71c0651f04787a0b9d1c997b5026cc388f798e608c6049d44daea58669a3eba2

Analysis

max time kernel
390s
max time network
380s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/04/2024, 06:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlueStacksMicroInstaller_5.14.22.1003_native.exe
Size

900KB
MD5

4611f5bcd1dce6d2d0e0bfafdbc70c84
SHA1

5f22f6540e4ce5f2c6e5b9bb1d2f1af8f5779128
SHA256

71c0651f04787a0b9d1c997b5026cc388f798e608c6049d44daea58669a3eba2
SHA512

a62165ae66a6e21da73da7a31285a1f901495c192be729ec249b278cd6b3093107f4ea315ea82d572d72755e30b77b8ce87a515e14a57fc22a4c86466bddffd3
SSDEEP

24576:9ivtCXWeGKoFGMO0Ut0gnMAsw6DqpOYYR5:AtCXWP9c8+M3ZT5

Score

8^/10

discovery evasion persistence spyware stealer

Malware Config

Signatures

Stops running service(s) 3 TTPs
evasion

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe

Downloads MZ/PE file

Modifies Windows Firewall 2 TTPs 8 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
5628	netsh.exe
7712	netsh.exe
6700	netsh.exe
6332	netsh.exe
4128	netsh.exe
6032	netsh.exe
4340	netsh.exe
5372	netsh.exe

Checks computer location settings 2 TTPs 12 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation	BSX-Setup-5.14.22.1003_nxt.exe
Key value queried	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation	BlueStacksInstaller.exe
Key value queried	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation	BlueStacksServices.exe
Key value queried	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation	BlueStacksWeb.exe
Key value queried	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation	BlueStacks-Installer_5.14.22.1003_amd64_native.exe
Key value queried	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation	Bootstrapper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation	BlueStacksMicroInstaller_5.14.22.1003_native.exe
Key value queried	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation	BlueStacksMicroInstaller_5.14.22.1003_native.exe
Key value queried	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation	BlueStacksServices.exe
Key value queried	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation	BlueStacks X.exe
Key value queried	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation	BlueStacksWeb.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\BlueStacks X\image\settings\Icon_Close.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\MyGame_hover.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libnormvol_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_disabled.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_disabled.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Optional\Icon_Setting_Default.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\access\libdvdread_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\da.pak	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libalphamask_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libpsychedelic_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\cef\locales\te.pak	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\translations\qt_nl.qm	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\codec\liblibass_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libfreeze_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\Assets\powered_by_bs.png	7zr.exe
File created	C:\Program Files\BlueStacks_nxt\libssl-1_1-x64.dll	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_splitter\libpanoramix_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\QtQuick\Controls\Styles\Base\TabViewStyle.qml	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\image\Optional\Icon_Help_Default.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\nb.pak	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\mux\libmux_asf_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\ComboBox\ComboBox_down.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\www\js\flexible.js	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\Qt5Xml.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\QtQuick\Controls\Styles	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\th.pak	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\cef\chrome_100_percent.pak	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\msvcp140_atomic_wait.dll	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\api-ms-win-crt-math-l1-1-0.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libextract_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\HD-GLCheck.exe	7zr.exe
File created	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ml.pak	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\loading.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\wallet\logo.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\cef\libEGL.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\QtGraphicalEffects\LinearGradient.qml	7zr.exe
File created	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fi.pak	7zr.exe
File created	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ko.pak	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Tutorial\InstantPlay\Icon_tip1.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\Qt5Gui.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\QtGraphicalEffects\GaussianBlur.qml	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\account\discord.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\MyGames\mgr_hover.svg	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\msvcp140_codecvt_ids.dll	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\codec\libpng_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\misc\libvod_rtsp_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\Qt5Quick.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\mux\libmux_mpjpeg_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ar.pak	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\meta_engine	BSX-Setup-5.14.22.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\MyGames\mygames_cloud.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\language\ja.qm	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\QtQuick\Templates.2\qmldir	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\imageformats\qwbmp.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Tutorial	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\nowgg_logo.png	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\quest.svg	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\Assets\installer_bg_blurred.png	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\QtQuick\Controls\Private\CalendarHeaderModel.qml	7zr.exe
File created	C:\Program Files\BlueStacks_nxt\QtQuick\Controls\Tab.qml	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libalphamask_plugin.dll	BSX-Setup-5.14.22.1003_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\mediaservice\qtmedia_audioengine.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\QtGraphicalEffects\private\GaussianGlow.qmlc	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\uk.pak	7zr.exe

Executes dropped EXE 38 IoCs

pid	Process
864	BlueStacksInstaller.exe
3396	HD-CheckCpu.exe
748	HD-CheckCpu.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
2528	BlueStacksInstaller.exe
4888	BlueStacksServicesSetup.exe
4420	HD-CheckCpu.exe
8328	BlueStacksServices.exe
7744	BlueStacksServices.exe
7424	BlueStacksServices.exe
6780	BlueStacksServices.exe
8740	BlueStacks X.exe
8248	BlueStacksWeb.exe
8168	BlueStacksWeb.exe
4524	BlueStacks-Installer_5.14.22.1003_amd64_native.exe
4576	Bootstrapper.exe
5420	BlueStacksInstaller.exe
3516	7zr.exe
8764	7zr.exe
9020	HD-ForceGPU.exe
7244	HD-GLCheck.exe
1556	HD-GLCheck.exe
5648	HD-GLCheck.exe
6148	HD-GLCheck.exe
6564	HD-GLCheck.exe
556	HD-GLCheck.exe
5812	HD-CheckCpu.exe
2624	7zr.exe
8768	HD-GLCheck.exe
4764	HD-GLCheck.exe
4768	HD-GLCheck.exe
8816	7zr.exe
8108	BlueStacksServices.exe
3676	7zr.exe
6280	7zr.exe
5344	HD-CheckCpu.exe
6076	7zr.exe
8008	BlueStacksWeb.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
6232	sc.exe

Loads dropped DLL 64 IoCs

pid	Process
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	BlueStacks X.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	BlueStacksInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	BlueStacks X.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	BlueStacksInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	BlueStacks X.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	BlueStacks X.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
2768	tasklist.exe

Modifies registry class 21 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-399997616-3400990511-967324271-1000\{AC85FB14-FDCE-47A4-B860-6CE7AA2205D8}	BlueStacks X.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\ = "URL:BlueStacksX Protocol Handler"	BSX-Setup-5.14.22.1003_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open	BSX-Setup-5.14.22.1003_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command\ = "\"C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe\" -open \"%1\""	BSX-Setup-5.14.22.1003_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command	BSX-Setup-5.14.22.1003_nxt.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\bstsrvs	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon\ = "C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe,0"	BSX-Setup-5.14.22.1003_nxt.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings	BSX-Setup-5.14.22.1003_nxt.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\bstsrvs\shell	BlueStacksServices.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell	BSX-Setup-5.14.22.1003_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\	BSX-Setup-5.14.22.1003_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\	BSX-Setup-5.14.22.1003_nxt.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\bstsrvs\shell\open	BlueStacksServices.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX	BSX-Setup-5.14.22.1003_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\URL Protocol	BSX-Setup-5.14.22.1003_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon	BSX-Setup-5.14.22.1003_nxt.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	BlueStacks X.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	BlueStacks X.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	BlueStacks X.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	BlueStacks X.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	BlueStacks X.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 5c00000001000000040000000008000019000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f040000000100000010000000acb694a59c17e0d791529bb19706a6e420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	BlueStacks X.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	BlueStacks X.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	BlueStacks X.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	BlueStacks X.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	BlueStacks X.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
8740	BlueStacks X.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
864	BlueStacksInstaller.exe
864	BlueStacksInstaller.exe
864	BlueStacksInstaller.exe
864	BlueStacksInstaller.exe
864	BlueStacksInstaller.exe
864	BlueStacksInstaller.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
4884	BSX-Setup-5.14.22.1003_nxt.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
2528	BlueStacksInstaller.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
4888	BlueStacksServicesSetup.exe
4888	BlueStacksServicesSetup.exe
2768	tasklist.exe
2768	tasklist.exe
2528	BlueStacksInstaller.exe
2528	BlueStacksInstaller.exe
2528	BlueStacksInstaller.exe
2528	BlueStacksInstaller.exe
2528	BlueStacksInstaller.exe
2528	BlueStacksInstaller.exe
8248	BlueStacksWeb.exe
8168	BlueStacksWeb.exe
4576	Bootstrapper.exe
4576	Bootstrapper.exe
4576	Bootstrapper.exe
4576	Bootstrapper.exe
4576	Bootstrapper.exe
4576	Bootstrapper.exe
4576	Bootstrapper.exe
4576	Bootstrapper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
8740	BlueStacks X.exe

Suspicious behavior: LoadsDriver 7 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found
660	Process not Found

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
864	BlueStacksInstaller.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	864	BlueStacksInstaller.exe
Token: SeSecurityPrivilege	4884	BSX-Setup-5.14.22.1003_nxt.exe
Token: SeDebugPrivilege	7916	taskmgr.exe
Token: SeSystemProfilePrivilege	7916	taskmgr.exe
Token: SeCreateGlobalPrivilege	7916	taskmgr.exe
Token: SeDebugPrivilege	2528	BlueStacksInstaller.exe
Token: 33	7916	taskmgr.exe
Token: SeIncBasePriorityPrivilege	7916	taskmgr.exe
Token: SeDebugPrivilege	2768	tasklist.exe
Token: SeSecurityPrivilege	4888	BlueStacksServicesSetup.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe
Token: SeShutdownPrivilege	8328	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8328	BlueStacksServices.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
8328	BlueStacksServices.exe
8328	BlueStacksServices.exe
8328	BlueStacksServices.exe
8328	BlueStacksServices.exe
8328	BlueStacksServices.exe
8328	BlueStacksServices.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
7916	taskmgr.exe
8328	BlueStacksServices.exe
8328	BlueStacksServices.exe
8328	BlueStacksServices.exe
8328	BlueStacksServices.exe
8328	BlueStacksServices.exe
8328	BlueStacksServices.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
8740	BlueStacks X.exe
8740	BlueStacks X.exe
8740	BlueStacks X.exe
8740	BlueStacks X.exe
8740	BlueStacks X.exe
8740	BlueStacks X.exe
1132	firefox.exe
6564	HD-GLCheck.exe
4764	HD-GLCheck.exe
8740	BlueStacks X.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4716 wrote to memory of 864	4716	BlueStacksMicroInstaller_5.14.22.1003_native.exe	87
PID 4716 wrote to memory of 864	4716	BlueStacksMicroInstaller_5.14.22.1003_native.exe	87
PID 864 wrote to memory of 3396	864	BlueStacksInstaller.exe	91
PID 864 wrote to memory of 3396	864	BlueStacksInstaller.exe	91
PID 864 wrote to memory of 3396	864	BlueStacksInstaller.exe	91
PID 864 wrote to memory of 748	864	BlueStacksInstaller.exe	93
PID 864 wrote to memory of 748	864	BlueStacksInstaller.exe	93
PID 864 wrote to memory of 748	864	BlueStacksInstaller.exe	93
PID 864 wrote to memory of 4884	864	BlueStacksInstaller.exe	105
PID 864 wrote to memory of 4884	864	BlueStacksInstaller.exe	105
PID 864 wrote to memory of 4884	864	BlueStacksInstaller.exe	105
PID 4884 wrote to memory of 5992	4884	BSX-Setup-5.14.22.1003_nxt.exe	112
PID 4884 wrote to memory of 5992	4884	BSX-Setup-5.14.22.1003_nxt.exe	112
PID 4884 wrote to memory of 5992	4884	BSX-Setup-5.14.22.1003_nxt.exe	112
PID 5992 wrote to memory of 5776	5992	WScript.exe	114
PID 5992 wrote to memory of 5776	5992	WScript.exe	114
PID 5992 wrote to memory of 5776	5992	WScript.exe	114
PID 5776 wrote to memory of 6032	5776	cmd.exe	116
PID 5776 wrote to memory of 6032	5776	cmd.exe	116
PID 5776 wrote to memory of 6032	5776	cmd.exe	116
PID 5776 wrote to memory of 4340	5776	cmd.exe	117
PID 5776 wrote to memory of 4340	5776	cmd.exe	117
PID 5776 wrote to memory of 4340	5776	cmd.exe	117
PID 5776 wrote to memory of 5372	5776	cmd.exe	118
PID 5776 wrote to memory of 5372	5776	cmd.exe	118
PID 5776 wrote to memory of 5372	5776	cmd.exe	118
PID 5776 wrote to memory of 5628	5776	cmd.exe	119
PID 5776 wrote to memory of 5628	5776	cmd.exe	119
PID 5776 wrote to memory of 5628	5776	cmd.exe	119
PID 864 wrote to memory of 3620	864	BlueStacksInstaller.exe	120
PID 864 wrote to memory of 3620	864	BlueStacksInstaller.exe	120
PID 864 wrote to memory of 3620	864	BlueStacksInstaller.exe	120
PID 3620 wrote to memory of 2528	3620	BlueStacksMicroInstaller_5.14.22.1003_native.exe	121
PID 3620 wrote to memory of 2528	3620	BlueStacksMicroInstaller_5.14.22.1003_native.exe	121
PID 4888 wrote to memory of 2348	4888	BlueStacksServicesSetup.exe	123
PID 4888 wrote to memory of 2348	4888	BlueStacksServicesSetup.exe	123
PID 4888 wrote to memory of 2348	4888	BlueStacksServicesSetup.exe	123
PID 2348 wrote to memory of 2768	2348	cmd.exe	125
PID 2348 wrote to memory of 2768	2348	cmd.exe	125
PID 2348 wrote to memory of 2768	2348	cmd.exe	125
PID 2348 wrote to memory of 3048	2348	cmd.exe	126
PID 2348 wrote to memory of 3048	2348	cmd.exe	126
PID 2348 wrote to memory of 3048	2348	cmd.exe	126
PID 2528 wrote to memory of 4420	2528	BlueStacksInstaller.exe	128
PID 2528 wrote to memory of 4420	2528	BlueStacksInstaller.exe	128
PID 2528 wrote to memory of 4420	2528	BlueStacksInstaller.exe	128
PID 8328 wrote to memory of 7744	8328	BlueStacksServices.exe	131
PID 8328 wrote to memory of 7744	8328	BlueStacksServices.exe	131
PID 8328 wrote to memory of 7744	8328	BlueStacksServices.exe	131
PID 8328 wrote to memory of 7744	8328	BlueStacksServices.exe	131
PID 8328 wrote to memory of 7744	8328	BlueStacksServices.exe	131
PID 8328 wrote to memory of 7744	8328	BlueStacksServices.exe	131
PID 8328 wrote to memory of 7744	8328	BlueStacksServices.exe	131
PID 8328 wrote to memory of 7744	8328	BlueStacksServices.exe	131
PID 8328 wrote to memory of 7744	8328	BlueStacksServices.exe	131
PID 8328 wrote to memory of 7744	8328	BlueStacksServices.exe	131
PID 8328 wrote to memory of 7744	8328	BlueStacksServices.exe	131
PID 8328 wrote to memory of 7744	8328	BlueStacksServices.exe	131
PID 8328 wrote to memory of 7744	8328	BlueStacksServices.exe	131
PID 8328 wrote to memory of 7744	8328	BlueStacksServices.exe	131
PID 8328 wrote to memory of 7744	8328	BlueStacksServices.exe	131
PID 8328 wrote to memory of 7744	8328	BlueStacksServices.exe	131
PID 8328 wrote to memory of 7744	8328	BlueStacksServices.exe	131
PID 8328 wrote to memory of 7744	8328	BlueStacksServices.exe	131

