52ed4671a31c8529f2ba3027e25080c842d09f0517fe64e844f93d619cb4dd26

Analysis

max time kernel
346s
max time network
346s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
12/06/2024, 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlueStacksInstaller_5.21.210.1023_native.exe
Size

910KB
MD5

d2c72208f8783ec83b123324e8093cc1
SHA1

4afbc9f19f8a194bccd5216e05083e0d7617fff0
SHA256

52ed4671a31c8529f2ba3027e25080c842d09f0517fe64e844f93d619cb4dd26
SHA512

03b7c6511e32f9822a42182776b2f862bae7627a2df374f874df05f3d46f90857a37afaf12d7d29a960f5d22536878dea9240c5872d84c9835663d219c5d531a
SSDEEP

24576:0ivtCXWeGK69Txt9OkcXGgrwPgZNYtOvLm:xtCXWPXvz5cXGcwPgZOtcLm

Score

8^/10

discovery evasion execution persistence spyware stealer

Malware Config

Signatures

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe

Downloads MZ/PE file

Modifies Windows Firewall 2 TTPs 8 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
6296	netsh.exe
7136	netsh.exe
1248	netsh.exe
1200	netsh.exe
8100	netsh.exe
7972	netsh.exe
5564	netsh.exe
1372	netsh.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\storage.json	BlueStacksServices.exe
File opened for modification	C:\Windows\system32\storage.json	BlueStacksServices.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\BlueStacks X\family	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\cef\locales\fr.pak	BSX-Setup-5.21.210.1023_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\language\it.qm	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\da.pak	BSX-Setup-5.21.210.1023_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_chroma\librv32_plugin.dll	BSX-Setup-5.21.210.1023_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\cef\locales\vi.pak	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\QtGraphicalEffects\ThresholdMask.qml	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\family\malgun.ttf	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\Search\History_ButtonDelete_normal.svg	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libgrain_plugin.dll	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\cef\locales\pt-PT.pak	BSX-Setup-5.21.210.1023_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libadjust_plugin.dll	BSX-Setup-5.21.210.1023_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\vccorlib140.dll	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\cef\locales\tr.pak	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\settings\Image_Default.svg	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qt_da.qm	BSX-Setup-5.21.210.1023_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\BstkProxyStub.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\lt.pak	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\cef\locales\ca.pak	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\dialog\Close_hover.svg	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\MyGames\pc_refresh_default.svg	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\resources\qtwebengine_devtools_resources.pak	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\api-ms-win-core-localization-l1-2-0.dll	BSX-Setup-5.21.210.1023_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\language	BSX-Setup-5.21.210.1023_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\imageformats\qtiff.dll	BSX-Setup-5.21.210.1023_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\mediaservice\dsengine.dll	BSX-Setup-5.21.210.1023_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Search\SearchIndicator.svg	BSX-Setup-5.21.210.1023_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\liboldmovie_plugin.dll	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sr.pak	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\access	BSX-Setup-5.21.210.1023_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\account\edit.svg	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\Setting_hover.svg	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\th.pak	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\icon_right_arrow.svg	BSX-Setup-5.21.210.1023_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\Qt\labs\platform\qmldir	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\image\dialog\min_pressed.svg	BSX-Setup-5.21.210.1023_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\misc\libaudioscrobbler_plugin.dll	BSX-Setup-5.21.210.1023_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\xplugins\BrowserPlugin.dll	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\libssl-1_1-x64.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\zh-CN.pak	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\ComboBox\ComboBox_up.svg	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\wallet\topbar_icon.svg	BSX-Setup-5.21.210.1023_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\libvlc.dll	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\access\librist_plugin.dll	BSX-Setup-5.21.210.1023_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_chroma\libchain_plugin.dll	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\SideBar\left_arrow_hover.svg	BSX-Setup-5.21.210.1023_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\position\qtposition_serialnmea.dll	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\Assets\installer_bg_blurred.png	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\ffmpeg.exe	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libinvert_plugin.dll	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\brotlidec.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\resources\qtwebengine_resources_100p.pak	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\www\css	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\CloudGame\TitlebarForward_Disable.svg	BSX-Setup-5.21.210.1023_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Gallery\pre_enable.svg	BSX-Setup-5.21.210.1023_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\libcrypto-1_1.dll	BSX-Setup-5.21.210.1023_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\help.svg	BSX-Setup-5.21.210.1023_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libmotiondetect_plugin.dll	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\Qt5Widgets.dll	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\msvcp140_atomic_wait.dll	7zr.exe
File created	C:\Program Files\BlueStacks_nxt\mediaservice\dsengine.dll	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\account	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\web3_hover.svg	BSX-Setup-5.21.210.1023_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\language\ko.qm	BSX-Setup-5.21.210.1023_nxt.exe

