851610b23

SHA256
98a20cd0e9fae36f22de4a4db7b515532b4327e6d475d4e39ae93ea45b76cd90

SHA512
c38828d2736ba26ad0bff9976adc9d3910df7a417aad8cf6e3cf6383688a56ad2581cbda520403d44b010562b56d6107211385fc80988ac57e930199415ca654

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fr.pak

Filesize
318KB

MD5
75575474726cc8d98def90e0dbddcb0f

SHA1
3e62e3b73bab73597a01c3ece5871c64b142391f

SHA256
d37509844342371b4026b720dc00f77ff88fe2e7c2b27861e3ca66b10e76ca94

SHA512
37e8e5cc44ee4433b0206cd1baedb955947d0fdf172e69a28fb7bc09f2a57c4f27fb45c12a0a49753281cb2e2a92792b67d568f3cd4f90c9c87337249d031fc0

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\gu.pak

Filesize
596KB

MD5
e245057bea15117bed15bc3ee2911d74

SHA1
c8e2d5f85a974fa989c0d0f64121d2836a13bb84

SHA256
4ea64678c7c551c2b2088b9417bcc76218822f3213e9b8028d618864035b97a5

SHA512
a72a1c259332f279f976403034c9d2356a437a1677c0e20c243f23ac246a8ab65bf150a610867687eef48a0b7c87d23f0e357ef21bb1791386790243803ee70f

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\he.pak

Filesize
368KB

MD5
8c02d30c68c4abb4b1a7c2493d8fde51

SHA1
2cbe2f537d59971296f2180d146d9c2905d2a76f

SHA256
e37f0e2516799f320e4ac1a872d0ab7108c4f63d9ad33a17a4008923c7f93e9a

SHA512
9155cb07b6a23d7f73bf8f68af44ee3bc1e25c6ca643c2f8d64a808d3f78076e3ee60f68d3be9cfe3a6dcfbbfd4595e58c897cb4f8b92272e8ffb443cdf6f3a6

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hi.pak

Filesize
618KB

MD5
61838bdf13a1d60545d15e9cc49866be

SHA1
64bec7fe42caf53f192b58e4e5b068e56d835cec

SHA256
9a399dd9dac62ea30d700f94e83dd79d54827eac8b9cbce0343ad2dc0f4809a1

SHA512
7e9e0c3aabebd6f0c221918b6790d096824ee1c5f7338a21ac489952b8260b1e59be423005ce34bd5039cb38fa7c9197cf48b77974ed8f6b7ab2a2472e3daecf

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hr.pak

Filesize
290KB

MD5
a621446d9e94b0d47935bf3310c385b5

SHA1
5cb954846bd2a2c477cb28b99545cd9bc0fbe990

SHA256
93f7fbaf2c7e5f52187fc4a2b5726387e84decebd1efd8b922665bb831e5b842

SHA512
80c5ddea81bf8d1721a2c6cf094cb2c99a10a9aa443193bb2942360de9783da75292eaa341711700281626cc0c8a8f9dc071bd8bb589444f764ea307c4b9de37

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hu.pak

Filesize
312KB

MD5
3c70ba470c8503cae9407540d070f506

SHA1
0b841228d28e8605c37df79f1a3714402d2b18df

SHA256
0770854f32f041df5ee0190164aa24a1ad06e199c79efd46f3ab65e12129023e

SHA512
ded69524127431d1b6a68bcf85119079a57d3aae5c5be7fd8f215090ecc74570b899e8ec70d6cf74da49833d903f8ec2cbb06738a1c917efc5e19a44167183c1

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\id.pak

Filesize
259KB

MD5
fc2cd7f4af1976579f6b0eae3ab2d874

SHA1
c4e434b9d0d95a505947c97d396b05c9a18f3983

SHA256
48b670c94216623a0c81ad611cc3b47a47dc9368215e065fd02448b4ebf808ef

SHA512
9e355bcfcc31535755233cdd7a521b0bc68f897d85a22da658e3fe5bfa388ce8d8dfa7c01087ea04cd268d44d43862c5acf5b305e45b4572dcb25884e45a4535

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\it.pak

Filesize
285KB

MD5
56c13472d7efdb4466d5189af2d06ce6

SHA1
84025c148e10e1885125893dd286d0f9e751e101

SHA256
7114d3e0c7de30f25c789a1dcc7c50e85985b8ff35afce4600128e85318b4af4

SHA512
fa9b17d387585a281ef1582b8596cb61dc79658bf3b121f6fb6355bd6584c517d938e21d1a0b1be6491c01e5c15c2da666d9f77000a12a2da137c040046957f8

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ja.pak

Filesize
351KB

MD5
9705a8fcead214aa619f1be816135ea0

SHA1
f10d22cdbf5d7960aeaa13c98cf8f7de41034760

SHA256
c8db5560edd42f1a6acc4efd10865ce39c15dadd3b7dbdaaa28922e1f9c86320

SHA512
6d82ae6023e48ef54d6903a13b6f07069fdd5c87aa0e7b1219c0797bf49cc789170b3677d572fb1b63feda138e624f71e7175022eb7928db0dd413cc8652c6af

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\kn.pak

Filesize
640KB

MD5
8c89f8a06e98f474ea012bdb5e455e38

SHA1
12e8dbe1db5be23d383bd57424e12ea6babdf96c

SHA256
a5e082ea3333b718fd559c504e99a42e77852d66ca8152dc5ec3fe36efc9f553

SHA512
48716aa69f15044cb0b57fc3ed24af16f8fbfafe0e3f3b740bb54a6dc133258409fa683ea317a36f6d8a7c9fc3904142d617cb23cddf9997c37e55088ea42464

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ko.pak

Filesize
296KB

MD5
2a0bc83152bfbc0f365d3a85fd1e1832

SHA1
9b972a8e823ff6f161ca2aadac11043b054b3146

SHA256
ae1cdf9a4cef3a86d3550f7501e5c650cc1e0924c9ab84900df702ea7e351f8f

SHA512
2c3ae97d3c78310cafe92620c0438dde4c624353cd682f3087c92050870d768e6f7071248e55d03232739a2dd94c7694975b0b329f1ffc6148221a18effa9088

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\lt.pak

Filesize
313KB

MD5
7769b6273b1519ea1a8ac9f059e78c93

SHA1
6d8807f4af484041bac83d5d8873d639d5f07d0e

SHA256
e88897c766d8746b9ad859123742dc84b4dc9e6bd05d10a9262b15055a67758a

SHA512
9c91942cb73bc0c2dfdd94a93759520d9a3ac7f6b43ac826d00d2ff46c6335ed87126024bfa955e9c9e744d437a832188d66ad238ae66378a23210b9d1e740ae

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\lv.pak

Filesize
310KB

MD5
17b9ff8c299fff962e9b9bc0d5f2f15b

SHA1
6224d9bf81c4771033e14477da0a652336326036

SHA256
7e4a42d3cc06b7c9cfebad08391de3a275ec129ac20d36ec90ac136ee88223f0

SHA512
8bd3f102b933b94cd0da09e77c78369a156e2ac22f29888ac0c9db8d9d4e2a7e4eeac99942ae7a8785c6207a0277c374c1727712a932922c10646e3fec609963

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ml.pak

Filesize
728KB

MD5
df01088842b8c05568fce402a69bb595

SHA1
4b97c244ee85efb9c35b69f65f64d9cfcb2d25aa

SHA256
9f1fe59eb3d0da8d36715d63da958b5773ced3967e04c5314b3d5aaad2f3c579

SHA512
b434a12884f7a1d417c02de2fd27955e6af2329d8d8d0db9781675a16396556b89e2f46dc951e070c4077073e126d492a5db7a077b7ac3b1f80fe4fab4d68125

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\mr.pak

Filesize
584KB

MD5
f40f6817a07049b8589310b7dba04534

SHA1
93afea27adbd165aa1e3261cb67d5ab719ea02db

SHA256
5429e2696d32638253c4372cc427b3fa154d7c997dc13aab90411fdf98c8f6d3

SHA512
450039cebfebd9b5dd012c2980587e78b64e777bb2ed7cebd1f3174b5e88f0a018cbd60af18ef3eaeeecf9729b420a0216a0b167867be4a2814744217bbf84e6

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ms.pak

Filesize
269KB

MD5
901240b9cb3a7a635c2d56d6ff1b3966

SHA1
c1fdd4ccf213bf1822696061d64930f47a017cdf

SHA256
a750d091e4ca00bdc647ca36c2a22cf9199126c69607fc14f468f6b3b588e55e

SHA512
2b316bc8d5f27f6f90434fa61d270a28f5aef2b9808b1467697c5671aedcfd99d7cf99d72f11d05dee06e73949ab2b22627ea1e925ce8b1ec65b4cd43d03eca4