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\BlueStacksMicroInstaller_5.14.22.1003_native.exe
"C:\Users\Admin\AppData\Local\Temp\BlueStacksMicroInstaller_5.14.22.1003_native.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4716
- C:\Users\Admin\AppData\Local\Temp\7zSC626DC37\BlueStacksInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\7zSC626DC37\BlueStacksInstaller.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: RenamesItself
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:864
- - C:\Users\Admin\AppData\Local\Temp\7zSC626DC37\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zSC626DC37\HD-CheckCpu.exe" --cmd checkHypervEnabled
    3⤵
    - Executes dropped EXE
    PID:3396
- - C:\Users\Admin\AppData\Local\Temp\7zSC626DC37\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zSC626DC37\HD-CheckCpu.exe" --cmd checkSSE4
    3⤵
    - Executes dropped EXE
    PID:748
- - C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.14.22.1003_nxt.exe
    "C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.14.22.1003_nxt.exe" -s
    3⤵
    - Checks computer location settings
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4884
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\BlueStacks X\green.vbs"
      4⤵
      Checks computer location settings
      Suspicious use of WriteProcessMemory
      PID:5992
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c green.bat
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:5776
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall delete rule name="BlueStacksWeb"
        6⤵
        Modifies Windows Firewall
        
        PID:6032
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall delete rule name="Cloud Game"
        6⤵
        Modifies Windows Firewall
        
        PID:4340
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall add rule name="BlueStacksWeb" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe"
        6⤵
        Modifies Windows Firewall
        
        PID:5372
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall add rule name="Cloud Game" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\Cloud Game.exe"
        6⤵
        Modifies Windows Firewall
        
        PID:5628
- - C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksMicroInstaller_5.14.22.1003_native.exe
    "C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksMicroInstaller_5.14.22.1003_native.exe" -versionMachineID=a9dd727b-abb0-4b1c-9b65-d355137ec934 -machineID=a81edc95-1550-4cd0-bb75-aecbfdab0128 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bs5 -bsxVersion=10.5.22.1006 -country=GB -isWalletFeatureEnabled
    3⤵
    - Checks computer location settings
    - Suspicious use of WriteProcessMemory
    PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\7zS42E08BC9\BlueStacksInstaller.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS42E08BC9\BlueStacksInstaller.exe" -versionMachineID=a9dd727b-abb0-4b1c-9b65-d355137ec934 -machineID=a81edc95-1550-4cd0-bb75-aecbfdab0128 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bs5 -bsxVersion=10.5.22.1006 -country=GB -isWalletFeatureEnabled
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\7zS42E08BC9\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS42E08BC9\HD-CheckCpu.exe" --cmd checkHypervEnabled
        5⤵
        Executes dropped EXE
        
        PID:4420

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:7916

C:\ProgramData\BlueStacksServicesSetup.exe
"C:\ProgramData\BlueStacksServicesSetup.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq BlueStacksServices.exe" | find "BlueStacksServices.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2348
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq BlueStacksServices.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2768
- - C:\Windows\SysWOW64\find.exe
    find "BlueStacksServices.exe"
    3⤵
    PID:3048

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --hidden --initialLaunch
1⤵
- Adds Run key to start application
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:8328
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1728,i,5256494182815163423,16788456315991893942,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:7744
- C:\Windows\system32\cscript.exe
  cscript.exe
  2⤵
  PID:7724
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2020 --field-trial-handle=1728,i,5256494182815163423,16788456315991893942,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:7424
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices
  2⤵
  PID:7388
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices
  2⤵
  PID:7232
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A
  2⤵
  PID:7120
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A
  2⤵
  PID:7204
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:6968
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id=com.bluestacks.services --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2652 --field-trial-handle=1728,i,5256494182815163423,16788456315991893942,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:6780
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:7648
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:7348
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt
  2⤵
  PID:4680
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:8708
- C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe
  "C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks processor information in registry
  - Modifies registry class
  - Modifies system certificate store
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:8740
- - C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
    BlueStacksWeb.exe --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=3792 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:8248
- - C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
    BlueStacksWeb.exe --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3808 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:8168
- - C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.14.22.1003_amd64_native.exe
    "C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.14.22.1003_amd64_native.exe" -s -defaultImageName Pie64 -imageToLaunch Pie64 -skipBinaryShortcuts -appToLaunch=bsx
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Bootstrapper.exe
      "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Bootstrapper.exe" -s -defaultImageName Pie64 -imageToLaunch Pie64 -skipBinaryShortcuts -appToLaunch=bsx
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\BlueStacksInstaller.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\BlueStacksInstaller.exe" -s -defaultImageName="Pie64" -imageToLaunch="Pie64" -skipBinaryShortcuts -appToLaunch="bsx" -parentpath="C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.14.22.1003_amd64_native.exe"
        5⤵
        Executes dropped EXE
        Checks processor information in registry
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\CommonInstallUtils.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\" -aoa
        6⤵
        Executes dropped EXE
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\QtRedistx64.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\" -aoa
        6⤵
        Executes dropped EXE
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\HD-ForceGPU.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\HD-ForceGPU.exe" 1 "C:\Program Files\BlueStacks_nxt"
        6⤵
        Executes dropped EXE
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\HD-GLCheck.exe" 1 2
        6⤵
        Executes dropped EXE
        
        PID:7244
      - C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\HD-GLCheck.exe" 4 2
        6⤵
        Executes dropped EXE
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\HD-GLCheck.exe" 2 2
        6⤵
        Executes dropped EXE
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\HD-GLCheck.exe" 1 1
        6⤵
        Executes dropped EXE
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\HD-GLCheck.exe" 4 1
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\HD-GLCheck.exe" 2 1
        6⤵
        Executes dropped EXE
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\HD-CheckCpu.exe" --cmd checkSSE4
        6⤵
        Executes dropped EXE
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\PF.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa
        6⤵
        Drops file in Program Files directory
        Executes dropped EXE
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\\HD-GLCheck.exe" 2
        6⤵
        Executes dropped EXE
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\\HD-GLCheck.exe" 3
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\\HD-GLCheck.exe" 1
        6⤵
        Executes dropped EXE
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\QtRedistx64.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa
        6⤵
        Drops file in Program Files directory
        Executes dropped EXE
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\PD.zip" -o"C:\ProgramData\BlueStacks_nxt" -aoa
        6⤵
        Executes dropped EXE
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\7zr.exe" x "C:\ProgramData\Pie64_5.14.22.1003.exe" -o"C:\ProgramData\BlueStacks_nxt\Engine\Pie64" -aoa
        6⤵
        Executes dropped EXE
        
        PID:6280
      - C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"
        6⤵
        Modifies Windows Firewall
        
        PID:7712
      - C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\HD-Player.exe" enable=yes
        6⤵
        Modifies Windows Firewall
        
        PID:6700
      - C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall delete rule name="BlueStacksAppplayerWeb"
        6⤵
        Modifies Windows Firewall
        
        PID:6332
      - C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall add rule name="BlueStacksAppplayerWeb" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe" enable=yes
        6⤵
        Modifies Windows Firewall
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\HD-CheckCpu.exe" --cmd checkSSE3
        6⤵
        Executes dropped EXE
        
        PID:5344
      - C:\Windows\SYSTEM32\cmd.exe
        
        "cmd.exe" /c "sc.exe delete BlueStacksDrv_nxt"
        6⤵
        
        PID:5556
        
        C:\Windows\system32\sc.exe
        
        sc.exe delete BlueStacksDrv_nxt
        7⤵
        Launches sc.exe
        
        PID:6232
      - C:\Windows\SYSTEM32\reg.exe
        
        "reg.exe" EXPORT HKLM\Software\BlueStacks_nxt "C:\Users\Admin\AppData\Local\Temp\tq00xn1t.kre\RegHKLM.txt"
        6⤵
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\7zr.exe" a "C:\Users\Admin\AppData\Local\Temp\Installer.zip" -m0=LZMA:a=1 "C:\Users\Admin\AppData\Local\Temp\tq00xn1t.kre\*"
        6⤵
        Executes dropped EXE
        
        PID:6076
- - C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
    BlueStacksWeb.exe --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2604 /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:8008
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3428 --field-trial-handle=1728,i,5256494182815163423,16788456315991893942,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:8108

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6408
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1132.0.643538913\42207514" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0adf893-7609-4e88-bf35-ba3b827225c8} 1132 "\\.\pipe\gecko-crash-server-pipe.1132" 1960 1ffa9bb8b58 gpu
    3⤵
    PID:6856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1132.1.1325049865\1623673153" -parentBuildID 20221007134813 -prefsHandle 2332 -prefMapHandle 2328 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcdaf0b6-57c8-46f1-87d9-47bbf7048107} 1132 "\\.\pipe\gecko-crash-server-pipe.1132" 2360 1ffa96e8058 socket
    3⤵
    - Checks processor information in registry
    PID:6704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1132.2.1556097170\742415521" -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 2892 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58bcdbe2-4440-4f8d-adf0-bd9295502b3a} 1132 "\\.\pipe\gecko-crash-server-pipe.1132" 2960 1ffa9b6a958 tab
    3⤵
    PID:6524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1132.3.1737420054\409122335" -childID 2 -isForBrowser -prefsHandle 3632 -prefMapHandle 3628 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d775488c-bbb4-45c3-b352-cdd7a3223b56} 1132 "\\.\pipe\gecko-crash-server-pipe.1132" 3640 1ff9cf61658 tab
    3⤵
    PID:6672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1132.4.1835324899\372900066" -childID 3 -isForBrowser -prefsHandle 4300 -prefMapHandle 4296 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9dc2391c-ebe1-4216-b4b3-8ee920d6c0b1} 1132 "\\.\pipe\gecko-crash-server-pipe.1132" 4316 1ffaf032058 tab
    3⤵
    PID:4040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1132.5.1240840699\102128307" -childID 4 -isForBrowser -prefsHandle 5000 -prefMapHandle 5044 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87813455-7f11-4883-97de-ce566f579b7a} 1132 "\\.\pipe\gecko-crash-server-pipe.1132" 5056 1ffafedb458 tab
    3⤵
    PID:4984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1132.6.713716817\2015022444" -childID 5 -isForBrowser -prefsHandle 5196 -prefMapHandle 5200 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {997ae3f2-3edc-4f7e-bdb7-61021f5a3185} 1132 "\\.\pipe\gecko-crash-server-pipe.1132" 5280 1ffafeda258 tab
    3⤵
    PID:5952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1132.7.1499544567\2122202360" -childID 6 -isForBrowser -prefsHandle 5416 -prefMapHandle 5420 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c600454-cdde-42c4-ae12-3a6f0c7a3525} 1132 "\\.\pipe\gecko-crash-server-pipe.1132" 5184 1ffafedbd58 tab
    3⤵
    PID:5128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1132.8.501944955\1405896343" -childID 7 -isForBrowser -prefsHandle 2816 -prefMapHandle 5220 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c837ea8c-d80a-4472-9164-00b8bb1e2e2b} 1132 "\\.\pipe\gecko-crash-server-pipe.1132" 5032 1ffa996ff58 tab
    3⤵
    PID:8344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1132.9.1429214421\1685838504" -childID 8 -isForBrowser -prefsHandle 5136 -prefMapHandle 5112 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {654509f9-9bec-4a3b-bff7-bba3ae5b8d47} 1132 "\\.\pipe\gecko-crash-server-pipe.1132" 5576 1ffb0e1ee58 tab
    3⤵
    PID:4432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe

Filesize
475KB

MD5
62e4a0fff6c786b95c6ef4808e3e64b8

SHA1
da5be7cf6a5858c8afdffd716c966b561cb17942

SHA256
217a85a670f12953bd4039ab0b89180b46e32b3ebe820877cf587e6bfcef0bbd

SHA512
19e72fbba7ae7aaafbef30658d3e66ccb6200a56dd6ffaeee1d476ddc1d8ea71ea01da2804e98605e819367b53681747f6129d1be332248c49134b909d1ae2ed

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_disabled.svg

Filesize
569B

MD5
e7fdf6a9c8cae1fc1108dc5a803a1905

SHA1
2853f9ff5e63685ebb1449dcf693176b17e4ab60

SHA256
8ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e

SHA512
a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_hover.svg

Filesize
653B

MD5
76166804e6ce35e8a0c92917b8abc071

SHA1
8bd38726a11a9633ac937b9c6f205ce5d36348b0

SHA256
1bca2e912184b8168ee8961de68d1d839f4f9827fde6f48ab100fb61e82eff90

SHA512
93c4f1af7e9f89091a207ab308e05ddd4c92406c039f7465d3b8aca7e0cc7a6c922a22e1eee2f5c88db5e89016ef69294b2a0905d7d6a90fd32835bc11929005

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_normal.svg

Filesize
569B

MD5
3221ac69d7facd8aa90ffa15aea991b0

SHA1
e0571f30f4708ec78addc726a743679ca0f05e45

SHA256
92aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537

SHA512
5e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_pressed.svg

Filesize
653B

MD5
dfddf8d0788988c3e48fcbfb2a76cd20

SHA1
463bb61f0012289e860c32f1885a3a8f57467f2e

SHA256
9585f41eb6202e89f2087266fa31852d7f41ca8cc659b907c96753fe165f937d

SHA512
e708c5114c60f7574589d6a56c9faedda26ee4a40f0eeb25f5e12eadcf790f24fdbf393fa0aa6ad449b5337d625b092d6f8822472fa8a6ce1339aca59c50c3ca