Executes dropped EXE 37 IoCs

pid	Process
3896	BlueStacksInstaller.exe
3720	HD-CheckCpu.exe
1568	HD-CheckCpu.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
7348	BlueStacksInstaller.exe
6512	HD-CheckCpu.exe
6848	BlueStacksServicesSetup.exe
2708	BlueStacksServices.exe
4116	BlueStacksServices.exe
2540	BlueStacksServices.exe
7956	BlueStacksServices.exe
5920	BlueStacks X.exe
3912	BlueStacksWeb.exe
7572	BlueStacksWeb.exe
1920	BlueStacksServices.exe
5928	BlueStacks-Installer_5.21.210.1023_amd64_native.exe
7176	Bootstrapper.exe
7380	BlueStacksInstaller.exe
7664	7zr.exe
8132	7zr.exe
8268	HD-ForceGPU.exe
8312	HD-GLCheck.exe
8336	HD-GLCheck.exe
1204	HD-GLCheck.exe
9084	HD-GLCheck.exe
8680	HD-GLCheck.exe
8720	HD-GLCheck.exe
8836	HD-CheckCpu.exe
8852	7zr.exe
8780	HD-GLCheck.exe
9208	HD-GLCheck.exe
6516	HD-GLCheck.exe
4588	7zr.exe
6048	7zr.exe
2108	7zr.exe
8592	HD-CheckCpu.exe
8392	7zr.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
8652	sc.exe

Loads dropped DLL 64 IoCs

pid	Process
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	BlueStacksInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	BlueStacksInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	BlueStacks X.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	BlueStacks X.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	BlueStacks X.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	BlueStacks X.exe