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\nb.pak

Filesize
264KB

MD5
5c901b43287edab65f05464dbad3e301

SHA1
d76444677a7eeafdfe0bc27a0ff892f028144d67

SHA256
0bdd86ed3444e7e5508dfe4ec483673c2744925accaa5529bff4037cd1b0c2ed

SHA512
46fbe41905a44fe034f3b0798459a2b5bfb4ac408bb90fb5f0f9e82c91407e4b6eddaa82173c0926784881acee514da71284ed02decb49d99cb235784d072da2

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\nl.pak

Filesize
275KB

MD5
884f7faf0e79d04c6536506d6f95eab1

SHA1
39334913aa447b35012a8d7100e7f91e805c7e9d

SHA256
b4d9d873df0ab126f4a312755fde331d4d246519f1757f32087b36714ef4249f

SHA512
77a4379e148c7886950b92bdf8959c12c8695b7121be89142f4d4190cf32c43b8accb77f0c40718cd3c7e3ac0f90e99f3dcf5992140a5769821fc2adac988e18

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\pl.pak

Filesize
301KB

MD5
41ad390a8cc5fbd5b1f352e838b42ce1

SHA1
9efa8f2e5a0312e83f737929765a86112a874272

SHA256
979c4336b428df84e37a2a51a7c5f311ac33ef6e4edc309c138ab2866dd065c0

SHA512
1beb3c66c5b4f9d128e8badcaa8b9dfa9908d74ea910c40a7cde8be3b9b704525e7ddf1e646013cfecf7c66585975b8a8e640b43b27771335bbaa90158f45d01

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\pt-BR.pak

Filesize
285KB

MD5
4792f1e39c6875d8aa5e911f16ed638d

SHA1
c04ecb497096be4173f9aae3f0ae6accc8324156

SHA256
a39bf79dce50c0ef227c3f326728d12c7675a79ab5d4b891fc56913bcbe83e5e

SHA512
5fabf0e030f94c959eac797ae401f28b76ad63816e88d26e3875168978d7448317e3f86aa99b15c0ff266505c5dcb30124c796c6c46c0b90e09ce21b77324d69

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\pt-PT.pak

Filesize
288KB

MD5
0db54f0f25ec3a19dff541ba223bd5b4

SHA1
dc1f0c9b1c2578490af5923df179a92814c04904

SHA256
ff89da2b21c03475373f3839615c570d15b9929fa2cea991105915ef4e648d69

SHA512
96060c6c548085f019f3f127c4250ae6620c2b4f206da9203db94a7d2146c945b5384a661494ad886ceb35cf3f45500302b01009e08b43e549e17ddc318bc48c

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ro.pak

Filesize
297KB

MD5
14ee5c1a362e753a5c44b11343430fdb

SHA1
b87e4750d5319c5c695f1581feaacdd71abe0cda

SHA256
ac3134a201073f6482a4cceb29a745104325ac76b7ad0d262ac7567584f450a1

SHA512
ed647aa3f3ccd5033e41c8cbb8f85d1bd0dbf783472668abb9a7e83ce5ce05706b9d67d5cfb4c28791414e77b5ea9ca5335189545ee79475d3f7cf58c1f12377

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ru.pak

Filesize
477KB

MD5
3d28ef9e25426b08409db5379cfd55e3

SHA1
25fefc87d6233da5b287dbbf04a63c34cb9c5571

SHA256
b81a0b0175225dbdf35150dcc0c36154cfc042c1525df216d68034f0ae609057

SHA512
210b8bf28519c1e1576dfaa76260ceb6fe5dc46d23a6c74f1eaba9e08abb310b34989f0e667b6839999f765cb9bb77d35636db63ba082d471c6b73819b357995

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sk.pak

Filesize
308KB

MD5
b37b81799942fc174e05b6aac03ea4c3

SHA1
788d6d10c82614465628f79bbe1f2346839a582e

SHA256
579a167528badf2a6feafbab487bd2314dd6107d0cc87df17a88ae325ef16319

SHA512
31bb82eb4434665a1b22a21e3e91b48fb2fe78913aac18475f8f328f05fafb2e4bffdd1565b8f48c67061fbf760ad217300882b5871d1753255d969be2b49b44

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sl.pak

Filesize
294KB

MD5
4138dc422fc6a5afb1a855ffe0caba32

SHA1
8b23cb3c91167908e181eb0ce9d730ca5b3179e7

SHA256
7904fb9153a65105690d76ebda6e9edef2852b868f6a8d2e989b2013d40ffc3b

SHA512
a578919421c6458fd187d5985d721257cfb7bc3404f174dff413c211f29cb2d4552699fe10f0c01a651e224c1c7f3189706aaf71107187120a4260214881e531

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sr.pak

Filesize
451KB

MD5
97ef86fc3b66a0a3aa4e1be4555369f0

SHA1
bbe68527d0c4c9e6624920d548c0ab0c09dbac88

SHA256
d5a48e324fba0fe6ad0b08da12fa2f4b9279b6271d36710663b3462794a0c7fb

SHA512
fd7802060a8891df3ad2df1252e0fe09f227c7ca81715917fe0020277d28788326d9798cb62acb8820f4701fb18627f78b6d22d9ee8ee402abcfeb4704718ef3

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sv.pak

Filesize
266KB

MD5
f2bf46d97477489d80659d0be53d9d05

SHA1
a76378ec45dcdef0c596aebe8a4cf36dd3f9c01c

SHA256
196265eea8a2d8746953564b11d64dfc38acc9b17d3e38965f3ae1ba78841e32

SHA512
d65d27d04beacb20d3367af016ef55bea774c782475271e0a0573d2bff2912835d96a803c216ca5f43b56d142e6a77b41a67f35c5bc704c10f5e2aee5d6b7348

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sw.pak

Filesize
273KB

MD5
e99bc71c3caeae580ef7060155ddd0ff

SHA1
d6986e1fe1dd6c110b05f44f84e956ecac188b97

SHA256
4282f200af58345ac756dbf88d0b898d26750f5aa16b7d2557b4d31c0ec126c8

SHA512
6bef16c9633387a3a0557cb644f152210d75157ac9b8ab1af6b94bdbdfb48b2511d0adc84d269ad16a439415ec46b78ff9a2e743bf72238cc5f25a4ce5bbd7f0

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ta.pak

Filesize
384KB

MD5
f71871b7bfb8af0a19bc9edb1e1b53f0

SHA1
3849f4c603382b1876b533ba5e0071ceadbe87e2

SHA256
46a1b8a9c0dabe0c3a8d0ee5db4fc6f926afdaa8fb3d061d0f1b0caf77e88585

SHA512
3d25e67605d37d4e9caa8fd23945b95f985b97786f043505b1f53fd17c0463aff25c5caf93f4dcda700f3213bbbb5bd3df459888d7cc5f481f7703399084fe53

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\te.pak

Filesize
658KB

MD5
079fbd6adf806504199dd0b05c87c697

SHA1
4fec8c3bae9b48f92e35b609fc3977eda5de2039

SHA256
ee2697e8850803f08bee80e461833bd9f4232532c3f569f56521b1320c99e5e2

SHA512
722c6f3f6f61a8eea6965eae290e580a3263b894e07f7aac08fb6cca67e668db92a874728e32764ee0c10f5307b753d1589b8cae5c8a39edb29c7253591c017d

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\th.pak

Filesize
556KB

MD5
433dbeabe2d4c70255f1685ece8fb97b

SHA1
966c16c364b4f3ae6ccb8c5019c0b6bca75b593e

SHA256
dedb178d79730bb0282605f7bbc6e410b03ee7bdcee1a64c08d9e9c442f49942

SHA512
b5f3d434f71b62136647700e7d4c4e207bafeeb20cdb03019c6cd6580e61f88f596a4f2a0ca77b010f38b41a3eaf5df8e2a00e06764db17244083cb95703213c

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\tr.pak

Filesize
282KB

MD5
1a505f3f30511c2b05eb29ee0e0bff26

SHA1
08d4002d32dc5ea8a9476495786f5d5c1bae7ea6

SHA256
27627a61c6857b80b5eec4f6720b585f82b38271b7470c00a444735beee254e0

SHA512
d925f59cc9af4d55ad5daee42094ddf5d120eae816cddb56e906cd8da47039502f7608e9c4af77994ee7db585697fb26dbbd1c2e7c0bee4e3b194c9eee80eeff