Download Submit
C:\Program Files\BlueStacks_nxt\7zr.exe

Filesize
812KB

MD5
fbaba140f30a11e5ff4f97d921de6d45

SHA1
d12360b79d9fe7ddc5380a22539dc7d4768ff5f3

SHA256
4889c0826c633c0291264d37834363be90ee39d07fcea228494ed151386dcb16

SHA512
cd18bb1b057b1b077fde372ca5f98701614b196b692ac42ec56e5b839535022d884a2cd9b6bf644a520c6f48f12f673574a24e60580c70c695067b66442ea7a5

Download Submit
C:\Program Files\BlueStacks_nxt\BlueStacksUninstaller.exe.config

Filesize
392B

MD5
ca0a329097316832e4a6ea5d870c9268

SHA1
4a36b93361d3dc9df9b00313f2c2b394be9e1e72

SHA256
4b7df915d706af6459c38d75b09c5e14f951842ae0678078400f204ad1c7a7c2

SHA512
51f9a874e84f130be4fa29fcc4bc934105318234b5dd9ceedaf569e3f0e6b38e29f3bec056044724476ae24295a510b16d8a737b994fd6f1268609defa315271

Download Submit
C:\Program Files\BlueStacks_nxt\HD-ForceGPU.exe

Filesize
169KB

MD5
fa146b05afa8f9a7e331f7f845c423a7

SHA1
f0f3b0d8603e3de88d2a258c2746f52291be8351

SHA256
2959f9c31a4b64c159611bb044195c11bf6b44e5be171b85ee3350a7fa40e33b

SHA512
b0118b3d312267fa54937553b08edc32e9e1c9692fa04573da06b92d9c6b08b09c87ca7e8fdb27275b66f07d355238230f8573364079fe1d2f7e9787efb2ebc3

Download Submit
C:\Program Files\BlueStacks_nxt\HD-GLCheck.exe

Filesize
223KB

MD5
f47c0bbad441b60285e236b9811e9752

SHA1
2605282bfecca43d37904eed41aec2ab1d051a83

SHA256
6421a0f711de4a47042c10d5868136ca1531ad05d85f7f6dd51398cce3ee2659

SHA512
80b4954f72fbc4f2fa335eab89a1d878c3e893355a103ae9183ccb8cd3cc4125b73bbd69c0ff64973192e9b6ac289efe7f792ab2fb1305e402f39ad4f27ee7e9

Download Submit
C:\Program Files\BlueStacks_nxt\ProductLogo.ico

Filesize
131KB

MD5
169706218f98a42594a8c5c5a65771fe

SHA1
b8ded94180212578d86a031eb71ef93dcffe1a26

SHA256
3803045963af064936d7071c178de8e40854968b3d3f9171c57a182c869f3697

SHA512
1c3f18ed0a24ffa78fe938826eb88531eb8be134d6f209b87d7af5d0e8c4829f01947d7b0048996b9755562bbb7f52e000bcd15d07d646cacb2989ac881ce448

Download Submit
C:\Program Files\BlueStacks_nxt\resources\icudtl.dat

Filesize
10.0MB

MD5
03205e5952ea7b803839ecfe3bb000d6

SHA1
74146e76e31fd1e75ae1c34fa8194bc291b34a40

SHA256
8364e6c6bf5744357199de0de3f6ba30846ccda70288675b75059e6fd52241f3

SHA512
badb8843f9a483329cc4f559f95bd07a8cc1f9383e0e67dddacf74e586541067ca452a7fc28b63dcd28edc434c3be8ddc733dcbad0e06d973dafc99242f0b192

Download Submit
C:\Program Files\BlueStacks_nxt\resources\qtwebengine_resources.pak

Filesize
2.4MB

MD5
aed2766cd70116ab1e0c430001a30b8f

SHA1
a06c62b35c333412dd61c493d6a6520a8c04537c

SHA256
4ed3a10f1bbc40b9a2ce3b8cb6dab6f00fe922d0c0e1c6ab5adfd8617cec9389

SHA512
a1ca058b88c1a6839b2e329b08423ee115800864f580f832bbc4f4720f0965984f893d210437951bd79dcfd3b917137b0b2e8f381e50d2a1bc2de37ca5555961

Download Submit
C:\Program Files\BlueStacks_nxt\resources\qtwebengine_resources_100p.pak

Filesize
191KB

MD5
8615f18dea34c152e8aeb8f4e01fd17b

SHA1
032b7bab09943cc5c8a380b0aba29652d5539153

SHA256
e7e2cd13fa9fbaa33c537e8eecfd542e4ce4a621bc0b94159ef9e6e4541652a6

SHA512
2a68ba854d473883f20e1a26375fa39b689cd39d2e284a963b07f25fa3eb6865ff3d8fea2241af23ffc731b83e20ec5b8147486de0a507e83413f75d71eab248

Download Submit
C:\Program Files\BlueStacks_nxt\resources\qtwebengine_resources_200p.pak

Filesize
250KB

MD5
de5e6a97c80d698256369b10255ce45d

SHA1
8d4b979a8c2ee33c2dbc01ed13a165b455a5fdfc

SHA256
669f9d3388438377c440419e5c62973362e33e84a5b247ddd0dd4568da75eb13

SHA512
5609ca5053f581e636c0fe10def704f076c7acf5d958e235991fec32a2ddebd72b312f36a6648d2462766d1cb141f3df12d39df1a344e0dfb4a9e2946dcf1206

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\am.pak

Filesize
420KB

MD5
2a8ca8692a60fe8d33d51d99c9084a9d

SHA1
919d8adacce240fd394d6faf2aa41d2e5b8460ec

SHA256
73f0a7c7632313613814b3ccf5962962aff99de940e084e0b609ecbad1ec1d44

SHA512
080e56cce041226592e7fa816fe8c5e362a1f172a8c671bda4092ff127f0cbe8238c40d41751099f6bac8f02c71faccc011df270b1c1bb8b772286ab95f5f1ea

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ar.pak

Filesize
441KB

MD5
143ffa8ca3ac0e6dca9a8b3e8ba3f3f5

SHA1
6186940350b3fdd936f6ce41f3091bbca397e9a2

SHA256
3f35466a80f4ca5a5167b2d3a3278e75afd90821206ac98801210a2117c913e2

SHA512
a12b5e3ae821e08aa76657cf84bd79def6f8fdb413e908b13944f6c2bc1aa9724193d0a9a0abd5dc0b87e0845d61b021d39024a5048443531dafa19de707944e

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\bg.pak

Filesize
475KB

MD5
154217351d415b13dca71e28727902c4

SHA1
096a1640b5e83a7b20afdfa7cfe2507b4128e0a5

SHA256
da4bb8513745180a0eb26228a315786a6bfb98d6594173491d25cdf9d59c5bcf

SHA512
f1676a8b05c00588308c57b2290c00a6d844811e9ad4495ba94d62ae71a8c58d504ccd2697cfbf822fd5c2ce6423f76da8a901b4eae55095dc4b9667d9c2a8eb

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\bn.pak

Filesize
624KB

MD5
304432105fbe28b1625f0d7b6be3e7bf

SHA1
2d5474854bc0bca3f3ead1b9199d76ef533f0850

SHA256
ac282f17c5f25b55d368d06b305b89b614949d41c2a1377f1dd5aecb57d1ca8e

SHA512
8ab35cf2069f70a3a99dde98a7b7782821000abcefa97eaeb07b8a717d26a7b6c5461d5bcd39110b47db98aad9c56e463ca2707b7e6b71cda1092b8cf3a91ab8

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ca.pak

Filesize
294KB

MD5
a2c61a98fe7407ded9ece126c4c9d057

SHA1
c7d64d8bdc2fd9e7f1c62dff79e0e56e13f9cd69

SHA256
4d583b753104ae98a1e5858bfe38dfa3195d477128441ca59c882d158d52ebf8

SHA512
7522ee10397140b5eb45ec3d5cb32e9212a7d3cae8fbc377b270872aaf6c7077e7b13465f6005a85b5fdd4d2e86b1731c3366ddfb2e4bccae4ae2d1a178e0b1c

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\cs.pak

Filesize
303KB

MD5
c0bb82986abc67281d8067e5f20625c7

SHA1
e7cc8888dd95d9edf226893f0e4c12e572bf6bf8

SHA256
217718dd6d64f45da33db0629e6d56da8084ae0fd8123eafda909e662a5e5b50

SHA512
80f4542345cc6e0d3589aeb76e0e5f19a824f2d3186d397c8fb71c1e9d6c056108df7f9a192a6515eb9ee43505b7844c0bf76b77596adcaa3c0ee783dd590ad9

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\da.pak

Filesize
271KB

MD5
5eba7377be8e34dd03db766300039ed2

SHA1
b3460fa050b93454b9e05586d86d7cf67881f557

SHA256
94157ad608b35b29dd176a3106caa4613ed6d4c20268ce00ac4ccf13a9950f94

SHA512
7d24210b60fe38b42fc6a4437ffb1e06333b7084025efe462b66e086cdee953254a1d6fec69ab3c8569118156f3a4a957aed5259e1432772ab46cf7905aa4385

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\de.pak

Filesize
292KB

MD5
01cc5b8a05a435482dc692baef032d3a

SHA1
229a4d1c9aea9111bb46895d096dfcaf488b8d4a

SHA256
53d5743a2606d6b553e8dbff871f2f1d3d53666baeb9ecca5b1ed624d48d5835

SHA512
082654e8385811d4e0f35544c017704b0f13638f850947d76c9abe093333fdaf9d1d08c184bb8107d16b0eae6ebcbe0c522ed18138dcee30a71d9d75ea8c3488

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\el.pak

Filesize
522KB

MD5
26afc001a706679413f5deaa3c6603e4

SHA1
c9d780d930775cfc17cf9160712a2e90ca55106e

SHA256
4c2a3552e84fdd08852073d25c99727c4270160260d159572715c7d37e5861bc

SHA512
743380b99f6d55ad892296e8361b74cf90254403fef15de37c3e5fc302bae2991f5bb4ae21ba84bddc30da3b5b31fb4e741b0c524feede1656bcd2d531d76ea1

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\en-GB.pak

Filesize
239KB

MD5
06da37b66f4dbbe8c5ae1bd7e4addc99

SHA1
ac190bbb14b76d14143dcc088f460d1be2ba2886

SHA256
60f87ec2b06329bdea7f835a61e9893fae147343f133caa2bfa5215797881ee0

SHA512
c436359e259c0a1cdc0dea1bb9ecd2bc22fe1124d76b9deac7e8c7751d97d66cbe61739aecef650908ed05363156fa11453490a9c9f23c74c683ac4e8c7c8c3e

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\en-US.pak

Filesize
242KB

MD5
1e958f35257ef1e2e5115d860602a593

SHA1
688afb781ce3c4c9a55fee9696145260d2ce1400

SHA256
4a65112f4d03cf38abf2ccff5e3fe8e161cb3e47d588b510504007c9bb876b37

SHA512
a996e8708f4e92794cf3eb6b7780d9ac8e567b1359aface4fd50d427630e4219678f4cdcd58764123ab6baf12a9c87a08b6ba5767fa8f6042a7319fb45b72a27

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\es-419.pak

Filesize
289KB

MD5
f21b0783d062082ee46aa573eff68df0

SHA1
84f62d15eb68858245e56bef0cf317e273918044

SHA256
859cb8ad8666e97a47f0e24df4ae85aad80002fbf842b4e68afd0a308d6597fe

SHA512
d87e2d51cedba8ba4eba3b0fd390bfb32b25c5cda98a0d6465b5ae351dc745a67ac174c223e7def8b02c9f00729244026e895791add2611680579dfec4b7b07b

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\es.pak

Filesize
293KB

MD5
03265b1a7f6a996513067866d55f3bcb

SHA1
427eecd7810cf24c8758dc9beae18afc9d8969a0

SHA256
516234550bfda93687b28c5cb3b7b5362212bf41b900d790ade52747bcf766da

SHA512
d6ace0340666eaffe28f57fb070eb4504460bd47517cf3c0b9c07671a605ec017c4fb45a38fbb96b9c54887dcee639b41ef03b2fd85ed9a666af56dbb73023dc

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\et.pak

Filesize
261KB

MD5
73e6f20f0c75a9beb72798167f8c6f91

SHA1
d01932a69626d23e8ce9e9bc240f6d99dd155fb4

SHA256
ff1b0d50f6f067b291199578b6a7757797bd7fdc6b0ac472c9361076bf9eadaf

SHA512
98966566211bba402352607a0622dca7f64ad4c056cec2b40cb70572cd1ce5ed92556490b4399a32ed1c04a14d80a3841fd1a758225120ee416c68e9314316db

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fa.pak

Filesize
422KB

MD5
f913ea1db8c9c99bff701ceeaf8138f3

SHA1
6bef3ff865b3a95dc1900ba3c94c5bf556c695a1

SHA256
b4e0d3f7cb858ce12b5a75a71ef14f2a36494cd4138181b29f6fb3d6bd386c4c

SHA512
edca9b945c6dc90586f6d20e73316f620d5fff61f3ad4fd35c7e9064f55b1988cc77d372a97d100cbf572a2906cd193777a18ace98fabadea1604df42c8823a5

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fi.pak

Filesize
269KB

MD5
f55358f58eb17b4bc6abb19592c1aba7

SHA1
6dc1d99757bc5a447b9761a4a0c90a2be521c6b0

SHA256
cf3b9a857c63022d671f4cc335728c270935628f085ac9a17568a2529daeb4c1

SHA512
d7cb03ec31a3cd8c7f13e1bae1439fbba3b76636f1f254ba5376c5da82b9a98e93684fc3cab3bbe8a4c892ba42f17c0db1eec1531950e17932aee16007081aab

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fil.pak

Filesize
301KB

MD5
f5257136ed900e1715979c9a96de292d

SHA1
217cbe02931f6466bdbdb27c85c876b851610b23

SHA256
98a20cd0e9fae36f22de4a4db7b515532b4327e6d475d4e39ae93ea45b76cd90

SHA512
c38828d2736ba26ad0bff9976adc9d3910df7a417aad8cf6e3cf6383688a56ad2581cbda520403d44b010562b56d6107211385fc80988ac57e930199415ca654

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fr.pak

Filesize
318KB

MD5
75575474726cc8d98def90e0dbddcb0f

SHA1
3e62e3b73bab73597a01c3ece5871c64b142391f

SHA256
d37509844342371b4026b720dc00f77ff88fe2e7c2b27861e3ca66b10e76ca94

SHA512
37e8e5cc44ee4433b0206cd1baedb955947d0fdf172e69a28fb7bc09f2a57c4f27fb45c12a0a49753281cb2e2a92792b67d568f3cd4f90c9c87337249d031fc0