Enumerates processes with tasklist 1 TTPs 64 IoCs

Process Discovery

T1057

pid	Process
5372	tasklist.exe
6628	tasklist.exe
8968	tasklist.exe
8208	tasklist.exe
9176	tasklist.exe
4388	tasklist.exe
9168	tasklist.exe
6336	tasklist.exe
4608	tasklist.exe
2040	tasklist.exe
2480	tasklist.exe
5852	tasklist.exe
7192	tasklist.exe
7392	tasklist.exe
7472	tasklist.exe
1564	tasklist.exe
2928	tasklist.exe
2208	tasklist.exe
244	tasklist.exe
248	tasklist.exe
6692	tasklist.exe
8012	tasklist.exe
7408	tasklist.exe
6624	tasklist.exe
8112	tasklist.exe
4180	tasklist.exe
2964	tasklist.exe
7444	tasklist.exe
6408	tasklist.exe
6452	tasklist.exe
5796	tasklist.exe
3772	tasklist.exe
3036	tasklist.exe
6860	tasklist.exe
5784	tasklist.exe
6880	tasklist.exe
8412	tasklist.exe
9040	tasklist.exe
3056	tasklist.exe
5272	tasklist.exe
6952	tasklist.exe
4684	tasklist.exe
4756	tasklist.exe
5832	tasklist.exe
8868	tasklist.exe
3396	tasklist.exe
6216	tasklist.exe
3212	tasklist.exe
5276	tasklist.exe
5668	tasklist.exe
6328	tasklist.exe
3204	tasklist.exe
8016	tasklist.exe
9128	tasklist.exe
2044	tasklist.exe
7412	tasklist.exe
5252	tasklist.exe
5776	tasklist.exe
6300	tasklist.exe
6340	tasklist.exe
6904	tasklist.exe
5852	tasklist.exe
7708	tasklist.exe
4348	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 20 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\	BSX-Setup-5.21.210.1023_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open	BSX-Setup-5.21.210.1023_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon\ = "C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe,0"	BSX-Setup-5.21.210.1023_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\URL Protocol	BSX-Setup-5.21.210.1023_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell	BSX-Setup-5.21.210.1023_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command	BSX-Setup-5.21.210.1023_nxt.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\bstsrvs\shell\open	BlueStacksServices.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX	BSX-Setup-5.21.210.1023_nxt.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings	BSX-Setup-5.21.210.1023_nxt.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\bstsrvs	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1276817940-128734381-631578427-1000\{ABEEE1F7-748A-4CBE-9A31-3CCDDB62469F}	BlueStacks X.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command\ = "\"C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe\" -open \"%1\""	BSX-Setup-5.21.210.1023_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon	BSX-Setup-5.21.210.1023_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\	BSX-Setup-5.21.210.1023_nxt.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\bstsrvs\shell	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\ = "URL:BlueStacksX Protocol Handler"	BSX-Setup-5.21.210.1023_nxt.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	BlueStacks X.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	BlueStacks X.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	BlueStacks X.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	BlueStacks X.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	BlueStacks X.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	BlueStacks X.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5920	BlueStacks X.exe