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\uk.pak

Filesize
478KB

MD5
e21f45d7685b75be483013e1e8dc8237

SHA1
8f4cdd3dea580d7671117e9c49891212ab950686

SHA256
dd57df6e7b591b3bd6663743c52f4c5f3a7a24e90fd8045b03479707f25702b3

SHA512
b29d8c67a259e4221e9cbb082f41a1b008f665e18dac568c7ac75fd40ee1e1e00df8bcd65825fbac63d51b1bf555c5c3752b96a9c8a4a153cd325377a165a048

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\vi.pak

Filesize
332KB

MD5
561050669f78bd04d0431de3eb98d160

SHA1
028a78bbaabe19ac338648ac95a8b944254e8d3d

SHA256
922eb514cc20dbb44f41745c9e793756f8b46892504207e75de188be0aca6333

SHA512
2df7ff472a616c9271da813a66c6bd98809d788c7dc752ff0f3f68423f245cadd6945a5424af740b17d14f4f6935a2f2bf030b369dc8a39fa6e968d7f2a1897d

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\zh-CN.pak

Filesize
245KB

MD5
54415acf2d54c65718c99ed78b4bf3e5

SHA1
311937480b01256a1e50d0556df9b4f9f9a46424

SHA256
3648945ec3205f590da62f76af957d8a4175890e6ddb5fd1103beeaf66728c7a

SHA512
4eba5d0f1be81e72699d8429252877096524b4e27fd7d8ac480ec13cb60a83f4b8288823299c1c4e210699278588662e578814b8061bd5b72b5179b956624fc9

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\zh-TW.pak

Filesize
192KB

MD5
883d5bdb19621922b028fe423b564e01

SHA1
04583af2525b498717373d2ba34b5c14948fb86f

SHA256
680639c1eeab57aa74a3e4ef8dd5540e7a380a6b2f7ae1fd71bf8ffb56d9af5f

SHA512
81ae1060d10df2cbf89c02440837e8300593f50ced01ebda2517e7273e164b6b0885f1bd3fc565c9f55bede927cb1defc34fc7225f70e374c5e775c53553ec52

Download Submit
C:\ProgramData\BlueStacks_nxt\Client\Assets\exit_close_click.png

Filesize
447B

MD5
b09525b48c0023f893d6b64d06add4b1

SHA1
10ecd439ea04e02eefe17f6c110d0c0a78a1db21

SHA256
caa2a8fe9b282939a21b86f8f61fb0c9452222cc3409f06cbb0dcc45613aca8e

SHA512
c6f5a7014c24133eb576708ca17d15becf2b45ec278b3f94e5275e47c78cf0f2eb8bb1a17d277d1a665039f38f2e25faf830e275f426b0a94c6a3da096b6204f

Download Submit
C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_selected_hover.png

Filesize
577B

MD5
47ff3e4cc15b8c4a07e3ceb6cb619b62

SHA1
0318e54c613b8ff00f54d843e90ef88310c1a96f

SHA256
4786cfb7c98edcf01d6b670abf19c50891d56a4de87b96a5e17be142b1af666a

SHA512
0212bd7f6cee390d3bc221a22189b75407fa660a0951c7f768645bf97e7b61ee86fa9b1de6f546ff1151560dcb3b071db8c14a7b08b0e771b539a817b31b154e

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ar-EG.txt

Filesize
25KB

MD5
7a7d65e41e785a7a848f0b021cc0c0d7

SHA1
9d61357d9aaec43adb92b95dd63103c566aa2083

SHA256
e02e378326e351980325f9cbf4e27327ac03aabf85286e7636c99220da950806

SHA512
8f67d2e4ef55abffdc1062997cab7a44cc81e42b16174d88dad41939992903b7a9ce9c7775db10835d30cf4aaecfac7c8d6f2cd1611f17e40d3c66ee0fb928cb

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ar-IL.txt

Filesize
14KB

MD5
9fb07e066cc2f213a64d35a97a8c2922

SHA1
a70db989f5c562bc69caad89a1402c8ad7c9b80e

SHA256
65e7b0f37b5e2aa805ac8d57969804d803430186f34e9703ca9fa09ba908ef90

SHA512
81680bff55b475a62a4bf29a8c219230b84894c1165f60e372209a5aacdba8e4819c3dfb76f3b55c15d472ababeabf0cd4b30c04e7daa26df63c8a5101970c3c

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.de-DE.txt

Filesize
22KB

MD5
a9ce4896a111f0ea2149e25ddfcf27aa

SHA1
5f242727905a3f30263793e3095fff8fe7a3a0f2

SHA256
941d60fe4e4f1a66166e8fe75f885ab1086a4037a4627004e391d7493e3e8911

SHA512
05d0f13214d60fc4533652f5b1dc161f3f14c8b194d74e45a34412f97267fd69b7b19f1f647f348ebfbbd2551c4060e36e746a6a79963db7e78cd95c92dc4d3e

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.es-ES.txt

Filesize
21KB

MD5
5f5cacda94bb2384f9d6bdece58ac526

SHA1
c10f095a312e623b79c42ab7ca3f48130b348d62

SHA256
2b698fd5d6f4fd959c4a24b47b02c2e1a9f51a72a66cfab3ed72d8f667d221cd

SHA512
1ca9373b2eff0620d02249ab82fe46644f6452db36a2b61334cc258d2e9910200c33543f7794e0bdc69761f5b86aedacca0fe6491293ecd1df2992eaa5aaae99

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.fr-FR.txt

Filesize
22KB

MD5
6b1fc0b4e861692c83e8f36848e7faad

SHA1
79e064008b2c2bcc63146664cdf1a63f1d5ab58f

SHA256
f5684f68c50b3f8f5c1ce0e1266e003f2099d3ae401c848b2cd30260a998feed

SHA512
0a15eded536ea683c4493af1f45f8bcfdc24ae69747386a6747dfb2bd3475f88f4d15d2ac77515eb5ce75b65870f2fe2337bdef0fae5758edd72684683a9180d

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.id-ID.txt

Filesize
20KB

MD5
623b1aacfbaf85b09a4e0c180e9ef178

SHA1
e41bfa201d627d093bf446eb39fab268528e5e32

SHA256
ce6bf3cbca52a1ae369199ee190272f6842a45e64da9ab6cac8b48842aa099ca

SHA512
83b91c326561b725483fa703d7bfc66a3eafc55a25772bb22251bc88869a30bf11c2c5aeabd5a07da8fd7f2d2b93ab2ba47edaf025f8055f6ebf07df99f9b77e

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.it-IT.txt

Filesize
21KB

MD5
ea49ac9605d0ddbff07b0e19d6d34517

SHA1
c17fef2467a8973db193de95f7b66e6f511529d5

SHA256
408c2ff8977fd6fba4ece99f547182394ab62d22401454344f48ea085707ebbf

SHA512
e45a6d19a570f496a30eb2b39991a04743d491ff85b29390e52be2a5e146f7819c2197cd0b0357120a0c5ad9c792059584e6c4fe8f8098ecaf435aad6a44731f

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ja-JP.txt

Filesize
25KB

MD5
da7a6902f658d02dffe24e7b29ae25a8

SHA1
2942cfd645e7de104aadb45d65976c073dd54a64

SHA256
0c28d5d9178465b76fab0f5d736962095ecd333d7b2b1775c31becd38aded023

SHA512
1079fc5da14e53157486609ec2faac6c88272c74c2acaa8a02f7cc698cd078f118bbdc9d979a40b183055dfd3104d1792d530b9bdeff4b1d1f12131a7f3253e4

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ko-KR.txt

Filesize
22KB

MD5
21af008aed42c6654b0a6eadd1fca98a

SHA1
9f1dd90654b10a1d56c0b7345de9226deafeac52

SHA256
7f9e11fcb9567e432cacc5ec0b399fcbfedcdb0838f21ee84641cc4eb7794155

SHA512
da2bcca88b89caff19edfc38cae25fb8aaf1805dc80c28b0e1a51f5de64ce7b5c671bceb2ceb897969906fe80477e47efb9df7cd377d62f8aa3ae9ae1200d440

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.pl-PL.txt

Filesize
21KB

MD5
1d824987054f6109e386a2af3a2930ff

SHA1
f0103827d00e343161463cbb436a751135ab7c68

SHA256
a5c2f911ae2e891f152d08203e8e99e78735f09de4b7421fc6cf343987b48e34

SHA512
df45abf4e8b24683eb3314478bfa9820caa83799e7d685473ec963bc9f07d72e763eab14a80aaaa7e1e44232223efb43cc6e9ec777c028516e7831694994d8f2

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.pt-BR.txt

Filesize
21KB

MD5
35c829fe17dd39d16ed9ed9d3c3a423f

SHA1
e2f498fb2ebd74647eea70edbe29d49dec3856f0

SHA256
a3a3183e5f85ef1d84f386deab1052871fe8ee1cfba2800cd6443459e3609346

SHA512
4a9db0e592d62cfec1ddf7fb1a67d2ed9338af50edce9582321d9ca798548cd65c53b810631cd862791c925cae2075a10f3183b02b5851cdb2cb2f54db229698