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\gu.pak

Filesize
596KB

MD5
e245057bea15117bed15bc3ee2911d74

SHA1
c8e2d5f85a974fa989c0d0f64121d2836a13bb84

SHA256
4ea64678c7c551c2b2088b9417bcc76218822f3213e9b8028d618864035b97a5

SHA512
a72a1c259332f279f976403034c9d2356a437a1677c0e20c243f23ac246a8ab65bf150a610867687eef48a0b7c87d23f0e357ef21bb1791386790243803ee70f

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\he.pak

Filesize
368KB

MD5
8c02d30c68c4abb4b1a7c2493d8fde51

SHA1
2cbe2f537d59971296f2180d146d9c2905d2a76f

SHA256
e37f0e2516799f320e4ac1a872d0ab7108c4f63d9ad33a17a4008923c7f93e9a

SHA512
9155cb07b6a23d7f73bf8f68af44ee3bc1e25c6ca643c2f8d64a808d3f78076e3ee60f68d3be9cfe3a6dcfbbfd4595e58c897cb4f8b92272e8ffb443cdf6f3a6

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hi.pak

Filesize
618KB

MD5
61838bdf13a1d60545d15e9cc49866be

SHA1
64bec7fe42caf53f192b58e4e5b068e56d835cec

SHA256
9a399dd9dac62ea30d700f94e83dd79d54827eac8b9cbce0343ad2dc0f4809a1

SHA512
7e9e0c3aabebd6f0c221918b6790d096824ee1c5f7338a21ac489952b8260b1e59be423005ce34bd5039cb38fa7c9197cf48b77974ed8f6b7ab2a2472e3daecf

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hr.pak

Filesize
290KB

MD5
a621446d9e94b0d47935bf3310c385b5

SHA1
5cb954846bd2a2c477cb28b99545cd9bc0fbe990

SHA256
93f7fbaf2c7e5f52187fc4a2b5726387e84decebd1efd8b922665bb831e5b842

SHA512
80c5ddea81bf8d1721a2c6cf094cb2c99a10a9aa443193bb2942360de9783da75292eaa341711700281626cc0c8a8f9dc071bd8bb589444f764ea307c4b9de37

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hu.pak

Filesize
312KB

MD5
3c70ba470c8503cae9407540d070f506

SHA1
0b841228d28e8605c37df79f1a3714402d2b18df

SHA256
0770854f32f041df5ee0190164aa24a1ad06e199c79efd46f3ab65e12129023e

SHA512
ded69524127431d1b6a68bcf85119079a57d3aae5c5be7fd8f215090ecc74570b899e8ec70d6cf74da49833d903f8ec2cbb06738a1c917efc5e19a44167183c1

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\id.pak

Filesize
259KB

MD5
fc2cd7f4af1976579f6b0eae3ab2d874

SHA1
c4e434b9d0d95a505947c97d396b05c9a18f3983

SHA256
48b670c94216623a0c81ad611cc3b47a47dc9368215e065fd02448b4ebf808ef

SHA512
9e355bcfcc31535755233cdd7a521b0bc68f897d85a22da658e3fe5bfa388ce8d8dfa7c01087ea04cd268d44d43862c5acf5b305e45b4572dcb25884e45a4535

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\it.pak

Filesize
285KB

MD5
56c13472d7efdb4466d5189af2d06ce6

SHA1
84025c148e10e1885125893dd286d0f9e751e101

SHA256
7114d3e0c7de30f25c789a1dcc7c50e85985b8ff35afce4600128e85318b4af4

SHA512
fa9b17d387585a281ef1582b8596cb61dc79658bf3b121f6fb6355bd6584c517d938e21d1a0b1be6491c01e5c15c2da666d9f77000a12a2da137c040046957f8

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ja.pak

Filesize
351KB

MD5
9705a8fcead214aa619f1be816135ea0

SHA1
f10d22cdbf5d7960aeaa13c98cf8f7de41034760

SHA256
c8db5560edd42f1a6acc4efd10865ce39c15dadd3b7dbdaaa28922e1f9c86320

SHA512
6d82ae6023e48ef54d6903a13b6f07069fdd5c87aa0e7b1219c0797bf49cc789170b3677d572fb1b63feda138e624f71e7175022eb7928db0dd413cc8652c6af

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\kn.pak

Filesize
693KB

MD5
2e9a1e91aa149308dde43e0b357e1c8a

SHA1
d657811a3b3dabe519fb7b5fad46977674234f51

SHA256
2a0411a1368fd5f342581b00fb3b451f89ad593fa49f0f79fd9abd5ee0d5f5e1

SHA512
d7b612562fb04a89dac28f51e691f42af39cf61bbd2199c4f652a3096330a99084c0f410bf0c449403031b9a264769ba2932cdae8b0c49bcf92b5ae7a4e8fe9b

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ko.pak

Filesize
296KB

MD5
2a0bc83152bfbc0f365d3a85fd1e1832

SHA1
9b972a8e823ff6f161ca2aadac11043b054b3146

SHA256
ae1cdf9a4cef3a86d3550f7501e5c650cc1e0924c9ab84900df702ea7e351f8f

SHA512
2c3ae97d3c78310cafe92620c0438dde4c624353cd682f3087c92050870d768e6f7071248e55d03232739a2dd94c7694975b0b329f1ffc6148221a18effa9088

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\lt.pak

Filesize
313KB

MD5
7769b6273b1519ea1a8ac9f059e78c93

SHA1
6d8807f4af484041bac83d5d8873d639d5f07d0e

SHA256
e88897c766d8746b9ad859123742dc84b4dc9e6bd05d10a9262b15055a67758a

SHA512
9c91942cb73bc0c2dfdd94a93759520d9a3ac7f6b43ac826d00d2ff46c6335ed87126024bfa955e9c9e744d437a832188d66ad238ae66378a23210b9d1e740ae

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\lv.pak

Filesize
310KB

MD5
17b9ff8c299fff962e9b9bc0d5f2f15b

SHA1
6224d9bf81c4771033e14477da0a652336326036

SHA256
7e4a42d3cc06b7c9cfebad08391de3a275ec129ac20d36ec90ac136ee88223f0

SHA512
8bd3f102b933b94cd0da09e77c78369a156e2ac22f29888ac0c9db8d9d4e2a7e4eeac99942ae7a8785c6207a0277c374c1727712a932922c10646e3fec609963

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ml.pak

Filesize
728KB

MD5
df01088842b8c05568fce402a69bb595

SHA1
4b97c244ee85efb9c35b69f65f64d9cfcb2d25aa

SHA256
9f1fe59eb3d0da8d36715d63da958b5773ced3967e04c5314b3d5aaad2f3c579

SHA512
b434a12884f7a1d417c02de2fd27955e6af2329d8d8d0db9781675a16396556b89e2f46dc951e070c4077073e126d492a5db7a077b7ac3b1f80fe4fab4d68125

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\mr.pak

Filesize
584KB

MD5
f40f6817a07049b8589310b7dba04534

SHA1
93afea27adbd165aa1e3261cb67d5ab719ea02db

SHA256
5429e2696d32638253c4372cc427b3fa154d7c997dc13aab90411fdf98c8f6d3

SHA512
450039cebfebd9b5dd012c2980587e78b64e777bb2ed7cebd1f3174b5e88f0a018cbd60af18ef3eaeeecf9729b420a0216a0b167867be4a2814744217bbf84e6

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ms.pak

Filesize
269KB

MD5
901240b9cb3a7a635c2d56d6ff1b3966

SHA1
c1fdd4ccf213bf1822696061d64930f47a017cdf

SHA256
a750d091e4ca00bdc647ca36c2a22cf9199126c69607fc14f468f6b3b588e55e

SHA512
2b316bc8d5f27f6f90434fa61d270a28f5aef2b9808b1467697c5671aedcfd99d7cf99d72f11d05dee06e73949ab2b22627ea1e925ce8b1ec65b4cd43d03eca4

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\nb.pak

Filesize
264KB

MD5
5c901b43287edab65f05464dbad3e301

SHA1
d76444677a7eeafdfe0bc27a0ff892f028144d67

SHA256
0bdd86ed3444e7e5508dfe4ec483673c2744925accaa5529bff4037cd1b0c2ed

SHA512
46fbe41905a44fe034f3b0798459a2b5bfb4ac408bb90fb5f0f9e82c91407e4b6eddaa82173c0926784881acee514da71284ed02decb49d99cb235784d072da2

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\nl.pak

Filesize
275KB

MD5
884f7faf0e79d04c6536506d6f95eab1

SHA1
39334913aa447b35012a8d7100e7f91e805c7e9d

SHA256
b4d9d873df0ab126f4a312755fde331d4d246519f1757f32087b36714ef4249f

SHA512
77a4379e148c7886950b92bdf8959c12c8695b7121be89142f4d4190cf32c43b8accb77f0c40718cd3c7e3ac0f90e99f3dcf5992140a5769821fc2adac988e18

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\pl.pak

Filesize
301KB

MD5
41ad390a8cc5fbd5b1f352e838b42ce1

SHA1
9efa8f2e5a0312e83f737929765a86112a874272

SHA256
979c4336b428df84e37a2a51a7c5f311ac33ef6e4edc309c138ab2866dd065c0

SHA512
1beb3c66c5b4f9d128e8badcaa8b9dfa9908d74ea910c40a7cde8be3b9b704525e7ddf1e646013cfecf7c66585975b8a8e640b43b27771335bbaa90158f45d01

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\pt-BR.pak

Filesize
285KB

MD5
4792f1e39c6875d8aa5e911f16ed638d

SHA1
c04ecb497096be4173f9aae3f0ae6accc8324156

SHA256
a39bf79dce50c0ef227c3f326728d12c7675a79ab5d4b891fc56913bcbe83e5e

SHA512
5fabf0e030f94c959eac797ae401f28b76ad63816e88d26e3875168978d7448317e3f86aa99b15c0ff266505c5dcb30124c796c6c46c0b90e09ce21b77324d69

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\pt-PT.pak

Filesize
288KB

MD5
0db54f0f25ec3a19dff541ba223bd5b4

SHA1
dc1f0c9b1c2578490af5923df179a92814c04904

SHA256
ff89da2b21c03475373f3839615c570d15b9929fa2cea991105915ef4e648d69

SHA512
96060c6c548085f019f3f127c4250ae6620c2b4f206da9203db94a7d2146c945b5384a661494ad886ceb35cf3f45500302b01009e08b43e549e17ddc318bc48c

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ro.pak

Filesize
297KB

MD5
14ee5c1a362e753a5c44b11343430fdb

SHA1
b87e4750d5319c5c695f1581feaacdd71abe0cda

SHA256
ac3134a201073f6482a4cceb29a745104325ac76b7ad0d262ac7567584f450a1

SHA512
ed647aa3f3ccd5033e41c8cbb8f85d1bd0dbf783472668abb9a7e83ce5ce05706b9d67d5cfb4c28791414e77b5ea9ca5335189545ee79475d3f7cf58c1f12377

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ru.pak

Filesize
477KB

MD5
3d28ef9e25426b08409db5379cfd55e3

SHA1
25fefc87d6233da5b287dbbf04a63c34cb9c5571

SHA256
b81a0b0175225dbdf35150dcc0c36154cfc042c1525df216d68034f0ae609057

SHA512
210b8bf28519c1e1576dfaa76260ceb6fe5dc46d23a6c74f1eaba9e08abb310b34989f0e667b6839999f765cb9bb77d35636db63ba082d471c6b73819b357995

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sk.pak

Filesize
308KB

MD5
b37b81799942fc174e05b6aac03ea4c3

SHA1
788d6d10c82614465628f79bbe1f2346839a582e

SHA256
579a167528badf2a6feafbab487bd2314dd6107d0cc87df17a88ae325ef16319

SHA512
31bb82eb4434665a1b22a21e3e91b48fb2fe78913aac18475f8f328f05fafb2e4bffdd1565b8f48c67061fbf760ad217300882b5871d1753255d969be2b49b44

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sl.pak

Filesize
294KB

MD5
4138dc422fc6a5afb1a855ffe0caba32

SHA1
8b23cb3c91167908e181eb0ce9d730ca5b3179e7

SHA256
7904fb9153a65105690d76ebda6e9edef2852b868f6a8d2e989b2013d40ffc3b

SHA512
a578919421c6458fd187d5985d721257cfb7bc3404f174dff413c211f29cb2d4552699fe10f0c01a651e224c1c7f3189706aaf71107187120a4260214881e531

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sr.pak

Filesize
451KB

MD5
97ef86fc3b66a0a3aa4e1be4555369f0

SHA1
bbe68527d0c4c9e6624920d548c0ab0c09dbac88

SHA256
d5a48e324fba0fe6ad0b08da12fa2f4b9279b6271d36710663b3462794a0c7fb

SHA512
fd7802060a8891df3ad2df1252e0fe09f227c7ca81715917fe0020277d28788326d9798cb62acb8820f4701fb18627f78b6d22d9ee8ee402abcfeb4704718ef3

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sv.pak

Filesize
266KB

MD5
f2bf46d97477489d80659d0be53d9d05

SHA1
a76378ec45dcdef0c596aebe8a4cf36dd3f9c01c

SHA256
196265eea8a2d8746953564b11d64dfc38acc9b17d3e38965f3ae1ba78841e32

SHA512
d65d27d04beacb20d3367af016ef55bea774c782475271e0a0573d2bff2912835d96a803c216ca5f43b56d142e6a77b41a67f35c5bc704c10f5e2aee5d6b7348

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sw.pak

Filesize
273KB

MD5
e99bc71c3caeae580ef7060155ddd0ff

SHA1
d6986e1fe1dd6c110b05f44f84e956ecac188b97

SHA256
4282f200af58345ac756dbf88d0b898d26750f5aa16b7d2557b4d31c0ec126c8

SHA512
6bef16c9633387a3a0557cb644f152210d75157ac9b8ab1af6b94bdbdfb48b2511d0adc84d269ad16a439415ec46b78ff9a2e743bf72238cc5f25a4ce5bbd7f0

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ta.pak

Filesize
703KB

MD5
48554783d89587fe96d94cc1afb58248

SHA1
be0843e27225df82cbb27f017acb7bac27c92c5e

SHA256
df0d976ad84bd0dc165f341ca9c5dfe7995a4f676c1c0a09d7a4716747e94896

SHA512
2ec38646a550e86bd6634247de2a49be20e9f3c09820284da82f7aaa6ceabe32920c4395d3bcd728e3370f8342627a9a9f12b6a222de145213efe57239183784