Suspicious behavior: EnumeratesProcesses 49 IoCs

pid	Process
3896	BlueStacksInstaller.exe
3896	BlueStacksInstaller.exe
3896	BlueStacksInstaller.exe
3896	BlueStacksInstaller.exe
3896	BlueStacksInstaller.exe
3896	BlueStacksInstaller.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
4192	BSX-Setup-5.21.210.1023_nxt.exe
7348	BlueStacksInstaller.exe
7348	BlueStacksInstaller.exe
7348	BlueStacksInstaller.exe
7348	BlueStacksInstaller.exe
7348	BlueStacksInstaller.exe
7348	BlueStacksInstaller.exe
6848	BlueStacksServicesSetup.exe
6848	BlueStacksServicesSetup.exe
3212	tasklist.exe
3212	tasklist.exe
3912	BlueStacksWeb.exe
7572	BlueStacksWeb.exe
1920	BlueStacksServices.exe
1920	BlueStacksServices.exe
7176	Bootstrapper.exe
7176	Bootstrapper.exe
7176	Bootstrapper.exe
7176	Bootstrapper.exe
7176	Bootstrapper.exe
7176	Bootstrapper.exe
7176	Bootstrapper.exe
7176	Bootstrapper.exe
7380	BlueStacksInstaller.exe
7380	BlueStacksInstaller.exe
7380	BlueStacksInstaller.exe
7380	BlueStacksInstaller.exe
7380	BlueStacksInstaller.exe
7380	BlueStacksInstaller.exe
7380	BlueStacksInstaller.exe
5920	BlueStacks X.exe
5920	BlueStacks X.exe
4756	msedge.exe
4756	msedge.exe
4328	msedge.exe
4328	msedge.exe
404	identity_helper.exe
404	identity_helper.exe
6716	msedge.exe
6716	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5920	BlueStacks X.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
668	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3896	BlueStacksInstaller.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3896	BlueStacksInstaller.exe
Token: SeSecurityPrivilege	4192	BSX-Setup-5.21.210.1023_nxt.exe
Token: SeDebugPrivilege	7348	BlueStacksInstaller.exe
Token: SeDebugPrivilege	3212	tasklist.exe
Token: SeSecurityPrivilege	6848	BlueStacksServicesSetup.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeDebugPrivilege	6336	tasklist.exe
Token: SeDebugPrivilege	6692	tasklist.exe
Token: SeDebugPrivilege	6408	tasklist.exe
Token: SeDebugPrivilege	6452	tasklist.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeDebugPrivilege	4756	tasklist.exe
Token: SeDebugPrivilege	1564	tasklist.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeDebugPrivilege	248	tasklist.exe
Token: SeDebugPrivilege	4608	tasklist.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeDebugPrivilege	5252	tasklist.exe
Token: SeDebugPrivilege	5276	tasklist.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeDebugPrivilege	8016	tasklist.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeDebugPrivilege	8012	tasklist.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	2708	BlueStacksServices.exe
Token: SeShutdownPrivilege	2708	BlueStacksServices.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
2708	BlueStacksServices.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
5920	BlueStacks X.exe
5920	BlueStacks X.exe
5920	BlueStacks X.exe
5920	BlueStacks X.exe
5920	BlueStacks X.exe
5920	BlueStacks X.exe
8680	HD-GLCheck.exe
9208	HD-GLCheck.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 3896	4864	BlueStacksInstaller_5.21.210.1023_native.exe	77
PID 4864 wrote to memory of 3896	4864	BlueStacksInstaller_5.21.210.1023_native.exe	77
PID 3896 wrote to memory of 3720	3896	BlueStacksInstaller.exe	80
PID 3896 wrote to memory of 3720	3896	BlueStacksInstaller.exe	80
PID 3896 wrote to memory of 3720	3896	BlueStacksInstaller.exe	80
PID 3896 wrote to memory of 1568	3896	BlueStacksInstaller.exe	82
PID 3896 wrote to memory of 1568	3896	BlueStacksInstaller.exe	82