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ru-RU.txt

Filesize
29KB

MD5
c14b9c7f08c0e2a57ccfee06a7c5a05d

SHA1
c630e7233059006b1213807f8dfcb38295dde240

SHA256
b61b82dbc223e35f7451fb848978a79703b345c7a7728d60d59fb95171e11969

SHA512
15e3fe85a248c065429cfb52b5fa3f454d2440ac39612452974c7fe1fc890316c57a2b6c4137de36b3642276aa6791345e1b41af6628e80c4e7a3c6247dff6d5

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.th-TH.txt

Filesize
34KB

MD5
19402422b374354b36b182df60197aba

SHA1
75b68c2f7f9ef4730f0fe738f9477c543feb46c8

SHA256
d1de34e55cdb1a8abf9ad3bdf0c875b8f14825ac25df5526da98ced87588aefb

SHA512
c2f6991d15bc870a0998bfa74a939c66131f2d17485b3771e41fe876cee02050ece0c8a25cbca6720254ea8e25542fcab6ad569864a8443b5e3a0e266282490f

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.tr-TR.txt

Filesize
21KB

MD5
3aeda0b485130bfc9dedff4b8fef1961

SHA1
ace8100a277ea0f8e06902d68c1c39061a44fb26

SHA256
3c465dcb8fe7197b0862637548d7c383574965666dd8305f5eb617444e9acfc1

SHA512
319cad94c82fd188103a0178a4aaa6433d57358a7fc99348522336fdc786946f2b08fd405fd104573d7aeab62248577a7ff6a27ad35cff50790d0eada45440f4

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.vi-VN.txt

Filesize
23KB

MD5
fcbbad664f3eb4d57764f73eb0765942

SHA1
cfb0601f07f12a78993d701168aa93109fa891c0

SHA256
401a8d87d3057dc1b2dae6338c93ad8f5a5f7de628ea2d5fb94ab781f9d1a776

SHA512
aa077fa7ddf698ba5e619239025775ce81972af515d82d1211039e0c65e5a30524ced698dcc1b7a1e1c943992ab6ea8fd5d28dbdd5abf57ba0c246360e21f08d

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.zh-CN.txt

Filesize
18KB

MD5
0d168bc28c89f0fd4bf3b7f2d9c65eda

SHA1
733690096aabff107a7b9a8d8a45c7a68aa9335c

SHA256
9a5032c277e2af24fc596e1d2f535dd8873530cdf055ef7b9a27b84a1e4bce88

SHA512
bb1e632e0c6aef6915ff178e9fb2b71173d1a3a00bfb294b59933e2d84f05642001d4201e42a2cbb7716cb4df039e4acc9ee24f91c784a48521039a2deedcdc1

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.zh-TW.txt

Filesize
18KB

MD5
35dbabb7d08aae38d44bb326ccd10eea

SHA1
193c8df23ae63107227a1faa03658c91635af058

SHA256
c5ad750e534b3a1ef73e2b8b8aacdb5f591a72c366583f9ae1ca8138eae5979c

SHA512
75aa4b75b3a9d76d0306360c6dbb49b86a7ecf7c88d8f31f28918f5a93d623e578f8e5faeae95c11b82d17f161834f65970088fbd293a12fca9f9322b5fad3af

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\LocalGames\Impression.json

Filesize
2KB

MD5
e1697341a3b19bc2b1bbc8c10c2b82d6

SHA1
e9dcffc393e00cb92d69ace9ce003a6b17b8ce0d

SHA256
4c36df408d988222f4856eedb00af929bdc0275ce14456dc6662ca1d53ca5069

SHA512
87c0ca2837e8a49923ad1d049787405242507e94278c7a318574a55c13e5971adad2c5c996fe9ece7cc4b3f48346d770f4ff12db8169323a4570ca3cc30c3112

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\Log\log.txt

Filesize
759B

MD5
e6164418a69163e2ea2ed829c1c5d62f

SHA1
d4e2130761b692d2dfe44a36998dbfa28cebd3ea

SHA256
4832eb368f09d33fd3830cfb0cc004a9d4b848106ea1f6399ed6d2b2e86ba16f

SHA512
194560662775b070b7ce51adb195b822e583003a3e5b4df0bc8a6e2e22e2a1bb5dc29a712e396f607f908f8348d7eb2cee582d05148daf0365bd07b4471d9459

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\Log\log.txt

Filesize
4KB

MD5
7ced0032dd2e1c13a7388524267bc62b

SHA1
75ad1d5f3e1aac6c33bfd95da60ae5436ba0d186

SHA256
68bf31abf37d1c622c3c0bba1a24d89ada654f0e8884459a4b054febfd159886

SHA512
0c54acd00c9daf05eb8f3854fef28e4710c51fad88c37e1665f88e25c8b6b45aca1b49f90ab77725317a75e00a6355e213810e93eaf7662eacfdfde9c974a639

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\Pie64_5.20.105.1004.exe

Filesize
28.9MB

MD5
6fc0c96f0abc97c69f131d65030f428b

SHA1
02b5102505c20355f8868dc4a06edc62a027d833

SHA256
de4a6b0db13d0ecdf45e15863183644cdfb7ff99f8f891fe441a2f2f86c8d640

SHA512
0f436a4d1eda33c7b98ff9630c1c7b0a8258fa28a4034e965ea556a0b85125d1e4e5042b1289127efe32deae2492bcab66ba6533000db2dc6d141ec20461e0ff

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Network Persistent State

Filesize
791B

MD5
ddb66b55b3cdef9fd3e44dcc1793bbf1

SHA1
2ca4b379ca4d4f898d4669f8c494ddfa9914029d

SHA256
da18efbcf67b692e17308cf8cbdef114eea935487c4704824c1bb9223c318e2f

SHA512
3a1b5d72ee26f123b86694ae8396c9539db13d39c70f56fb7674ec62e6fbe7bab668cb515e0c8d3bd50bedc716475eb81f8a4663f4488dfa9ae627f2d2303f60

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_000026

Filesize
58KB

MD5
fd6b2c5cb06594d123a92b6d0f2d0d5a

SHA1
1324b0dcdc81190c16b9770ea314d6e7d74fbd98

SHA256
e55686e03a257d7ac34d4370daa8ad7d491f41a486faa8920622f215402707c3

SHA512
a37c4894de6ef02fb0e38c3b9b47a25ea40c897e79edbe377cdfd975d3bf2c9ded28b66f618f7f4377ebefddfeee22d82ada8384dcdd518a2f012569a62fad86

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_000027

Filesize
205KB

MD5
e301731fc7573acd03c186a8ee02dd99

SHA1
fc359a0c96a0242a4e9ecd2a593b929f287a3b4b

SHA256
2eb82585eb3cbc566ee7a1ea8ecfe4862ecfc8e9e4f2468c7e3a86ff60319c8b

SHA512
3234bc882cf458b2ffbb0688e895cc6a46693e86c9bff4886b6a1bcb846d1a886fbb42b32b7f3ade68fa60a168d96d6fa74c86b1a99f5473826622ae3ac19395

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_000028

Filesize
164KB

MD5
58c2792457abbd7cb5eb8eeff69bb457

SHA1
72f44d46fa129ec82c238cf6ce6e9d0a6ad27c45

SHA256
0d226b76bc35cc209faaec4fa28e83be3db9cc3a7f45d1bd1dbd018526423924

SHA512
2c680d9aec47f414912ee60f1b0305f67df1e7181a62a0240c3db36cc16aec78fa5d4d340cb8038167c9c8de46ddc5bc61d17404f894c352689d11ecf75ee540

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_000029

Filesize
179KB

MD5
fd9da14515ff83e27915421b08c847c3

SHA1
7731ddd883ed9ffa18cc17a05d93fcbc28e4d666

SHA256
fb67f5557823540732d5ad34b62622168b76f1b21a51f241d2beb2403e6aea73

SHA512
16f53aec3b6af24832f40550a31003b2b37f310ea205c454fc2a36a1dd1a22b1d9c7c93ea7ce02e41969cd69e99bdee3fe6a5eb60f03719bca96c4965ec17703

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_00002a

Filesize
105KB

MD5
7c9a1d28a5bf205661ac7625dbb0217a

SHA1
1f390d221774b7cf8247dec3de79a4e8067cfc77

SHA256
855d89f3875b26742ca457efc4656f6a4c8379e64c022886f03683c45a88fe73

SHA512
93d215c64625f024b90bf664f0c958efd08e2b77b6b6dfc9ce9af1ba1f0b1ee0126f70a311f265d8b3c3ce0f69c6d8e58f89b347ab5015f665fe952b2ae00f3c