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\te.pak

Filesize
658KB

MD5
079fbd6adf806504199dd0b05c87c697

SHA1
4fec8c3bae9b48f92e35b609fc3977eda5de2039

SHA256
ee2697e8850803f08bee80e461833bd9f4232532c3f569f56521b1320c99e5e2

SHA512
722c6f3f6f61a8eea6965eae290e580a3263b894e07f7aac08fb6cca67e668db92a874728e32764ee0c10f5307b753d1589b8cae5c8a39edb29c7253591c017d

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\th.pak

Filesize
556KB

MD5
433dbeabe2d4c70255f1685ece8fb97b

SHA1
966c16c364b4f3ae6ccb8c5019c0b6bca75b593e

SHA256
dedb178d79730bb0282605f7bbc6e410b03ee7bdcee1a64c08d9e9c442f49942

SHA512
b5f3d434f71b62136647700e7d4c4e207bafeeb20cdb03019c6cd6580e61f88f596a4f2a0ca77b010f38b41a3eaf5df8e2a00e06764db17244083cb95703213c

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\tr.pak

Filesize
282KB

MD5
1a505f3f30511c2b05eb29ee0e0bff26

SHA1
08d4002d32dc5ea8a9476495786f5d5c1bae7ea6

SHA256
27627a61c6857b80b5eec4f6720b585f82b38271b7470c00a444735beee254e0

SHA512
d925f59cc9af4d55ad5daee42094ddf5d120eae816cddb56e906cd8da47039502f7608e9c4af77994ee7db585697fb26dbbd1c2e7c0bee4e3b194c9eee80eeff

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\uk.pak

Filesize
478KB

MD5
e21f45d7685b75be483013e1e8dc8237

SHA1
8f4cdd3dea580d7671117e9c49891212ab950686

SHA256
dd57df6e7b591b3bd6663743c52f4c5f3a7a24e90fd8045b03479707f25702b3

SHA512
b29d8c67a259e4221e9cbb082f41a1b008f665e18dac568c7ac75fd40ee1e1e00df8bcd65825fbac63d51b1bf555c5c3752b96a9c8a4a153cd325377a165a048

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\vi.pak

Filesize
332KB

MD5
561050669f78bd04d0431de3eb98d160

SHA1
028a78bbaabe19ac338648ac95a8b944254e8d3d

SHA256
922eb514cc20dbb44f41745c9e793756f8b46892504207e75de188be0aca6333

SHA512
2df7ff472a616c9271da813a66c6bd98809d788c7dc752ff0f3f68423f245cadd6945a5424af740b17d14f4f6935a2f2bf030b369dc8a39fa6e968d7f2a1897d

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\zh-CN.pak

Filesize
245KB

MD5
54415acf2d54c65718c99ed78b4bf3e5

SHA1
311937480b01256a1e50d0556df9b4f9f9a46424

SHA256
3648945ec3205f590da62f76af957d8a4175890e6ddb5fd1103beeaf66728c7a

SHA512
4eba5d0f1be81e72699d8429252877096524b4e27fd7d8ac480ec13cb60a83f4b8288823299c1c4e210699278588662e578814b8061bd5b72b5179b956624fc9

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\zh-TW.pak

Filesize
245KB

MD5
c709c2e92d4c0a1a2fd30f5350bed636

SHA1
31c8463300bdfe0238f167451a1adffc4fa899a3

SHA256
37a8707ce5a07b4363579e2d411a1c641913ed1e0377ae1e8cdf70146cee889e

SHA512
38f8da72ecbf73f10a8109ba51f162e77b0f567f7415fe2fa17a2bd7677d9562ff8bd5c136251f44c192c7618cdf72684dfe11070f478255828a5bcc5df8c01d

Download Submit
C:\ProgramData\BlueStacks_nxt\Client\Assets\exit_close_click.png

Filesize
447B

MD5
b09525b48c0023f893d6b64d06add4b1

SHA1
10ecd439ea04e02eefe17f6c110d0c0a78a1db21

SHA256
caa2a8fe9b282939a21b86f8f61fb0c9452222cc3409f06cbb0dcc45613aca8e

SHA512
c6f5a7014c24133eb576708ca17d15becf2b45ec278b3f94e5275e47c78cf0f2eb8bb1a17d277d1a665039f38f2e25faf830e275f426b0a94c6a3da096b6204f

Download Submit
C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_selected_hover.png

Filesize
577B

MD5
47ff3e4cc15b8c4a07e3ceb6cb619b62

SHA1
0318e54c613b8ff00f54d843e90ef88310c1a96f

SHA256
4786cfb7c98edcf01d6b670abf19c50891d56a4de87b96a5e17be142b1af666a

SHA512
0212bd7f6cee390d3bc221a22189b75407fa660a0951c7f768645bf97e7b61ee86fa9b1de6f546ff1151560dcb3b071db8c14a7b08b0e771b539a817b31b154e

Download Submit
C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_unselected_hover.png

Filesize
480B

MD5
22efccf38e15df945962ac85ac3aa3b7

SHA1
b94a8615dc92982e1637680446896080f97c2564

SHA256
0ec39ed4bf89a341f1b5aea56d0e99ff5c923b9c3a6a81adeb9ff21764136f92

SHA512
41a4dbb57abed1a16aa84c72c202da461ca45cbaf68f69a10cb3e5529e8dff659e89f7f4459d1e2e8f3549c6fd51f23fc8422f86667577ebed5ab5df149c79ee

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\Log\log.txt

Filesize
1KB

MD5
2fc52429befae5b198f3826ea607d1c5

SHA1
5236839b8615aa866c0d4273742d4ad12013216b

SHA256
e94237d57fa38b4747db19c6ddc7d8e3ead2a508f14c133780cd8a07dc9faad6

SHA512
a65ddcda79757638792ae2b814b73a733a5c8d1fb43e5b6a06e15253668791b2a2bbc8af4e9b28cb79d299b379be259bf2a38cd8900ec404963858dcd3e46144

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\Log\log.txt

Filesize
4KB

MD5
6eade0278e7a4846674dab6656fbcb12

SHA1
8148b3f91ae696c138ce90da3eb57917003dcf8f

SHA256
d32fd81d6470d9a30fff1a1f492cb5697b0964a5b994d24abc3e2a15e7c822f9

SHA512
765743085e31980685e676d56f90464403fed5d0ce67f2c7dc647127201601d0ef578030bdb01e1ff5cc3826fe97028fb0eeefafa214bbc94e542bce369240ef

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\Pie64_5.14.22.1003.exe.tmp

Filesize
518.0MB

MD5
87163b81a6f86d39c58822886a4eb219

SHA1
cd1d1fa22863c7bf0b4b1f175fc99c9c6d5329d9

SHA256
698aa00768337d52f15d91a8deefcf3c1d3b0abeecb8a54b08babd119f2387bf

SHA512
9a67c31860374fdc1f2bb80eac8a7587146db6ad7d10321595dd23fa61688934d3ab5f3538d811d77f04da690f415c787f8f769cc387deab80b1a2388de227db

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Network Persistent State

Filesize
939B

MD5
0bf73316a732fdb9d9e342710cc79edf

SHA1
c990c94f573fdcd1f5eeead7d1f8671355430fce

SHA256
70a828262bcb1b9913d59bb6c309c564cf5b8209638d39d34f28fc62f7fb5fd8

SHA512
ef4e01e8fc056355bc2c1d477ffc49e8c8fe0a3f0d12ee62e2b7fe387f99bcc963b2730e8387a31f59a0f61a4b56f8d78da8a2a0bfc4f3122e0fdff57e65a742

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_00002f

Filesize
79KB

MD5
867cbec6d8cdba64b17d841188293389

SHA1
41bf759c8bd496877a6f645ca765e46c901d702c

SHA256
ddda198c7003ffe77d938968433b67f966c06f293888640db55d412118766d38

SHA512
ebe6de65008eff38ddbc5812e0a8ad7b9731751e301c98c18f24e897ef09e6cf8a473dca675aa69ff2cfd6a2ef31f0623fe5dc03653e80c884891b417d341740

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_000031

Filesize
105KB

MD5
7c9a1d28a5bf205661ac7625dbb0217a

SHA1
1f390d221774b7cf8247dec3de79a4e8067cfc77

SHA256
855d89f3875b26742ca457efc4656f6a4c8379e64c022886f03683c45a88fe73

SHA512
93d215c64625f024b90bf664f0c958efd08e2b77b6b6dfc9ce9af1ba1f0b1ee0126f70a311f265d8b3c3ce0f69c6d8e58f89b347ab5015f665fe952b2ae00f3c

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_000032

Filesize
187KB

MD5
3072fc59429c2135250b26c17bbf279b

SHA1
0cd79b1b37ab2f070f51d709f78ac730443d0d32

SHA256
e026686790212a9365d7dd104032d22f93d888ab720ccc834a9fe5d485673c9f

SHA512
1f27ea2009453ea51e3e60bffecb9d1f9ad7746bd0a99db75c309edf695854c97bcdde1f7453cf43cc1f65e049f1ac1d593d5564634a6adb97ff0a22274dd110

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_000046

Filesize
267KB

MD5
7fe7ac14ec09d376e267d9ad48dbd7a1

SHA1
34f03845cfe36bca71f506a103a656a16a5c9448

SHA256
25486e02a6dba0a1c0c4f29e6346db78eee3a46bd362941813b691cf251ace13

SHA512
b48990fcfc4f60b81bf69d65f7bb744593d89edf3237801ff49a6061d61a3920eecdec4d471ebb0ab863b7215684286afcae02f86bba1eda88491dbb42f542b2

Download Submit
C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.14.22.1003_nxt.exe

Filesize
160.0MB

MD5
dbd5fdeee02eaee6360883f7910dafbe

SHA1
0aaedcd44dda1160542d7fb7ee2431d155f1590d

SHA256
5809c5aca7834457deee8d58188603f3a8b1e653f5d5f0584b3875595246bc82

SHA512
743e1782b0e2e08773baacb9ea27edb1e3170728a02ded4b2b0ae80ac1376ea0d6ce8ed4e70c26df20c6c00884329e5b84c9f8d9af466141656773248ee3b54d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\cache2\entries\DB26F9F8326AFE57AA6A9D2B51C69B6A2C954139

Filesize
207KB

MD5
b7a0f012fc292d75e78859fee3a11a83

SHA1
36218d6861dffa05155517d97ced71937f8c548d

SHA256
a976f21c8e5754b660f1257d123348d545f62af2a63c4ed48ed339065006ab93

SHA512
06681b79917dc8d3c9bd6b43fd43051b859cc4d9b908d9548534181dbf771d5ebac45d2a274ae5166ab4aa12e56980382e61891cb28500ee318109ff29a6af29

Download Submit
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe

Filesize
154.7MB

MD5
1a2fe315268cba55150e11582a5397f6

SHA1
ead9ab9f86ee90aa4527c9c861c2a765036cc034

SHA256
54c05545717eb4125673931783a0f1e81e50f1b880b42eb9be3e2f43514f68b2

SHA512
cc2b811173f599344fe7f72fe68a8904f4e3fd173d716c489517f7cf2b356a81a3670fa3836be1e13f5490e2e4819a4fd3a73c8232ade4806f5ba9ce7ea2cdf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS42E08BC9\Assets\exit_close.png

Filesize
670B

MD5
26eb04b9e0105a7b121ea9c6601bbf2a

SHA1
efc08370d90c8173df8d8c4b122d2bb64c07ccd8

SHA256
7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

SHA512
9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS42E08BC9\Assets\minimize_progress.png

Filesize
212B

MD5
1504b80f2a6f2d3fefc305da54a2a6c2

SHA1
432a9d89ebc2f693836d3c2f0743ea5d2077848d

SHA256
2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

SHA512
675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC626DC37\Assets\backicon.png

Filesize
15KB

MD5
7ff5dc8270b5fa7ef6c4a1420bd67a7f

SHA1
b224300372feaa97d882ca2552b227c0f2ef4e3e

SHA256
fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1

SHA512
f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC626DC37\Assets\close_red.png

Filesize
15KB

MD5
93216b2f9d66d423b3e1311c0573332d

SHA1
5efaebec5f20f91f164f80d1e36f98c9ddaff805

SHA256
d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb

SHA512
922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC626DC37\Assets\close_red_hover.png

Filesize
15KB

MD5
5ceab43aa527bc146f9453a1586ddf03

SHA1
88ffb3cadccb54d4be3aabf31cf4d64210b5f553

SHA256
7c625ae4668cc03e37e4ffc478b87eace06b49b77e71e3209f431c23d98acdd0

SHA512
8a5c81c048fb7d02b246ed23a098ae5f95cdf6f4ca58fd3d30e4fe3001c933444310ca6391096cfaeed86b13f568236f84df4ea9a3d205c0677e31025616f19e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC626DC37\Assets\custom.png

Filesize
17KB

MD5
03b17f0b1c067826b0fcc6746cced2cb

SHA1
e07e4434e10df4d6c81b55fceb6eca2281362477

SHA256
fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b

SHA512
67c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC626DC37\Assets\installer_bg.jpg

Filesize
78KB

MD5
3478e24ba1dd52c80a0ff0d43828b6b5

SHA1
b5b13bbf3fb645efb81d3562296599e76a2abac0

SHA256
4c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904

SHA512
5c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC626DC37\Assets\installer_logo.png

Filesize
14KB

MD5
e33432b5d6dafb8b58f161cf38b8f177

SHA1
d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a

SHA256
9f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183

SHA512
520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC626DC37\Assets\installer_minimize.png

Filesize
113B

MD5
38b539a1e4229738e5c196eedb4eb225

SHA1
f027b08dce77c47aaed75a28a2fce218ff8c936c

SHA256
a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2

SHA512
2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC626DC37\Assets\loader.png

Filesize
279B

MD5
03903fd42ed2ee3cb014f0f3b410bcb4

SHA1
762a95240607fe8a304867a46bc2d677f494f5c2

SHA256
076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1

SHA512
8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC626DC37\Assets\setpath.png

Filesize
15KB

MD5
b2e7f40179744c74fded932e829cb12a

SHA1
a0059ab8158a497d2cf583a292b13f87326ec3f0

SHA256
5bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b

SHA512
b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC626DC37\Assets\unchecked_gray.png

Filesize
192B

MD5
e50df2a0768f7fc4c3fe8d784564fea3

SHA1
d1fc4db50fe8e534019eb7ce70a61fd4c954621a

SHA256
671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396

SHA512
c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC626DC37\BlueStacksInstaller.exe