PID 3896 wrote to memory of 1568	3896	BlueStacksInstaller.exe	82
PID 3896 wrote to memory of 4192	3896	BlueStacksInstaller.exe	85
PID 3896 wrote to memory of 4192	3896	BlueStacksInstaller.exe	85
PID 3896 wrote to memory of 4192	3896	BlueStacksInstaller.exe	85
PID 4192 wrote to memory of 8068	4192	BSX-Setup-5.21.210.1023_nxt.exe	86
PID 4192 wrote to memory of 8068	4192	BSX-Setup-5.21.210.1023_nxt.exe	86
PID 4192 wrote to memory of 8068	4192	BSX-Setup-5.21.210.1023_nxt.exe	86
PID 8068 wrote to memory of 5588	8068	WScript.exe	87
PID 8068 wrote to memory of 5588	8068	WScript.exe	87
PID 8068 wrote to memory of 5588	8068	WScript.exe	87
PID 5588 wrote to memory of 8100	5588	cmd.exe	89
PID 5588 wrote to memory of 8100	5588	cmd.exe	89
PID 5588 wrote to memory of 8100	5588	cmd.exe	89
PID 5588 wrote to memory of 7972	5588	cmd.exe	91
PID 5588 wrote to memory of 7972	5588	cmd.exe	91
PID 5588 wrote to memory of 7972	5588	cmd.exe	91
PID 5588 wrote to memory of 5564	5588	cmd.exe	92
PID 5588 wrote to memory of 5564	5588	cmd.exe	92
PID 5588 wrote to memory of 5564	5588	cmd.exe	92
PID 5588 wrote to memory of 1372	5588	cmd.exe	93
PID 5588 wrote to memory of 1372	5588	cmd.exe	93
PID 5588 wrote to memory of 1372	5588	cmd.exe	93
PID 3896 wrote to memory of 6820	3896	BlueStacksInstaller.exe	94
PID 3896 wrote to memory of 6820	3896	BlueStacksInstaller.exe	94
PID 3896 wrote to memory of 6820	3896	BlueStacksInstaller.exe	94
PID 6820 wrote to memory of 7348	6820	BlueStacksInstaller_5.21.210.1023_native.exe	95
PID 6820 wrote to memory of 7348	6820	BlueStacksInstaller_5.21.210.1023_native.exe	95
PID 7348 wrote to memory of 6512	7348	BlueStacksInstaller.exe	96
PID 7348 wrote to memory of 6512	7348	BlueStacksInstaller.exe	96
PID 7348 wrote to memory of 6512	7348	BlueStacksInstaller.exe	96
PID 6848 wrote to memory of 4476	6848	BlueStacksServicesSetup.exe	99
PID 6848 wrote to memory of 4476	6848	BlueStacksServicesSetup.exe	99
PID 6848 wrote to memory of 4476	6848	BlueStacksServicesSetup.exe	99
PID 4476 wrote to memory of 3212	4476	cmd.exe	101
PID 4476 wrote to memory of 3212	4476	cmd.exe	101
PID 4476 wrote to memory of 3212	4476	cmd.exe	101
PID 4476 wrote to memory of 1792	4476	cmd.exe	102
PID 4476 wrote to memory of 1792	4476	cmd.exe	102
PID 4476 wrote to memory of 1792	4476	cmd.exe	102
PID 2708 wrote to memory of 4116	2708	BlueStacksServices.exe	105
PID 2708 wrote to memory of 4116	2708	BlueStacksServices.exe	105
PID 2708 wrote to memory of 4116	2708	BlueStacksServices.exe	105
PID 2708 wrote to memory of 4116	2708	BlueStacksServices.exe	105
PID 2708 wrote to memory of 4116	2708	BlueStacksServices.exe	105
PID 2708 wrote to memory of 4116	2708	BlueStacksServices.exe	105
PID 2708 wrote to memory of 4116	2708	BlueStacksServices.exe	105
PID 2708 wrote to memory of 4116	2708	BlueStacksServices.exe	105
PID 2708 wrote to memory of 4116	2708	BlueStacksServices.exe	105
PID 2708 wrote to memory of 4116	2708	BlueStacksServices.exe	105
PID 2708 wrote to memory of 4116	2708	BlueStacksServices.exe	105
PID 2708 wrote to memory of 4116	2708	BlueStacksServices.exe	105
PID 2708 wrote to memory of 4116	2708	BlueStacksServices.exe	105
PID 2708 wrote to memory of 4116	2708	BlueStacksServices.exe	105
PID 2708 wrote to memory of 4116	2708	BlueStacksServices.exe	105
PID 2708 wrote to memory of 4116	2708	BlueStacksServices.exe	105
PID 2708 wrote to memory of 4116	2708	BlueStacksServices.exe	105
PID 2708 wrote to memory of 4116	2708	BlueStacksServices.exe	105