Download Submit
C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.20.105.1004_nxt.exe

Filesize
11.3MB

MD5
3b47a412f0a82ba409825409b627f2a0

SHA1
9b856c5f57d8dac0bb129c056010021263bf0915

SHA256
818486f32196e01248df3f59e07901309f0d69c7a233405abe9379b2365b487a

SHA512
46385a88e94ffc6f8bcd509b9ddf4b5398351bf1ec8074e50b5988bad1108903c17dcd9275f889de2af989fb9f36713a5fbefd56a6b2cabec187827ce56a5d91

Download Submit
C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.20.105.1004_nxt.exe

Filesize
13.6MB

MD5
bee45c65b0ef8c347ef23248aea1858d

SHA1
eb9abf3882c8f31b483b8f9d9f26e40c3199ac2f

SHA256
8be2042d0a2d72af549ccb24feb9d67aec5fe8334d1278366ab7f0fbf420a8ed

SHA512
1b4e133736381553581d14a87e52a2dfc9419a16a794d66634c99de5e54dc257a6820f7bf16ea8d146d37882c16ee34a01cd896ec544f53c003e764ce795ad81

Download Submit
C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.20.105.1004_native_58c998f4456358c55de5c6b20e3fb6b9_MDs1LDM7MTUsMTsxNSw0OzE1.exe

Filesize
2.7MB

MD5
1da539aa9af4847d6b9c78b4d9d33fc4

SHA1
78d9222a8eb42689906e1a17d7d6b544897e1eed

SHA256
7b6b4dfdeba204a2e4fe67d38fa1a5d94ac071317777c4d160044bc301c2e064

SHA512
2c2538bb5f3445a3b595aae8e1a0bc92fa998d51acb9ffb8f68e90b848be1d3cd52c0f916b85e6fd5a8e8232236374686133fedf9d685c61e24c95577cf12371

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\cache2\doomed\5891

Filesize
2KB

MD5
47b1d6f99ec29c6bcb1e9f233944818a

SHA1
a782354a518787ff860dea60a9d3c2404140cbb5

SHA256
a0748fbb9f8f1fc7a298333a82ce97820e106b7fe3177fd83312c7f522f21155

SHA512
ec3eed1c67ce549cbde336a0793424cdf4138c1b8b53eb09aeade601d9208e1d3d78d70fd234ba0950a4559c6da03499398307bf13cda31c58f5db5926c8b1f6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\X0O28Q5V\fb66abb1efeba1f10de790e34a3c0dba42d11dc6[1].png

Filesize
19KB

MD5
5e2fd00ef2d461eec5def4d6f9c6a885

SHA1
fb66abb1efeba1f10de790e34a3c0dba42d11dc6

SHA256
4a61982200d88980e7e6ec657e96bc0a29c77becf512d519be31f27a7e92f7a1

SHA512
c06c0e029c6a359121f4a655bf449e134015c856425c5ff096dcab3a86a5515e4a10aedcdb898ec6537008978842427856b83ada47a225c196dbd4662f6e1b61

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF5831C87360473593.TMP

Filesize
16KB

MD5
0696282dbe659e70cdff9e814948bafa

SHA1
f730f97bcf5eab19b267e111d8c27110190b503d

SHA256
8496ee7623f8c53ead79e77fe887e2bd9f3359a00bb538d18dcb1eb1f5f91cc4

SHA512
79de0ab29edf02e6ac7ce96de5467646fb08c425bab75880e2c01b07cb455144baa78039045d9058718815d7f40cf6ef2884870ec0e154badae5c64abe083f0c

Download Submit
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe

Filesize
3.4MB

MD5
fb04ab4af62e016255707e4a7b24b602

SHA1
a1719a0d17eec3b0a33fc8e8d9c2cced47066e15

SHA256
044c93ed3792d72a8b8eb10d5928bca22838cbd61825613d4751972791c69fe9

SHA512
24bab19b9bf41fd662c2a6ef10350e489049cadfb5f8e46addbe34c77e586b6e271b17c250af30ce9ffd0bf230eeb444072cbcd41398213ca46a648dd964ed30

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\7zr.exe

Filesize
812KB

MD5
fbaba140f30a11e5ff4f97d921de6d45

SHA1
d12360b79d9fe7ddc5380a22539dc7d4768ff5f3

SHA256
4889c0826c633c0291264d37834363be90ee39d07fcea228494ed151386dcb16

SHA512
cd18bb1b057b1b077fde372ca5f98701614b196b692ac42ec56e5b839535022d884a2cd9b6bf644a520c6f48f12f673574a24e60580c70c695067b66442ea7a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\Assets\exit_close.png

Filesize
670B

MD5
26eb04b9e0105a7b121ea9c6601bbf2a

SHA1
efc08370d90c8173df8d8c4b122d2bb64c07ccd8

SHA256
7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

SHA512
9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS03BBB7DA\Assets\minimize_progress.png

Filesize
212B

MD5
1504b80f2a6f2d3fefc305da54a2a6c2

SHA1
432a9d89ebc2f693836d3c2f0743ea5d2077848d

SHA256
2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

SHA512
675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F65FC69\Assets\backicon.png

Filesize
15KB

MD5
7ff5dc8270b5fa7ef6c4a1420bd67a7f

SHA1
b224300372feaa97d882ca2552b227c0f2ef4e3e

SHA256
fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1

SHA512
f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F65FC69\Assets\close_red.png

Filesize
15KB

MD5
93216b2f9d66d423b3e1311c0573332d

SHA1
5efaebec5f20f91f164f80d1e36f98c9ddaff805

SHA256
d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb

SHA512
922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F65FC69\Assets\custom.png

Filesize
17KB

MD5
03b17f0b1c067826b0fcc6746cced2cb

SHA1
e07e4434e10df4d6c81b55fceb6eca2281362477

SHA256
fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b

SHA512
67c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F65FC69\Assets\installer_bg.jpg

Filesize
78KB

MD5
3478e24ba1dd52c80a0ff0d43828b6b5

SHA1
b5b13bbf3fb645efb81d3562296599e76a2abac0

SHA256
4c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904

SHA512
5c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F65FC69\Assets\installer_logo.png

Filesize
14KB

MD5
e33432b5d6dafb8b58f161cf38b8f177

SHA1
d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a

SHA256
9f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183

SHA512
520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F65FC69\Assets\installer_minimize.png

Filesize
113B

MD5
38b539a1e4229738e5c196eedb4eb225

SHA1
f027b08dce77c47aaed75a28a2fce218ff8c936c

SHA256
a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2

SHA512
2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F65FC69\Assets\loader.png

Filesize
279B

MD5
03903fd42ed2ee3cb014f0f3b410bcb4

SHA1
762a95240607fe8a304867a46bc2d677f494f5c2

SHA256
076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1

SHA512
8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F65FC69\Assets\setpath.png

Filesize
15KB

MD5
b2e7f40179744c74fded932e829cb12a

SHA1
a0059ab8158a497d2cf583a292b13f87326ec3f0

SHA256
5bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b

SHA512
b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F65FC69\Assets\unchecked_gray.png

Filesize
192B

MD5
e50df2a0768f7fc4c3fe8d784564fea3

SHA1
d1fc4db50fe8e534019eb7ce70a61fd4c954621a

SHA256
671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396

SHA512
c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F65FC69\BlueStacksInstaller.exe

Filesize
622KB

MD5
c28a9f1f1317165e952381c229d10553

SHA1
1fe49cc78bed97a96ce5953edc4b13fb1345885a

SHA256
a509017008ed7e8b8f8ed8c167fb9343fec58ae452b40501dd06a936700d368c

SHA512
d78ecbe5cf45c7563660dd6641647e8e7f4467776783d74825d8947d1aa88f29560f862b7e8e39ce209563c489c95f0cf95881b0a7f01b1da28b4969351d3e7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F65FC69\BlueStacksInstaller.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F65FC69\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F65FC69\JSON.dll

Filesize
411KB

MD5
f5fd966e29f5c359f78cb61a571d1be4

SHA1
a55e7ed593b4bc7a77586da0f1223cfd9d51a233

SHA256
d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

SHA512
d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F65FC69\Locales\i18n.en-US.txt

Filesize
19KB

MD5
206562eed57e938afe21fc6942fa8e59

SHA1
779e90fec866c0fd2f47da020651db71c89ec3dd

SHA256
27d611a71edf36307a7ed0651f6c5910292ac7e2b68074a7e33d306b3d93ec45

SHA512
275c3192a7aee28fad31beb521cf5e7c66010e7562ce244ba9fc4de352f35b4ab63180ed12a56ea0b1458c185e076e2d07ba6d8797467177d3c5b2ac14371b26