Filesize
607KB

MD5
1744edd4e585a5efbd49ad0593810af1

SHA1
57dbda1bac0b48803933da6940c3b88376774c69

SHA256
3b136c884fb6e21acfcca33538f9b2e472f0eb83ae9a5a128cb1d5a6098b7f31

SHA512
f7690f5cbb08f2b7f801aecb24c826dee1fc08cd9d324b54359ab258be92577e72dcbab146bc4f55ab58dee0a01ff32070ef0f4a58385ba928f3f01bfe15d018

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC626DC37\BlueStacksInstaller.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC626DC37\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC626DC37\JSON.dll

Filesize
411KB

MD5
f5fd966e29f5c359f78cb61a571d1be4

SHA1
a55e7ed593b4bc7a77586da0f1223cfd9d51a233

SHA256
d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

SHA512
d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC626DC37\Locales\i18n.en-US.txt

Filesize
18KB

MD5
bc0bfbf0fa8b40c2f72957c2f57afb8f

SHA1
644765340a713413e159ff57f0098501ca8304f4

SHA256
819b673bc98a9aefa9e480b3df2a5f9558033fce38c2a2f5be08d10b9a859e28

SHA512
6e7e88ac28190011c1e1e2a78517e3bb858e35ac90f125882c64bfa26d5a6f7ee6718c558b9446f3aeead0a8fc53c825fca66ad2f6d82819ede19b88ff658e3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC626DC37\ThemeFile

Filesize
80KB

MD5
c3e6bab4f92ee40b9453821136878993

SHA1
94493a6b3dfb3135e5775b7d3be227659856fbc4

SHA256
de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6

SHA512
a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Assets\checked_gray.png

Filesize
538B

MD5
ce144d2aab3bf213af693d4e18f87a59

SHA1
df59dc3dbba88bdc5ffc25f2e5e7b73ac3de5afa

SHA256
d8e502fab00b0c6f06ba6abede6922ab3b423fe6f2d2f56941dabc887b229ad3

SHA512
0f930edd485a0d49ef157f6cc8856609c087c91b77845adeb5cc8c8a80ebc7ec5416df351ffa1af780caad884dbb49dcc778b0b30de6fb7c85ffef22d7220ebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Assets\checked_gray_hover.png

Filesize
412B

MD5
ea22933e94c7ab813b639627f2b38286

SHA1
c5358c5cb7fb1a0744c775f8148c2376928fb509

SHA256
d7c79677d2ef897fa0ad1efc90e916c46da29f571208f78f24505603b7165c20

SHA512
ba447a1aedec49419e2b4a8de85c6047886f1a5ebb94f1c45e205a3780c6826f412a3892e97115b35e43839f43e346f3c72ffbf0c57d57f6d26b360ae61b3964

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Assets\close_red_click.png

Filesize
15KB

MD5
6db7460b73a6641c7621d0a6203a0a90

SHA1
d39b488b96f3e5b5fe93ee3eecb6d28bb5b03cf3

SHA256
d5a7e6fc5e92e0b29a4f65625030447f3379b4e3ac4bed051a0646a7932ce0cd

SHA512
a0e6911853f51d73605e8f1a61442391fad25ff7b50a3f84d140d510fd98e262c971f130fb8a237a63704b8162c24b8440a5f235f51a5c343389f64e67c1c852

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Assets\custom_click.png

Filesize
15KB

MD5
ced07c9db242115400e159d9a02bb7b7

SHA1
6f2bebd1714dd7522479b5f3e3f2b3f0d18e8c77

SHA256
1318e0f34a551edae1e82818fdf7de5ac627493db5b24556d919f525052d5b90

SHA512
d52e63792a5b4172d4ac4e2d369b22b170578616d04de5a40be15b260a2741bf8158b3aed9509760c334283360dd13a4fa21538fc4547ba464be5dd700a22b70

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Assets\custom_hover.png

Filesize
15KB

MD5
f3e05f142e742e25a98d4f5af3ae0623

SHA1
88363e81ddef700803f4859d2f3f0b4af516bbf3

SHA256
d588ef0eaa334ed8482f32e5839a7ee0d0b544d5b8d5f7720b8c57010e080424

SHA512
5f07a7163c9834564dc4de5a1a484ac8208151bc244f8e72d64556abf88c35f6a81dd6718a3e6f681265c10e2dbbadb07570fa64c31113342a88fd605019496a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Assets\error_icon.png

Filesize
1KB

MD5
dab2c4538a83422b5deae0e0de9b7a30

SHA1
78c2ab2271aa4020df1e0289bc3c1ba9a43fd424

SHA256
666ad4fe456216ddc06618967846ed31f81d8db5be97da6531842c0667352b89

SHA512
24cb30a68ce117ba16edd1e94c7d066343eb265c874cd55467db2f913c01b9d776b2ad846e3414cd820c0ba10d93f132aea27739d16165b6e9dd5fbc8890bfdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Assets\exit_close_hover.png

Filesize
575B

MD5
92c2bf222d6ab81fe7a0c072bf31c107

SHA1
8853eb08a2aa3e99fae6dabb9cff6461704f2a2e

SHA256
bcc053a9a087e077d58114106d29701a34f7851f4052f3157102811355d3e709

SHA512
6548d0038f4bda1db69de0729cc9648725d744953649a396b9147afb16abf018a5aef7ff7d3bb019031863f20c81bc202d6e37d171027ab9fde3b37402e179c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Assets\installer_minimize_click.png

Filesize
112B

MD5
08fc39a69fa17e0f529915919cea1633

SHA1
2966a3f739698e2ce368585fb7f6ac4eae4497b1

SHA256
2599d6a55a8e12b1f05a6e8982d55559151a25ae3690e6637510b6283622dd95

SHA512
f5eae902f9b631410b03b6d4f9be1b4cf6547a94f1a2eee6bf70b0f3036499c01a42c9d58cf98ffbe10edbe79577a01e64faf0e527a70bc9470a1c3d9263b805

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Assets\installer_minimize_hover.png

Filesize
112B

MD5
18fb6465b029206477d0222e8da6fdf9

SHA1
b7f91e5e3002a5d3c84a30ca6cebe1a89a65ba7b

SHA256
57aae4bf49dcbb0ad6cff6263200015c89d7752dc75c2ad918bf846e1ce9646d

SHA512
f045dfed35ea9ff31336cd354a0dd2e9a7ac2582cea1d25a444fffa3bd01e03d73611f786873a81a27a370e5ddb3a6043713e29f064d274088df1c925eb6785f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Assets\installer_upgrade_image_bg.jpg

Filesize
19KB

MD5
3bb85d2c8cef28c89a2d07adf931e955

SHA1
596d13e7742455afce8a534382b28cfd2f6aa185

SHA256
b7f75233e633107d50f24ca82099225c83a832571cd2ce92901f2db3897f058b

SHA512
7075fe989d69ad5f0f4cca5fbbbabad16e0949c2ab8538f3f96020b831a4ec1cc3a701dcb7332e577b5eceba230449efbbf8e288dad47a53d76e40c2337dc730

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Assets\minimize_progress_hover.png

Filesize
214B

MD5
fc2a0361a751177d3aacdba9c31b2682

SHA1
0a8f672d7a8777d1106e3b8ee36bd6e45bd322ab

SHA256
1a4aaa46893e2a9b011c478fbb0cd0e84c199f9f3520703189640088969ef5cd

SHA512
a15542c90972387133d86f6a94c17435432b1493b02502533c4d7978428ed7d44a7d3c5564fe08946561638f8a5a3dd0b35b81979c2929dcc386ee5f6f7ecccb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Assets\powered_by_bs.png

Filesize
9KB

MD5
7a2e5c21140aa8269c2aafd207f5dbaa

SHA1
4e0d9e7e1b09e67eba10100d73dc51623517821e

SHA256
3d2afe5236ec813d9e8063bc43eb34b88c2155784e1bce19c6a533c32767af35

SHA512
63f512559f2068a9702c7c527c126f6017cd8d1d16af52e41b884aa9a64ff4294a57243ec78c3a416f70fb6178a79877d68345357725ff92c935709a2ef8adde

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Assets\setpath_click.png

Filesize
15KB

MD5
624e84e9b49bc150043aa9fb0eed2822

SHA1
f23f2a4ec609e3e9cff9319533e561968ccabb22

SHA256
c94924e95a49b175c8fc00bdc2821bb70a85b864cc193becc553b32f0024dde1

SHA512
288e1954d29bd3d22b56fadb2e0d3d10580a540fa1f2bab1284d957708bad96df5e38b67c6dc14784e1e275b89082c57370b786c0d0c4307601c0d2bf3704460

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Assets\setpath_hover.png

Filesize
15KB

MD5
b1e53a76b6ddb3ecff52bfc1a8e5b09d

SHA1
012b5879e879fa25bf48e4bb62c35ee829eea571

SHA256
2da3f9367c847e47131370dd163f611c4639287512a47f487e0025c5665830e0

SHA512
4369891858b4adaf9144636c44b55979290177bcff57f67f341071e42e90f992531024e122c0bc5436ddb8c55e994e7b913ec37137a642dc0164e6e2516f0b68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Assets\unchecked_gray_hover.png

Filesize
176B

MD5
62d7f14c26608f8392537d68f43dece1

SHA1
add4f30e7c3af4f7622e6bc55d960db612f3bb0a

SHA256
a631e26bd5b6ea19c8c65b766a056c92ba8a47e1483768dcf12b05293c9a7a0d

SHA512
e41210a78e6076954f75a2f73c0f7628e8604a09ecbb1d2ee0972741d4ef1d814b366828977c02944736b03ed116bc559a2ae47ddb7cbc6f4e54578c8263edf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Bootstrapper.exe

Filesize
153KB

MD5
84374e0d11c463624448d139f6c17dac

SHA1
2db5057242c766bf53748a9d23b9e0b18e699d1e

SHA256
218cf6acbc7a1a4b9fef00b8dc9660f2452099fbd0a6a459d364e61017cbae59

SHA512
4b258f34250d2374a941a4902ee4b2d9454a8cd9f1b27772a7729f2f72607b4fca28e932d0aa2d36cad527f5b1166e6e32ea087da9df4506ea05c64148fa8d7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Locales\i18n.ar-EG.txt

Filesize
24KB

MD5
2cbe2f0936384cc7729ca9b15e869955

SHA1
cbd351ef412b7fb52e2ac582f4eb58944020ee33

SHA256
057074129e8f390aa07851d6eb59e892440e7994c4c6f3b78618e7fb6f07ca92

SHA512
fb9e0fe5b138df8e36f334bcf7e4cc7c024d2d8828b63486c3ac19c8279e0e9e09d82d391b536eac0e52160992dc6bc3672523b5edb2cb63d7a96e4128b48b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Locales\i18n.ar-IL.txt

Filesize
14KB

MD5
9fb07e066cc2f213a64d35a97a8c2922

SHA1
a70db989f5c562bc69caad89a1402c8ad7c9b80e

SHA256
65e7b0f37b5e2aa805ac8d57969804d803430186f34e9703ca9fa09ba908ef90

SHA512
81680bff55b475a62a4bf29a8c219230b84894c1165f60e372209a5aacdba8e4819c3dfb76f3b55c15d472ababeabf0cd4b30c04e7daa26df63c8a5101970c3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Locales\i18n.de-DE.txt

Filesize
20KB

MD5
995c4504c8e8e71b372e6d9b64b070f3

SHA1
9ff5eaec585c416446c3f7ad7f3985f42cdf6226

SHA256
c28bcb07bdf32e5221ce919354cab0349891dfcbb87540f241fb3f58cf9028b7

SHA512
f1fc68f8bcf923f4f682eb30ea980e6da36355eff9a8ad7eb93d558d96e831b19dbf167b2e6d2287c6532c2b2c5591c66191d1005ebb0d56eb1647904b804066

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Locales\i18n.es-ES.txt

Filesize
20KB

MD5
67f8aef2c5208468ce113a47edfedb4c

SHA1
4d482c81f65dc7c7b23a6dd2cdaec0eb7fee69fa

SHA256
341df1d9ce68b161f1728bd466dd9da64d4723530f3bc0f7fa66a3dba3825917

SHA512
e3bd1e8b69fc28a257e9024bc0b783f161c6574e5f9aab9737c02a2c4b1ebca59cc761ecc9ef3c08e62a1f325072164899ae9c984f37bf385e05fc011255857d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Locales\i18n.fr-FR.txt

Filesize
21KB

MD5
3ba087f6afff180795610e8ac5bb5aaa

SHA1
f2d5c5f10694e51fed09d5b3a0397561beb331f9

SHA256
d2d2f4d6e554132fa86d0bfa0ac1892f10f53f30638599b17979cadb5d011f4c

SHA512
f9bbce232b486b51352f6c0386e515f0824b0b0ba56400e3f804f322b0a7e90e73b6917044bb8e0eb37509a0b4bdc1d37deeebae43547b9d8f35d2f34d5f55e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Locales\i18n.id-ID.txt

Filesize
19KB

MD5
f4875d3c5153bf3fbf73725c420c83dc

SHA1
56439c46ee459f4b456a5bac38f68a7355947194

SHA256
d6d18da6a56863a10458ddf94265525ba13ad4fbfa84a169ffaf7aca20a0370e

SHA512
792a66019f9f7180eafd63dcafa30109e7b89826fadae2b38d86cad35146fb8d53d3df2b02e9eae971d13cea37d7d9eb66a699366d95eb7abc235e577a356117

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Locales\i18n.it-IT.txt

Filesize
19KB

MD5
fe2d985f41007a88d8f0fd8eab5d5d8d

SHA1
4d48113cc2284891828b4501367e780970334bcf

SHA256
41b9cc6ccdb90f6141eadee8f757cefe5f536d9660d777a4a77b597421bb144f

SHA512
6441405d76fed023a78c34a4752def7d242894cf05bc9e06bd795b106b6434c1893367af6bca73f77d6f737fd6eb9c687464cde18b609c2a3d82d2be07a270c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Locales\i18n.ja-JP.txt

Filesize
23KB

MD5
6977d12f436990c3f655c22bb44566af

SHA1
d0a04169354ab49104bc123e90494115dbd1539b

SHA256
c7b19642434a9e918003564b30cfbee5c0710463a74cb7fa86f9da2334d6d38c

SHA512
ff9ee652a79379cbdd7b2974fb6f61f4efaf2b73a79b28bf86b34288c42ccc343039110f5abd2c50ebe13f080e6f5eeb9196ba7eae3c61a782f6971d914a996d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Locales\i18n.ko-KR.txt