C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_5.21.210.1023_native.exe
"C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_5.21.210.1023_native.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Users\Admin\AppData\Local\Temp\7zS00353967\BlueStacksInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS00353967\BlueStacksInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: RenamesItself
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3896
- - C:\Users\Admin\AppData\Local\Temp\7zS00353967\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS00353967\HD-CheckCpu.exe" --cmd checkHypervEnabled
    3⤵
    - Executes dropped EXE
    PID:3720
- - C:\Users\Admin\AppData\Local\Temp\7zS00353967\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS00353967\HD-CheckCpu.exe" --cmd checkSSE4
    3⤵
    - Executes dropped EXE
    PID:1568
- - C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe
    "C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe" -s
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4192
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\BlueStacks X\green.vbs"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:8068
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c green.bat
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:5588
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall delete rule name="BlueStacksWeb"
        6⤵
        Modifies Windows Firewall
        
        PID:8100
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall delete rule name="Cloud Game"
        6⤵
        Modifies Windows Firewall
        
        PID:7972
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall add rule name="BlueStacksWeb" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe"
        6⤵
        Modifies Windows Firewall
        
        PID:5564
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall add rule name="Cloud Game" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\Cloud Game.exe"
        6⤵
        Modifies Windows Firewall
        
        PID:1372
- - C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.21.210.1023_native.exe
    "C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.21.210.1023_native.exe" -versionMachineID=fd52cb52-f734-4c6e-9744-08150e6da2dc -machineID=05a564e4-4284-4582-bb62-434e35a08d9d -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bs5 -bsxVersion=10.41.210.1001 -country=US -isWalletFeatureEnabled
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\7zS4AAD8888\BlueStacksInstaller.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS4AAD8888\BlueStacksInstaller.exe" -versionMachineID=fd52cb52-f734-4c6e-9744-08150e6da2dc -machineID=05a564e4-4284-4582-bb62-434e35a08d9d -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bs5 -bsxVersion=10.41.210.1001 -country=US -isWalletFeatureEnabled
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\7zS4AAD8888\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS4AAD8888\HD-CheckCpu.exe" --cmd checkHypervEnabled
        5⤵
        Executes dropped EXE
        
        PID:6512

C:\ProgramData\BlueStacksServicesSetup.exe
"C:\ProgramData\BlueStacksServicesSetup.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:6848
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq BlueStacksServices.exe" | find "BlueStacksServices.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4476
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq BlueStacksServices.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3212
- - C:\Windows\SysWOW64\find.exe
    find "BlueStacksServices.exe"
    3⤵
    PID:1792

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --hidden --initialLaunch
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1712,i,4132128881156544981,529885079289915349,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\system32\cscript.exe
  cscript.exe
  2⤵
  PID:1188
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1972 --field-trial-handle=1712,i,4132128881156544981,529885079289915349,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices
  2⤵
  PID:2280
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices
  2⤵
  PID:7188
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A
  2⤵
  PID:7224
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A
  2⤵
  PID:7432
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:7856
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id=com.bluestacks.services --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2596 --field-trial-handle=1712,i,4132128881156544981,529885079289915349,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:7956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6420
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:6336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6372
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:6692
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:3520
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:6300
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:6696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6592
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:6408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6840
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:6452
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt
  2⤵
  PID:6608
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt
  2⤵
  PID:6508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1652
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:4756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4892
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1564
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:3304
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt
  2⤵
  PID:3420
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:488
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt
  2⤵
  PID:4324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4408
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:248
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4672
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:4608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5164
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:5252
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5336
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:5276
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5308
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:8016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5396
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:8012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8056
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5808
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5776
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:5996
- C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe
  "C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe"
  2⤵
  - Executes dropped EXE
  - Checks processor information in registry
  - Modifies registry class
  - Modifies system certificate store
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5920
- - C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
    BlueStacksWeb.exe --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=3720 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:3912
- - C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
    BlueStacksWeb.exe --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3780 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:7572
- - C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.210.1023_amd64_native.exe
    "C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.210.1023_amd64_native.exe" -s -defaultImageName Pie64 -imageToLaunch Pie64 -skipBinaryShortcuts -appToLaunch=bsx
    3⤵
    - Executes dropped EXE
    PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Bootstrapper.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Bootstrapper.exe" -s -defaultImageName Pie64 -imageToLaunch Pie64 -skipBinaryShortcuts -appToLaunch=bsx
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\BlueStacksInstaller.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\BlueStacksInstaller.exe" -s -defaultImageName="Pie64" -imageToLaunch="Pie64" -skipBinaryShortcuts -appToLaunch="bsx" -parentpath="C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.210.1023_amd64_native.exe"
        5⤵
        Executes dropped EXE
        Checks processor information in registry
        Suspicious behavior: EnumeratesProcesses
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\CommonInstallUtils.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\" -aoa
        6⤵
        Executes dropped EXE
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\QtRedistx64.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\" -aoa
        6⤵
        Executes dropped EXE
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\HD-ForceGPU.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\HD-ForceGPU.exe" 1 "C:\Program Files\BlueStacks_nxt"
        6⤵
        Executes dropped EXE
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\HD-GLCheck.exe" 1 2
        6⤵
        Executes dropped EXE
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\HD-GLCheck.exe" 4 2
        6⤵
        Executes dropped EXE
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\HD-GLCheck.exe" 2 2
        6⤵
        Executes dropped EXE
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\HD-GLCheck.exe" 1 1
        6⤵
        Executes dropped EXE
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\HD-GLCheck.exe" 4 1
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\HD-GLCheck.exe" 2 1
        6⤵
        Executes dropped EXE
        