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F65FC69\ThemeFile

Filesize
80KB

MD5
c3e6bab4f92ee40b9453821136878993

SHA1
94493a6b3dfb3135e5775b7d3be227659856fbc4

SHA256
de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6

SHA512
a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrA962.tmp\Registry.dll

Filesize
24KB

MD5
2b7007ed0262ca02ef69d8990815cbeb

SHA1
2eabe4f755213666dbbbde024a5235ddde02b47f

SHA256
0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

SHA512
aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrA962.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrA962.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu9B3D.tmp\BgWorker.dll

Filesize
12KB

MD5
36c81676ada53ceb99e06693108d8cce

SHA1
d31fa4aebd584238b3edc4768dd5414494610889

SHA256
a9e4f7ec65670d2ce375ffaf09b6d07f4cd531132ca002452287a4d540154a38

SHA512
1300de7b3e1ac9e706e0aad0b70e3e2a21db8c860e05b314a52e63dd66b5dffdf6be1e38ab6ede13bfd3a64631cc909486bf4b1403e7d821e3b566edc514c63c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu9B3D.tmp\nsDui.dll

Filesize
3.0MB

MD5
e2535668c33fe381f3781a4f64419d32

SHA1
e2178f93f25e87541d68dda631534d5b8705473c

SHA256
ca2de7e82366bad18253c73af6e79a6806cdd8fff5f257ef6c2e6ea6c5cbe573

SHA512
6ac8f84d5f43dcf0cf00849013821ece47afe4ec4e38b17ef80c2a42dbf141b12994269f6b8d8aa6f8f083a5db297f8e2b10db4a8c26cd3782c0928d9c35c4bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\qtsi2nsf.z21\BlueStacks-Installer_5.20.105.1004.log

Filesize
127KB

MD5
fe69dc8e43418f48a1f455322350385b

SHA1
11121e9af62372e76a09a688b3feac2e5898bbc4

SHA256
e6d56910caae251efb7f5ea6e64e55987398ebea2ba2595edbeef07814981b99

SHA512
c878a13bdb11ca85e16eef4ca27405b9c7fd9c857e49e571743b6ef8a92b1e5a0877b4b752810bc09ffef062d8515b44a97173382250ac3c91da37200242f39a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
5KB

MD5
03f0ee2d0a189fa4930c774cedd57b0f

SHA1
13614347a4a0a3d700033c2e79c8f805832dc999

SHA256
4b762f77e2df12128714a979ee8a03c1534f689243a60cd3fc99ab827974e0c8

SHA512
5b9de0475d25185c8ae4620949cf0dd74e7f2ade245810fc9b1b988050a205d08b048f30469ee8700e79429096452414e7181c2cbdc2fbe2f07303d67229a726

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
fc16cdd9943babf761154fa267f1d57a

SHA1
c14367b6c8300f89a770653a9cf34755c11b5aac

SHA256
8049ceb7affc7ef5430ec17ade8597765e861d7fbf46bb31d99c2a57092aef3f

SHA512
1289ba1f4abea09257f7d4c09e21da81ea123f6e5130147c863bf491662c161ef9678ba07b7b2483ad7d2dd5f8c5cc69c91adefe318b6897436f1b81026780be

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
9754630f6715aae0e40d2b6d793c190f

SHA1
6411f25b31ae2c28e6e2c091e1f50819f2238d44

SHA256
c595fb73adb0a201592b830e34e2a94e951e022187fc42fcbf885ffbbc2c59b7

SHA512
522e23ffc0e04fff311ebad28204f4c0cd2d32e2fc57fddedeca6ad4e0901bf9cfce3f624e214474c1310118fba43e601442ef8f4ce07b159826f3ff008340ec

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
1940e0ee0f1c9069831c3ea17e8b631e

SHA1
fad2e3b822d13bc9e032304be1d95cfc111430e3

SHA256
0b8f8ac0e39c8ab6f68b2b0902a3b2f9fef80319bb7870be06efd7eb4b110e6c

SHA512
e1f3a5f45d48cc00f65156694922a0a04659c93f0c4609f004869ddb5f552f990c94d1f4133cf7c0a331d1eb857e1b3acc672f01559e9795077554ee289972a8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
6d1c78fd21583f08515652d3936035ad

SHA1
6dbbe5c76eb1a9e6e4df6e288150db2bceadd350

SHA256
af1271bb57f18b572e82d5a9680b27591aa78c186c2975159a1e84ca13cd414b

SHA512
92d95daf17c94d5c5f416f60e5cefe3fe25a135f89b858e5fb35a83d5676fa49170b14839743fdbefcb963dc659af3c3098859691397c473377f6f9054887a4f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
802B

MD5
fecfe970e481c5d868db6ccb5f04da8d

SHA1
5a739add0d883c7dae23efbac61a1c7ff4223a88

SHA256
74ed37d7d98488846afd53ec9ffe26aa73205e863a0094c867c1c6c248399eb4

SHA512
ad942baae39fdac16b8aff295368d9aa0d1741e3e4bff4e11a7e596e278b4ec90d1237838fe5b7c7b79ba37b566aa08f31f3239ae302f7580e32d3a3d4fed6d1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
56c46ce26371f4b88b705997003fe209

SHA1
364f34cbb86e789c27b350ad3859ed1b63122d26

SHA256
68479c66f45b0a0682449f4517ac860e4ccba6cdc7ef6a438c9639fe0499c779

SHA512
7531f7641030e37479b6a517d167ae9ceb8f931cf4961d8e2e36e599c4a30ddcfe94292eadf48fb569cfefdb642fb412c2406a79fa64ced3ae64fba56b427686

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
87e7f10c5f807f6917c57fba1bf61609

SHA1
907b7aa82871cd57ff29c7d2c8838f1445c9e0fb

SHA256
d3fbeba2d63a35f5ea4fab77d85eb3d4961f2425893a45972a3a51ad7a2e049c

SHA512
e42cde140b97b019ab9ed225775a6cf2514a2ff58cb6d2db1db41205d2320ca0be1ac82253525a372bbbde296a4fc748a529dc72c2a1d0db2d6ad7e24653648e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
96aa001230d2d632515b442e79c16076

SHA1
39a3a9d6232d79f0527e84500bf34e310c4cd242

SHA256
d0de5de19b489df9169e9aac9d64d5e190ae0a9587a2bf11472aa66d858030f7

SHA512
85b99266768554f5f9a74b813db980cb8535a333dee674e48b29289afdbf1f3da238ee78fb9199873100b36262aaf57e3ecc075c44e8263ac7e9346292714f37

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
a4c0dc0c7bb3cf45af0e4abaf52662ab

SHA1
b57e9f169526bac73b1b86e31a59f0c853adb1bf

SHA256
46275ed7cee2f4d54b94dbb56892406728b8c0aab033a60c523a9f07afeb425f

SHA512
1604a7027261456bc152efa26c1ab6717c0e6d211fc9c2f02368235cfbb710db4ea2adeb0dd4eaa3c786b95048b1eae1c51248e93b747c4ab8242a854acfeeaa

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
7ded5979dc8080e5adb2e2fb52c710f8

SHA1
949179e3cd332765e22042f2c36fa9bf09f1e10f

SHA256
11af5a8a6b5b8135a0f8d03de6cd6244bca2033ac3caff5044f1c6a5d7a8c008

SHA512
3c2337d996f261e5141ef25e963d7b32919d83ac90431bc259450ddd7837b252c9b10a3987e8c3121abaaa52b87e51661893a26aa5d8a9455d375b3b1b4c2fdd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
f820cf0dda70713053b960c1c6a00138

SHA1
e2ff34c18e3a1d195e44248f1ac93ba0db0f53bc

SHA256
7bf17d173fe64ad3198ed145f13506f235c286ef3ec315b73182c56fd1bf46ea

SHA512
e9506600a1456b938bd0c72b6d06de8852b1607a7f6a61607ba452208f844de676b6ab338bf45d2831c7318de87a62b82cf82f1c6ca8034a85990945c60bf1e4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
a8da896daa2112b61d696e4ecbef2439

SHA1
07f30b5e731930c32323f37d2b138e95159ddd48

SHA256
92f6149f9717724f820bd442fee29aae4d9f817a1f6450cda1eec8dc3e7251c8

SHA512
87da7034b54a02d6d08b4f6392f140050d6aad896133fe1c9667b93db0ac460caff0397969ccf0b36777408d46cf68a3a174342608819015aefec2f52cfd4748

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
fbbd5d013fb0290b745bf99f61182c4f