Filesize
20KB

MD5
f13198caa789feab1906e69736d1bf8e

SHA1
6087394d95723256c9eaa084cbbd03b800b8a7ad

SHA256
0a9b0ecd030084ad3f48791e991a9dc4d6bd78c1245db75ff7e48f33f8578986

SHA512
3b8e4f9b9395a2b512fa460845a5f4546971a31e1203d81c078955b5361888ad70176f143f50c9b963b0b4370c66ddfff3a7dbedb0a0d47ad881f8a6af44d2d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Locales\i18n.pl-PL.txt

Filesize
19KB

MD5
54f8558a0112610cc516958482672cf7

SHA1
3422b440364816c7e96d7f598e03df90b8ab74a3

SHA256
783d0131154663e7fa6b069b5ad5d3a86d94f4e97b5a58b88f71a1912bb9eae4

SHA512
23507a21e88574980f6de8905dcf6099346c5160356889675b318c575ceed9274d65574d882ae32936958f9f4810556a650467069e52a978efb03dd208ea2b3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Locales\i18n.pt-BR.txt

Filesize
20KB

MD5
1a8e659bd29df24b5001a1f687e21be5

SHA1
f6c4b1cda1bad81f23a27014d3a77d4463afd6a5

SHA256
1b8232e35e0ac3a96f2ab402b5ff205f92b036174977b8a304f45491a67d5031

SHA512
19c5fbb3d827c5d590dde59f4f91c06e89db17c970f30e774ed68f353968930ba3db148fff2ade6e5357cc70d530458a64b9c40ee12e2baace3adaec527ef3be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Locales\i18n.ru-RU.txt

Filesize
27KB

MD5
5e617de676c07bb3ab766d5678df38a4

SHA1
cf69fc6e6c0b6d3a9a6bb6934b18752cb722b14f

SHA256
f07976072e28b0fbbf9bfbabe60f843874d2f72cb9ac76bf2980c1a8208a3793

SHA512
997178e8d5850b929d3f870036000021c17c3b28d73991dda7e0408b32186e328c08b1eff4ff76bc9d8567c07a1be0defd44fe0ab925d561a5c3b95386051009

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Locales\i18n.th-TH.txt

Filesize
32KB

MD5
c964784c1444bc7e9488acdec13990bc

SHA1
9ca7ac8a620fdb37aaf21fea1df37e388dab6eb1

SHA256
889ee3e31b027985b05bfd356470baf62a221617f37bdce444f2b60f7bb1f91e

SHA512
903f4554e0b2f602186837f39158a52bbb035d085cad49c03b8614219e22469eb63e9390e101c3312bcdca0751134accd37e0ed71d3db8eac096dff5a2b9e3d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Locales\i18n.tr-TR.txt

Filesize
19KB

MD5
2b5f2c757a4d42de2f98e31139b676b2

SHA1
cd40cc682b112f60c6dd460596cffb3b994bd882

SHA256
598ab5abf69d1de2c04e6e7fa807606f4a2924f966fa0c373fef99a474244487

SHA512
2055d884d2e39962801f1c69f997d58d6db5fe01784cb1202cbe72973a48f8bfc399642fd46d28dda9d56ef5558aab32b341d79ff7d0920af7f4769ffd986d08

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Locales\i18n.vi-VN.txt

Filesize
22KB

MD5
a899623e80eaa446ffdebd64d5a8f7bc

SHA1
d5fc1c3e23e5fe11fa549dff385bcdca87c06a7e

SHA256
44a648a98709c846b9e3fee5b9ed6bb4a1c3b26a33ee9d9c6e589911063322c6

SHA512
e8c039bfdc876b54cca0c492d2c1e036c9c2a9597305b30ca07dadc85ebe4da5cb67effd2871c4ab4aaa2ec6d22cd6e3e54b771ec5daeee2c3e8eb9b9d666085

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Locales\i18n.zh-CN.txt

Filesize
17KB

MD5
7fe6e9ba41b3d6b43d03bff14964a93f

SHA1
c0b47f0ac6e920e32f969f4f6b07a649493dea5c

SHA256
203f2e9f9f72e575335f4d93101976f46b0361c06963dd414986a91678dbcc3c

SHA512
d72a11132c6098cd5bd2e06e7b9ee388e09b33b3ee1e56921e2ec6af7dc9b9ebac48c02802045b1f1899a0cbd5ab94512e52964324165de10d68163cfecf05bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA1C684B\Locales\i18n.zh-TW.txt

Filesize
17KB

MD5
83cb955054b8fe7ae37386d91b22f685

SHA1
c89a0a41d22eec4761e9b57b0b2dde2d29d706d2

SHA256
d1e342b3a4a8f0d982e308f7c12103a402d636c5723e9c0ed810c5b25bce1814

SHA512
59547e6947f0f32c4cd5ac04f238180ae5d13232401ce73227bf5635e5a957e78fdbd4f9ccdc34358ee14ea0779834979fa4a523c5e3125aa2528e01c7b692b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiCAAF.tmp\BgWorker.dll

Filesize
12KB

MD5
36c81676ada53ceb99e06693108d8cce

SHA1
d31fa4aebd584238b3edc4768dd5414494610889

SHA256
a9e4f7ec65670d2ce375ffaf09b6d07f4cd531132ca002452287a4d540154a38

SHA512
1300de7b3e1ac9e706e0aad0b70e3e2a21db8c860e05b314a52e63dd66b5dffdf6be1e38ab6ede13bfd3a64631cc909486bf4b1403e7d821e3b566edc514c63c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiCAAF.tmp\System.dll

Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiCAAF.tmp\nsDialogs.dll

Filesize
9KB

MD5
f7b92b78f1a00a872c8a38f40afa7d65

SHA1
872522498f69ad49270190c74cf3af28862057f2

SHA256
2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e

SHA512
3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiCAAF.tmp\nsDui.dll

Filesize
3.0MB

MD5
c40a4e327c43f7f51a20c38b1bae840f

SHA1
0f56fe0a357a71ef32cb138258366f743f8fc398

SHA256
ef94f69593fd376e52a46934629b634a6365590b7102cd45a2dfe45533139060

SHA512
f379dc79899744160f21d6c8f11341b2251e58c09dd510b035cf08ce8bfcd38e290b96af3baa656ec85be8753dca7e32d3b95098ced1cfb481142d454b178565

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiCAAF.tmp\nsis7z.dll

Filesize
434KB

MD5
95f6f6ab9509bc366ab9215defe4251a

SHA1
e3f4a6effd6ca5838cfe91a01967cb72edcc7b0b

SHA256
a896a9ece055d334d431cd0f856113ab925d9ee86d2dee383c0bfbbef11a5b50

SHA512
a853f70d2ea7f384df99be067724bf3ca73c63f3c3573c112f5528fc86a96bd34509d934b038e2a81833f3abb3eedbc5894921291139100e01df6e35696c0ecc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrB8C8.tmp\Registry.dll

Filesize
24KB

MD5
2b7007ed0262ca02ef69d8990815cbeb

SHA1
2eabe4f755213666dbbbde024a5235ddde02b47f

SHA256
0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

SHA512
aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrB8C8.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrB8C8.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrB8C8.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrB8C8.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrB8C8.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\tq00xn1t.kre\BlueStacks-Installer_5.14.22.1003.log

Filesize
127KB

MD5
55aebe827e72b456cf75df65d08152b6

SHA1
d9c95baf35a8e141a539e82fa1ccbe2f5d6be467

SHA256
7250d629c2cb3f95fd3f8c400bf968e9559fa821ab03aa569c6965b341930b8f

SHA512
2bc9148c0d490e6fb8c7a66f6cb7f217097c36cacf9e2ab74fbfba3be9e13a98c0457285e2e4ce66fa0b42bbea253e48af1ab43aba98382d7765b3dda687c0f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
a2c5ef4515756a22fc9e66a0a58ed1ad

SHA1
7fa2d2119a2b8605a3a153c51f77c762c9eaa439

SHA256
3d18d9d9f90d77d51100f58671ae4c0527aa783c7d099c7f1dcdb9b036d1b0d8

SHA512
cf045d19cac91a06092e283344681894ace5da205586c124c1956f38badd2cbd87975cba3383a453f37a925f31d56cddbfe46f2cd09639a9abba3218d796c005

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\datareporting\glean\pending_pings\e63563dc-9238-4f30-9fe8-27dc2c199be0

Filesize
746B

MD5
58a9a4bd6d8e25a8273f076fd77c5d95

SHA1
9965875c66067fb1365d653440cd387d1d48532e

SHA256
fab921c25c0a98e835ab27639306e8e7168c57aba8183fa8e03f6bb4d7794105

SHA512
48ebab5308a84aa4807befa501c66cf704f0eda77b5f1df2c65c21bad2976402edef731beb1e2f891916e567ee551b2f9428bef7b293b38caeccd3d28d0e9770

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\datareporting\glean\pending_pings\e65dda51-c8d6-4395-8ae2-2b90b3d09832

Filesize
11KB

MD5
a050bf6079440cd2d3f52eefddd7c7f0

SHA1
5fa884ac5e4aa5056250cde360d35b336dd681c7

SHA256
f0b54223cf73ffb674dfb5560382d062c1ef9f25339f3cf1af4600bb76da7ddf

SHA512
af9c261e98fb7a50984c642d51ace52035c695e6a34c61f0b68f4b9f8da5b1bab94e4683afd346f98c3156657ed31dd5b580a90dfbb5cb99781d44319df87b6b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs-1.js

Filesize
6KB

MD5
cac17ada06c05965a33f73f5f4258e71

SHA1
00cd2635f034044761c2dc422bc19f7d282a4692

SHA256
412074c5e67906d46195881db84dd6dbab1cdf069a8c9e155d2a429e60f623e3

SHA512
8d3e4725baf97021b75e0b38149c5c996acfdcaeace9d1a145683a86a149ad45bf1c0d8faab561c05a657298638a5b5967eec0956044460c3c26ac64c07140d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs-1.js

Filesize
6KB

MD5
3d3cf2f526a622391fc755a81d56f9f2

SHA1
d179917ae50c5b076db5c208ed0f599ba974a056

SHA256
14bf5b6a5dc47a00d44b1f31cd9922458534e144bf81777ad4a5a4ea749ab49c

SHA512
f3cb99c6fca69647caf7754c88609ead570d292f665fd7dd10040b40de1af18ef1e729ca1512b5223f6d6a4966840af819f930ac33129f2d7c7cffc6f1522e07

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs-1.js

Filesize
6KB

MD5
98c4c372cefb01e131c12f2ec276de61

SHA1
596df30acfa5a1faae938a6ee903662ccdd1bb31

SHA256
4466f9ca18949b4f529bf766b2dba7acbbf4be8ac5e69f4f1a9bd8fceb7880a0

SHA512
8317aa11de448a5740177e17a2e1eb1bf8dac96c89f1939c5668eb0538ca66f8d48131d41da367bd18650a1895774887946076292101c87d75881ea493eab3f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs.js

Filesize
6KB

MD5
2ecc620f59647c500dbd696efcde55ab

SHA1
f0994f5ba2e690c197f9ce7fc869f3381f367f07

SHA256
84766ddca74c4c75c24bfe5e2aa38cf0a82f0e4550af229da7d91582bcc2f062

SHA512
7e5a61374203d8d89a91ab5bd75c906fb50bd916cdbce0b2eef4a2ca9f931464dc8ca2cd28b3f24ff8d831226a5a55dc386897cd4ea723491b849e109fddc6bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs.js

Filesize
6KB

MD5
9a78013a95a591f88fa2b6effbfafac9

SHA1
6b666b15bb77fc53de699f506cafaabbc5cef400

SHA256
64fe3d1ee7a9bed8b672b477226e1318826af3bf84b2715a4b257a459e0bfe4c

SHA512
ca05584748000ee1a5f9fe0ac33aad569e4aee1752e35f2c8383d3f4c12d2074d757b24db364411e58b535831dff950d03bea15dfe40ad6be09e2f6ed6573e25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
fe931de9079192b3c048b1781f707bb5

SHA1
d8392914ed56a3782675b56b4c54d26f7e78b96b

SHA256
b97fe56a3b2917128051ae2139e246c7fd1c64c28f4e4058a3721bee84a0b12b

SHA512
aa9034ae21446dfa4d0e4cf14b8ad1d06364101e793118aa7476155a46889f433adabd904068d3ef4a68905ee6f25fe4d9cf9d4af1c675d8befd0912150e441d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
9d490b34e6099e66d84051980be0e436

SHA1
308c5c28cd82efac9b27319ae49bbd3d88c9af4d

SHA256
53c7d0bc926d5493c5d7eaf66ec5af4399d642deb2b5ef9e631195fdf006de77

SHA512
38acd161d4837883092e9d176fca3a03dc1599df17b22933573a1e53df5b96df4f6b96ce21ad644ed56cbbbecf73649cdc568c3568ee486a55cd0bf7a21359ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
1c4005ced3af761e7d99297e01e93ea4

SHA1
ee67957052e9bcb95c6894d5db0b821a9c348162

SHA256
adcf4d3b40ae049e953b556bb17ea9a3e3017e2145a288948f6259e4bf70f488

SHA512
90c5b8c182d1847b016096758f0ccf73b9a59219864ad26a34e46044389915734b16cbb94eafab278d9a19bb21d0d84432f29a461627cb07cd5d1fd859246824

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
1f0d81482217d023698ece16011f0a5b

SHA1
75ba12c5fc8153a01359bbf0e8f2096b5cf37fe5

SHA256
2bf52977d91d5ed80154f1d9523a1030b1096119ea2c1b11a5dbc805225fb934

SHA512
2a5fe490385640550a22136c8a26469b082e2505608ea070e3355007b314165a63a154231a584e78a11911a4274d277f9d0c611d4766b14b436b34c5eb16af50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
da4cb1ee6c3e117fb7c459573e5ad65f

SHA1
62765649c1bb47fbc886259317115f5b1e02fecc

SHA256
0d1d458d4251a9099eb05862b21b832aff41dc155b89984fd780af9c6f76e530

SHA512
bbf97713a3f95b03b918e375c036d03a36f1bc80b821ab7e283eb436b734fabc5e7ccd614d2b2725b95ffa4b22a2b6ea1246aac30bd8d3476bf9f87ed54cfa5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore.jsonlz4

Filesize
8KB

MD5
60215a614a8390037ddd0b9017770a6f

SHA1
fc83b08ba8c013f648ebccd078a58483b510619c

SHA256
ec68fcf3287ae968e1e98c68230b0b9948ff956a36dac961cc50c5846f5e5383

SHA512
9529dd3b6df54ed576a14d43755986c76c9eb9e88735b0f355359ad2929837152e31414d3797b19d338a431fa6e37a659470fbefec2a2d6f8c39ba724fe54992