SHA1
d708ed1d896595cd39994e80c1dc53bbc0818eb3

SHA256
8013283e5f25d0bd7743fd04399b1f68a4fe02a1735a9e63482955f1c386bc25

SHA512
01220cbe3ddf37bbefdfd18e531190475d11acda94dbf44413a79afa8d19a857c5f499720addc3f95278e9ef2e15506594986029f177f3b8778cde5e29e350e1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
db3e99fb3acb249bcb43ff2c3d4f7f07

SHA1
07eaa30e96e63ecf68b0ae5ca9a9c1f883da9d4f

SHA256
f32def63b852808beff1e71d765c57a4d634270c749cba188fbb8763d34c1d2d

SHA512
ce4c9d6b05da013eebeefb5a2a22666d89fbf1ae2f289c2de66a4081f320a90203a91236832327847a03bd2b78595b6dfa6344cdcf2810b703e9e3fd3cab8bd8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
0d1f46dcae7aad8dcbbd0b5b3cae4c7f

SHA1
6577c3572ddae194f7430684c95f15241664aa43

SHA256
99d3fe96db369f696ede0c1c9b2f418519d4af281d12da3fee96db7ce4aab9a4

SHA512
a21da21154e14a31acaade372d372c18a58c608be92dded1a6db5fdb2266deb35878ba1f9250f1f9c1f16269c922d3abc8d4ce98f1d6b7868ad05a6965d22712

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
43c7ad0586b9ae0d9f3fb11548eb42db

SHA1
44b55090ddc3e6a5cc330d6f9b403b7c4af091c9

SHA256
c9ce30db0028a11f8cd0e6cb24058f64cc682e53382dd73427c9b75d2d0d36ee

SHA512
d67a91375817e2aae9836ce5813c5183ff7461a6fa1ab97f1b32ada6c0916aa89a5be76f12497fbe74ba6af905216610f213c641524dadbac177654ed3fbaec0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
dc9e8164c7af8169d33ccb020e786cf3

SHA1
168628ff853c8d9e5c2a715df4bc177a80555d34

SHA256
8a171cf5a91c4e7d120a0d5f8ab4c4408c8e87ff40ad38bc301388862fd67895

SHA512
2b11031b9f5179f426d7025729de1b761b4a95b6963f141f46fd635848dd8919fabfb321d88a256749bc95d64d91d854252e2f14a2cd4deea9f0431bb3539eda

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
b132d9df75cc56eb1be8e6782824c9cd

SHA1
36508bf2572ce938071e60a9fd33bafea2e64300

SHA256
e2d774d260a069eb7b55558564aad81e2c24fb80f38f87d460a1d352e228d238

SHA512
d0e82131d6284ecaab9aed38c54a437f52d4b4c20a0251b8f070a997f69ef2dc21e934bb8baf1e25e94bdfd7e26ff6e10616a0c4afce73d4a0868b8d57307a52

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\datareporting\glean\pending_pings\249e7a74-52d1-41c1-ac1d-33b26501728b

Filesize
746B

MD5
f92d54ea67434f1b70a135c5999c54c6

SHA1
6584ee000f2ff38f8dcef2e244205d1401ff9d34

SHA256
1ba55dae7b811aac467c0560ef8128c92ee654c0cbaf3c22bee6bbcd948b801c

SHA512
0ff7ba4594552a8cf38edfdcf179d99b627c5307aac081d8b17f1fbd203fe330c343ab6fa1890267c7b2253b54bddef2dbb5b38dfa5f49dde0a277c0f9ba86be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\datareporting\glean\pending_pings\e2fd1c49-895e-40b0-a114-d82b9b3bd890

Filesize
11KB

MD5
94fe86a130e1e3f3e9fa0c72bbf3d2d4

SHA1
4971636d307a72e60aed70609c2cc012997d3588

SHA256
9707de08dccc8701a9a95ce09b43d5139f983eebc9487a00153fa40c5c7060ca

SHA512
9a72c785628a48cb2d41caddfe53707207e5310e3a7258cc470b5b13108e70a09ef88da0d1d80e49bdf5a24feb266c6c27bbb43d6c91bc6dd29e4c0b0b9e328a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\prefs-1.js

Filesize
6KB

MD5
756b7f0100b3ce49d69736ac6b96ce56

SHA1
58b08a4c0d95f7a468d176e0c7b2fde7ae397da0

SHA256
63897d6932fe03574705a0edf3155db8472ca8733d719aadddd0049faa89fe51

SHA512
85ffdc5f1935683933149c3dd196f1effc1f52509dfed16b9498e1f3aacf1f34c60f399a4c40e0a4fa1ee187b6e365f6e367362a7e727c724243063b7c80a6a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\prefs-1.js

Filesize
6KB

MD5
f1a3a59750d9a7067c236990c1c9c17f

SHA1
50053e046a14e8d2435bbd841243a2a75eca41c4

SHA256
98f17af414f1d840b7e7eaabe40621dbef97fff2548a60ce480bbedd60ac11d8

SHA512
e235adcac4d1a297ffd6d9f0ebf9d6e5ac196d528334cfff21c29337b2f9d23efd10f75e20e6d786d1ed049efe8799ce4ccae3ba35cd7875f754f805d0c46e4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
4026543f341f269f034961cc63796823

SHA1
b1097f73cd15f3d427b7d04f43657dca9bf23838

SHA256
82cd0c3134fe1984350ce4bbc142a983854c331a69c96501e9d3c14da0e0d295

SHA512
76cc1a2882584e0f3a10be727b79aace6d9ab62a422eaacaf01e64c6347cb75e23639e5820634d9222491dc04c8a611feefc7b90e8d4755d0effc65d32a607aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
3dc0ae10f610066dae09654356bbe595

SHA1
387ec4d8900766aa89d15395fa576e5216acdb32

SHA256
65e94a31ebed4b2f36f1e637067e4fd3b7f8ee56e7ac2c364dfd82048f87ab9c

SHA512
d3d8f643eb901fdd382564205843623970ae6732146a830843dc53f6d62b47d51a0bae923086687c93349c1ddc83d967ed14afb324bc14593caf2f53cebe06b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
c276d24effdd6da2d131fe03e5b8dfb6

SHA1
69adeb94aa79ce02856e02dfc53ed24da693f1a0

SHA256
efd9e2b96950c3b971007730c2d9091496a1499286c9ae4f0846f0e491bed36e

SHA512
d004f7dca0c6e4101810e174470dde170a01459d13aaff5a55be92e11be63578566da4a8d568d70fc58ebdf2196bbb1108a104f223b7af9dfeafa6235f075355

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
39046ca9f94c588f4eaf82c803b9837b

SHA1
532e588b3b2d845eb024a72b40900385b9341065

SHA256
3ece48d2ba16d1f02da5ee5ab5fae87be75e80d682f8012404de14f14c021353

SHA512
b9d0c4058415f1a49af761ca4c6278f2a7f46acbc84585870ad92e851e4db80fc5ece8e366fb700fb2cf707f114aa96eccfad50a1b84375103b4f4ed53678c76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\sessionstore.jsonlz4

Filesize
17KB

MD5
a120be7b19f8c89e7f6c34f789a4041e

SHA1
f174b8967cb65285d2ab45318ed5850610921de3

SHA256
28cced4eb452523561672dbfd9b1e9c190f711e3e08f9c9a53a71461e40ab0d1

SHA512
2b857bf6990a9aff22c1fcde8be70c993e2104547af5ea29a984facb56ecd6fc7859aa3ab111db39a4191d357d80aa8631cd2b396e6974af82ddd8a077e006ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
cce9aa2d663e6ce1db4bf06c64a0d318

SHA1
82a957cd007577c21cbe7e876f054cad3fc6fb4a

SHA256
8575d1ead68838c4a1d7f48157e4773a15ede878be4064b2c5fd70bb32218471

SHA512
b537881517a387dce0a768b97e3014bf6be54f5e357b37a6e5fbdc9fe536e271b3045e24a2c1e53442ec060e327976400ea281ad3901f5e52f07cb24e5948d0f

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State

Filesize
584B

MD5
f6615f3d0734851514b2efd1579fa30f

SHA1
c15eae155da2f85f2e24dadc015b336038f4bebc

SHA256
329a20c78aa6a30ac2e48d732776065263481bee93d889dc4e6981385c5de884

SHA512
44cb098a06d390a9018ccd93d9bc3f5de2e540d5e1d622375d0934d3ec7d0aa2cc029545092768a448f590e52b88f448c801ed8d41ea3039a92e8894b051acf6

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

Filesize
57B

MD5
c45cbf360a6ca5e8250b13d0802c9aa7

SHA1
a24d9e2ebf8dc13367696653ba9c761fa62b2354

SHA256
30cf7ab551c23dcd8124b42bac5edf5d03e686bd5d71ce8c637464237afc8b3a

SHA512
e2531328a8447fc356dda3728d13589a9b4185d3fa995ac32957b3ccf9da2b11d789f870c58202940251343617338302d2ea76e8ffb27a9a78b8e69e24666398

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

Filesize
858B

MD5
0da1f57c7f45da3d180850c9ad5849eb

SHA1
ef446320944b704d16709d5a1cb9907ec251196a

SHA256
9f5944f5f50971fc5697ec3d5064dd503acb975a1848f45febe076ffed8c51f5

SHA512
c1508872fe832d9a7908d4e3b17f006b13c2113e891bb721a7d3a4c8b238c70f1213e8fc316009e4a6857b27ada0299c9ba23b8666fa574a82c80a6d9905a50a

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json.tmp-7577335514d1959d

Filesize
92B

MD5
45e4c322ddb06affa08689a82adf0f85

SHA1
e75c5302bd38d0cde3d22de03c704a48b2261bc5

SHA256
3de678a5ee14979837d8384d490682f920051d05b463045542eebc058d70732b

SHA512
53686ef5587cd1773fa3256873dd6254c9db6d6615b1ed885883e30f18ad09253a843481773c3bff2de785a7b8dc081b0f37511b4a363bab18571bb9b41f2801

Download Submit
C:\Users\Admin\Downloads\BlueStacksInstaller_5.20.105.1004_native_58c998f4456358c55de5c6b20e3fb6b9_MDs1LDM7MTUsMTsxNSw0OzE1.exe

Filesize
910KB

MD5
8a3a29b33fe8ba5232b90d95f8f78f50

SHA1
844a8db998948ba835d66174bd93174a68a7aeeb

SHA256
81cb7e6ec706cc389628e30765ef8b578afef21c550a3576987b4c4ae21415e5

SHA512
6f5c1e1bcce0460b302d7af268a5315f2e1c94b7e9119fd1c0f4742c5d826b04815b7b55624e17a03ff4a1ead1c2bad028a09ce419692208b0bb450494837bc6

Download Submit
C:\Users\Admin\Downloads\BlueStacksInstaller_5.XRAbCaaL.20.105.1004_native_58c998f4456358c55de5c6b20e3fb6b9_MDs1LDM7MTUsMTsxNSw0OzE1.exe.part

Filesize
34KB

MD5
d46ddc7f3c4efc64570d7b286d6b0c4b

SHA1
a0498326691d5922b8222580821bdbd6cdeadc81

SHA256
72969c940c4b7795c20c1d973ecc434d2fece14c503c1d43011830647721423b

SHA512
27f8bd84df8c0197fa8fc585999e7a282fa92d9b860ea30255619543b36eb625038e58e8570ea7da18d7bb3680a853e2b4d583844ce1609bbbb50967ba5c8ccc

Download Submit
memory/696-31-0x0000000000A80000-0x0000000000A81000-memory.dmp

Filesize
4KB

Download
memory/696-13-0x0000000000B30000-0x0000000002267000-memory.dmp

Filesize
23.2MB

Download
memory/696-11-0x0000000000B30000-0x0000000002267000-memory.dmp

Filesize
23.2MB

Download
memory/696-257-0x0000000000B30000-0x0000000002267000-memory.dmp

Filesize
23.2MB

Download
memory/1932-9324-0x00007FFBE47A0000-0x00007FFBE518C000-memory.dmp

Filesize
9.9MB

Download
memory/1932-9322-0x0000000000F90000-0x0000000000FB8000-memory.dmp

Filesize
160KB

Download
memory/1932-9323-0x000000001BB80000-0x000000001BC64000-memory.dmp

Filesize
912KB

Download
memory/1932-11387-0x00007FFBE47A0000-0x00007FFBE518C000-memory.dmp

Filesize
9.9MB

Download
memory/1932-11274-0x00007FFBE47A0000-0x00007FFBE518C000-memory.dmp

Filesize
9.9MB

Download
memory/2356-33-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/2356-12-0x0000000000B30000-0x0000000002267000-memory.dmp

Filesize
23.2MB

Download
memory/2356-256-0x0000000000B30000-0x0000000002267000-memory.dmp

Filesize
23.2MB

Download
memory/2744-12067-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/2744-22890-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3136-11336-0x000000001D4B0000-0x000000001D4D2000-memory.dmp

Filesize
136KB

Download
memory/3136-11335-0x000000001D470000-0x000000001D478000-memory.dmp

Filesize
32KB

Download
memory/3136-9325-0x0000000000BF0000-0x0000000000C44000-memory.dmp

Filesize
336KB

Download
memory/3136-9326-0x00007FFBE47A0000-0x00007FFBE518C000-memory.dmp

Filesize
9.9MB

Download
memory/3136-9327-0x000000001BE30000-0x000000001BE40000-memory.dmp

Filesize
64KB

Download
memory/3136-9328-0x000000001BE30000-0x000000001BE40000-memory.dmp

Filesize
64KB

Download
memory/3136-11277-0x00007FFBE47A0000-0x00007FFBE518C000-memory.dmp

Filesize
9.9MB

Download
memory/3136-11385-0x00007FFBE47A0000-0x00007FFBE518C000-memory.dmp

Filesize
9.9MB

Download
memory/3136-11314-0x000000001BE30000-0x000000001BE40000-memory.dmp

Filesize
64KB

Download
memory/3136-11315-0x000000001BE30000-0x000000001BE40000-memory.dmp

Filesize
64KB

Download
memory/3136-9331-0x00000000212E0000-0x0000000021360000-memory.dmp

Filesize
512KB

Download
memory/3136-11339-0x000000001BE30000-0x000000001BE40000-memory.dmp

Filesize
64KB

Download
memory/3136-9329-0x000000001BE30000-0x000000001BE40000-memory.dmp

Filesize
64KB

Download
memory/4064-30-0x0000000006390000-0x0000000006391000-memory.dmp

Filesize
4KB

Download
memory/4064-4-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

Filesize
4KB

Download
memory/4064-1-0x0000000000B30000-0x0000000002267000-memory.dmp

Filesize
23.2MB

Download
memory/4064-0-0x0000000000B30000-0x0000000002267000-memory.dmp

Filesize
23.2MB

Download
memory/4064-254-0x0000000000B30000-0x0000000002267000-memory.dmp

Filesize
23.2MB

Download
memory/4064-243-0x0000000007A10000-0x0000000007A11000-memory.dmp

Filesize
4KB

Download
memory/4064-92-0x0000000008850000-0x0000000008851000-memory.dmp

Filesize
4KB

Download
memory/4064-95-0x0000000007A00000-0x0000000007A01000-memory.dmp

Filesize
4KB

Download
memory/4064-22-0x00000000063A0000-0x00000000063A1000-memory.dmp

Filesize
4KB

Download
memory/5124-853-0x000000001B120000-0x000000001B130000-memory.dmp

Filesize
64KB

Download
memory/5124-854-0x000000001B120000-0x000000001B130000-memory.dmp

Filesize
64KB

Download
memory/5124-864-0x000000001BC60000-0x000000001BC68000-memory.dmp

Filesize
32KB

Download
memory/5124-837-0x0000000000320000-0x00000000003BE000-memory.dmp

Filesize
632KB

Download
memory/5124-838-0x00007FFBE47A0000-0x00007FFBE518C000-memory.dmp

Filesize
9.9MB

Download
memory/5124-881-0x000000001B120000-0x000000001B130000-memory.dmp

Filesize
64KB

Download
memory/5124-882-0x000000001B120000-0x000000001B130000-memory.dmp

Filesize
64KB

Download
memory/5124-855-0x000000001C500000-0x000000001C538000-memory.dmp

Filesize
224KB

Download
memory/5124-884-0x000000001B120000-0x000000001B130000-memory.dmp

Filesize
64KB

Download
memory/5124-878-0x00007FFBE47A0000-0x00007FFBE518C000-memory.dmp

Filesize
9.9MB

Download
memory/5124-851-0x000000001C550000-0x000000001CA76000-memory.dmp

Filesize
5.1MB

Download
memory/5124-849-0x000000001B120000-0x000000001B130000-memory.dmp

Filesize
64KB

Download
memory/5124-11442-0x00007FFBE47A0000-0x00007FFBE518C000-memory.dmp

Filesize
9.9MB

Download
memory/5124-841-0x00000000025D0000-0x0000000002638000-memory.dmp

Filesize
416KB

Download
memory/5124-839-0x000000001B120000-0x000000001B130000-memory.dmp

Filesize
64KB

Download
memory/8748-12250-0x0000000005FA0000-0x0000000005FB0000-memory.dmp

Filesize
64KB

Download
memory/9100-12252-0x0000000006D30000-0x0000000006D40000-memory.dmp

Filesize
64KB

Download