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State

Filesize
493B

MD5
c0fa6952d789c14d4f5fd7b9ce4ae460

SHA1
ab25505c388d6d0d60fb9319119c8afdca6e0e35

SHA256
103479d8e95cb3dae937471b07cabfde3753696c6f0f204d7b6253bd44ebe202

SHA512
ff34eb5dd2d65a57fd727ce9c72f41d9ee3700e40290a777598f963a76d6b6de516b814305962e1a4f26125f9ff5553b584c3a62f27845e19bbb39b3047be961

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

Filesize
57B

MD5
8a32d21c29b2f9ecc1bb3f89dd84f706

SHA1
442f5e244f1253114cdc6ddcf38f15169dc39c1f

SHA256
1973852d30edc9b133448c3cd8868603900afe5b93206708488f44be3c21ea96

SHA512
5ef71d290bb0c837428165484c686c7f37f1a6b3396a04c51d428e10b905f18f5a122a33f5084da506a71bebd8c2be768d5b99a33718e1f19e00aac6025d49ca

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

Filesize
92B

MD5
052dc740341a96021922bb755b6a72b8

SHA1
613b880e41a6c6257a950df60b048a1d25505776

SHA256
84a47bdac272327ea17358dcf92a92e652832f382f36f9b2384b39a2d586fc49

SHA512
493b19a78b8c0ebd5381f222aecf289217921181bcee76d1b0f894e42860ad25e78be50a262ef86ac84234c780611c10d61685ba844fffbe4849b868e35f5668

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

Filesize
893B

MD5
0e3e148c54ec989bf7e17bdd4ad0536c

SHA1
3968b8e5ab1cdffab50a2993356fc33c3543474f

SHA256
24e1bae16577a3894a576f174cda7f175aa702ae047b9b96dfdee8ed6da98526

SHA512
62faa1992ac2ab49d781c3548ca2f020d8f8e03d492f795b2542ea523aab0182fed7847a28e7baa964300638a41021454a22b4786dcdb63b56537a947df4ae9d

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json.tmp-23862746734b8d4a

Filesize
119B

MD5
adb75f7dea3b9c68d857c47b750ef248

SHA1
f978d152cd6992803c94ecbc616fa8a1025423c2

SHA256
40383c0ed2cab28cdfc960349b382cfa0b52814d1f06cd9dcc00f955fea8cdbe

SHA512
3375640b2cf5642b8ad9eb80ee8856c2d015d2dfa07c813b5b039306a6a0617d56997156d5522cc70a047799010c014d959b253146f764882c6a5de1c6c973be

Download Submit
memory/864-119-0x0000000003070000-0x00000000030D8000-memory.dmp

Filesize
416KB

Download
memory/864-159-0x000000001D380000-0x000000001D390000-memory.dmp

Filesize
64KB

Download
memory/864-134-0x000000001E790000-0x000000001E79E000-memory.dmp

Filesize
56KB

Download
memory/864-143-0x0000000021410000-0x0000000021418000-memory.dmp

Filesize
32KB

Download
memory/864-155-0x00007FFA7C6E0000-0x00007FFA7D1A1000-memory.dmp

Filesize
10.8MB

Download
memory/864-157-0x000000001D380000-0x000000001D390000-memory.dmp

Filesize
64KB

Download
memory/864-125-0x000000001D380000-0x000000001D390000-memory.dmp

Filesize
64KB

Download
memory/864-13196-0x00007FFA7C6E0000-0x00007FFA7D1A1000-memory.dmp

Filesize
10.8MB

Download
memory/864-130-0x000000001E7A0000-0x000000001ECC8000-memory.dmp

Filesize
5.2MB

Download
memory/864-161-0x000000001D380000-0x000000001D390000-memory.dmp

Filesize
64KB

Download
memory/864-133-0x0000000020E10000-0x0000000020E48000-memory.dmp

Filesize
224KB

Download
memory/864-123-0x000000001D380000-0x000000001D390000-memory.dmp

Filesize
64KB

Download
memory/864-158-0x000000001D380000-0x000000001D390000-memory.dmp

Filesize
64KB

Download
memory/864-115-0x0000000000E70000-0x0000000000F0A000-memory.dmp

Filesize
616KB

Download
memory/864-117-0x000000001D380000-0x000000001D390000-memory.dmp

Filesize
64KB

Download
memory/864-132-0x000000001D380000-0x000000001D390000-memory.dmp

Filesize
64KB

Download
memory/864-116-0x00007FFA7C6E0000-0x00007FFA7D1A1000-memory.dmp

Filesize
10.8MB

Download
memory/2528-12832-0x000000001C980000-0x000000001C990000-memory.dmp

Filesize
64KB

Download
memory/2528-12791-0x000000001C980000-0x000000001C990000-memory.dmp

Filesize
64KB

Download
memory/2528-12870-0x000000001C980000-0x000000001C990000-memory.dmp

Filesize
64KB

Download
memory/2528-12790-0x00007FFA7C6E0000-0x00007FFA7D1A1000-memory.dmp

Filesize
10.8MB

Download
memory/2528-12945-0x000000001C980000-0x000000001C990000-memory.dmp

Filesize
64KB

Download
memory/2528-13150-0x00007FFA7C6E0000-0x00007FFA7D1A1000-memory.dmp

Filesize
10.8MB

Download
memory/4576-27553-0x00007FFA79FD0000-0x00007FFA7AA91000-memory.dmp

Filesize
10.8MB

Download
memory/4576-25809-0x00007FFA79FD0000-0x00007FFA7AA91000-memory.dmp

Filesize
10.8MB

Download
memory/4576-25543-0x00000000007C0000-0x00000000007E8000-memory.dmp

Filesize
160KB

Download
memory/4576-25547-0x000000001B4D0000-0x000000001B5B4000-memory.dmp

Filesize
912KB

Download
memory/5420-25831-0x000000001B790000-0x000000001B7A0000-memory.dmp

Filesize
64KB

Download
memory/5420-25832-0x000000001B790000-0x000000001B7A0000-memory.dmp

Filesize
64KB

Download
memory/5420-25828-0x00007FFA79FD0000-0x00007FFA7AA91000-memory.dmp

Filesize
10.8MB

Download
memory/5420-25598-0x0000000002450000-0x00000000024D0000-memory.dmp

Filesize
512KB

Download
memory/5420-25580-0x00000000002C0000-0x0000000000314000-memory.dmp

Filesize
336KB

Download
memory/5420-25830-0x000000001B790000-0x000000001B7A0000-memory.dmp

Filesize
64KB

Download
memory/5420-25829-0x000000001B790000-0x000000001B7A0000-memory.dmp

Filesize
64KB

Download
memory/5420-27551-0x00007FFA79FD0000-0x00007FFA7AA91000-memory.dmp

Filesize
10.8MB

Download
memory/6780-13298-0x00007FFA9AD90000-0x00007FFA9AD91000-memory.dmp

Filesize
4KB

Download
memory/6780-13297-0x00007FFA9A1B0000-0x00007FFA9A1B1000-memory.dmp

Filesize
4KB

Download
memory/7916-12329-0x000002258C9B0000-0x000002258C9B1000-memory.dmp

Filesize
4KB

Download
memory/7916-12349-0x000002258C9B0000-0x000002258C9B1000-memory.dmp

Filesize
4KB

Download
memory/7916-12348-0x000002258C9B0000-0x000002258C9B1000-memory.dmp

Filesize
4KB

Download
memory/7916-12347-0x000002258C9B0000-0x000002258C9B1000-memory.dmp

Filesize
4KB

Download
memory/7916-12346-0x000002258C9B0000-0x000002258C9B1000-memory.dmp

Filesize
4KB

Download
memory/7916-12344-0x000002258C9B0000-0x000002258C9B1000-memory.dmp

Filesize
4KB

Download
memory/7916-12345-0x000002258C9B0000-0x000002258C9B1000-memory.dmp

Filesize
4KB

Download
memory/7916-12343-0x000002258C9B0000-0x000002258C9B1000-memory.dmp

Filesize
4KB

Download
memory/7916-12331-0x000002258C9B0000-0x000002258C9B1000-memory.dmp

Filesize
4KB

Download
memory/7916-12330-0x000002258C9B0000-0x000002258C9B1000-memory.dmp

Filesize
4KB

Download
memory/8740-24003-0x0000000068B70000-0x0000000068B7F000-memory.dmp

Filesize
60KB

Download
memory/8740-23963-0x0000000069050000-0x000000006905F000-memory.dmp

Filesize
60KB

Download
memory/8740-23961-0x000000006BC60000-0x000000006BC8F000-memory.dmp

Filesize
188KB

Download
memory/8740-13815-0x0000000000A80000-0x0000000000A90000-memory.dmp

Filesize
64KB

Download
memory/8740-23964-0x0000000069030000-0x0000000069047000-memory.dmp

Filesize
92KB

Download
memory/8740-23962-0x000000006B920000-0x000000006BBB4000-memory.dmp

Filesize
2.6MB

Download
memory/8740-23968-0x0000000068FE0000-0x0000000069007000-memory.dmp

Filesize
156KB

Download
memory/8740-23969-0x0000000068FC0000-0x0000000068FD2000-memory.dmp

Filesize
72KB

Download
memory/8740-23965-0x0000000069010000-0x000000006902D000-memory.dmp

Filesize
116KB

Download
memory/8740-23972-0x0000000068F40000-0x0000000068F6C000-memory.dmp

Filesize
176KB

Download
memory/8740-23973-0x0000000068F20000-0x0000000068F34000-memory.dmp

Filesize
80KB

Download
memory/8740-23974-0x0000000068EF0000-0x0000000068F12000-memory.dmp

Filesize
136KB

Download
memory/8740-23976-0x0000000068EA0000-0x0000000068EB6000-memory.dmp

Filesize
88KB

Download
memory/8740-23979-0x0000000068E30000-0x0000000068E79000-memory.dmp

Filesize
292KB

Download
memory/8740-23982-0x0000000068D50000-0x0000000068D66000-memory.dmp

Filesize
88KB

Download
memory/8740-23984-0x0000000068D30000-0x0000000068D3E000-memory.dmp

Filesize
56KB

Download
memory/8740-23987-0x0000000068CF0000-0x0000000068CFE000-memory.dmp

Filesize
56KB

Download
memory/8740-23989-0x0000000068CC0000-0x0000000068CCF000-memory.dmp

Filesize
60KB

Download
memory/8740-23992-0x0000000068C60000-0x0000000068C75000-memory.dmp

Filesize
84KB

Download
memory/8740-23994-0x0000000068C30000-0x0000000068C3F000-memory.dmp

Filesize
60KB

Download
memory/8740-23996-0x0000000068C10000-0x0000000068C1E000-memory.dmp

Filesize
56KB

Download
memory/8740-23999-0x0000000068BD0000-0x0000000068BE0000-memory.dmp

Filesize
64KB

Download
memory/8740-24002-0x0000000068B80000-0x0000000068B90000-memory.dmp

Filesize
64KB

Download
memory/8740-24004-0x0000000068B60000-0x0000000068B70000-memory.dmp

Filesize
64KB

Download
memory/8740-24007-0x00000000689C0000-0x00000000689D0000-memory.dmp

Filesize
64KB

Download
memory/8740-24009-0x00000000689A0000-0x00000000689AF000-memory.dmp

Filesize
60KB

Download
memory/8740-24010-0x0000000068890000-0x000000006899B000-memory.dmp

Filesize
1.0MB

Download
memory/8740-24011-0x0000000068870000-0x000000006888F000-memory.dmp

Filesize
124KB

Download
memory/8740-24012-0x0000000068860000-0x0000000068870000-memory.dmp

Filesize
64KB

Download
memory/8740-24008-0x00000000689B0000-0x00000000689BF000-memory.dmp

Filesize
60KB

Download
memory/8740-24014-0x0000000068830000-0x0000000068841000-memory.dmp

Filesize
68KB

Download
memory/8740-24013-0x0000000068850000-0x000000006885F000-memory.dmp

Filesize
60KB

Download
memory/8740-24006-0x00000000689D0000-0x0000000068B47000-memory.dmp

Filesize
1.5MB

Download
memory/8740-24005-0x0000000068B50000-0x0000000068B60000-memory.dmp

Filesize
64KB

Download
memory/8740-24001-0x0000000068B90000-0x0000000068BBC000-memory.dmp

Filesize
176KB

Download
memory/8740-24000-0x0000000068BC0000-0x0000000068BCE000-memory.dmp

Filesize
56KB

Download
memory/8740-23998-0x0000000068BE0000-0x0000000068BEE000-memory.dmp

Filesize
56KB

Download
memory/8740-23997-0x0000000068BF0000-0x0000000068C07000-memory.dmp

Filesize
92KB

Download
memory/8740-23995-0x0000000068C20000-0x0000000068C30000-memory.dmp

Filesize
64KB

Download
memory/8740-23993-0x0000000068C40000-0x0000000068C51000-memory.dmp

Filesize
68KB

Download
memory/8740-23991-0x0000000068C80000-0x0000000068C9E000-memory.dmp

Filesize
120KB

Download
memory/8740-23990-0x0000000068CA0000-0x0000000068CBF000-memory.dmp

Filesize
124KB

Download
memory/8740-23988-0x0000000068CD0000-0x0000000068CE4000-memory.dmp

Filesize
80KB

Download
memory/8740-23986-0x0000000068D00000-0x0000000068D14000-memory.dmp

Filesize
80KB

Download
memory/8740-23985-0x0000000068D20000-0x0000000068D2F000-memory.dmp

Filesize
60KB

Download
memory/8740-23983-0x0000000068D40000-0x0000000068D50000-memory.dmp

Filesize
64KB

Download
memory/8740-23981-0x0000000068D70000-0x0000000068DFD000-memory.dmp

Filesize
564KB

Download
memory/8740-23980-0x0000000068E00000-0x0000000068E21000-memory.dmp

Filesize
132KB

Download
memory/8740-23978-0x0000000068E80000-0x0000000068E8E000-memory.dmp

Filesize
56KB

Download
memory/8740-23977-0x0000000068E90000-0x0000000068E9E000-memory.dmp

Filesize
56KB

Download
memory/8740-23975-0x0000000068EC0000-0x0000000068EEA000-memory.dmp

Filesize
168KB

Download
memory/8740-23971-0x0000000068F70000-0x0000000068FAD000-memory.dmp

Filesize
244KB

Download
memory/8740-23970-0x0000000068FB0000-0x0000000068FBE000-memory.dmp

Filesize
56KB

Download
memory/8740-24656-0x0000000000A80000-0x0000000000A90000-memory.dmp

Filesize
64KB

Download