        PID:8720
      - C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\HD-CheckCpu.exe" --cmd checkSSE4
        6⤵
        Executes dropped EXE
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\PF.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa
        6⤵
        Drops file in Program Files directory
        Executes dropped EXE
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\\HD-GLCheck.exe" 2
        6⤵
        Executes dropped EXE
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\\HD-GLCheck.exe" 3
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\\HD-GLCheck.exe" 1
        6⤵
        Executes dropped EXE
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\QtRedistx64.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa
        6⤵
        Drops file in Program Files directory
        Executes dropped EXE
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\PD.zip" -o"C:\ProgramData\BlueStacks_nxt" -aoa
        6⤵
        Executes dropped EXE
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\7zr.exe" x "C:\ProgramData\Pie64_5.21.210.1023.exe" -o"C:\ProgramData\BlueStacks_nxt\Engine\Pie64" -aoa
        6⤵
        Executes dropped EXE
        
        PID:2108
      - C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"
        6⤵
        Modifies Windows Firewall
        
        PID:6296
      - C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\HD-Player.exe" enable=yes
        6⤵
        Modifies Windows Firewall
        
        PID:7136
      - C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall delete rule name="BlueStacksAppplayerWeb"
        6⤵
        Modifies Windows Firewall
        
        PID:1248
      - C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall add rule name="BlueStacksAppplayerWeb" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe" enable=yes
        6⤵
        Modifies Windows Firewall
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\HD-CheckCpu.exe" --cmd checkSSE3
        6⤵
        Executes dropped EXE
        
        PID:8592
      - C:\Windows\SYSTEM32\cmd.exe
        
        "cmd.exe" /c "sc.exe delete BlueStacksDrv_nxt"
        6⤵
        
        PID:7784
        
        C:\Windows\system32\sc.exe
        
        sc.exe delete BlueStacksDrv_nxt
        7⤵
        Launches sc.exe
        
        PID:8652
      - C:\Windows\SYSTEM32\reg.exe
        
        "reg.exe" EXPORT HKLM\Software\BlueStacks_nxt "C:\Users\Admin\AppData\Local\Temp\n5or3s2s.5jb\RegHKLM.txt"
        6⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\7zr.exe" a "C:\Users\Admin\AppData\Local\Temp\Installer.zip" -m0=LZMA:a=1 "C:\Users\Admin\AppData\Local\Temp\n5or3s2s.5jb\*"
        6⤵
        Executes dropped EXE
        
        PID:8392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cloud.bluestacks.com/bs3/help_articles?article=bsx_engine_install_instruction&launcher_version=10.41.210.1001
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff97bf63cb8,0x7ff97bf63cc8,0x7ff97bf63cd8
      4⤵
      PID:6412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1464,16724858358752033905,17348130214968320397,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1968 /prefetch:2
      4⤵
      PID:1516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1464,16724858358752033905,17348130214968320397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1464,16724858358752033905,17348130214968320397,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
      4⤵
      PID:6460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,16724858358752033905,17348130214968320397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
      4⤵
      PID:5208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,16724858358752033905,17348130214968320397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
      4⤵
      PID:5772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1464,16724858358752033905,17348130214968320397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1464,16724858358752033905,17348130214968320397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,16724858358752033905,17348130214968320397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
      4⤵
      PID:2248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,16724858358752033905,17348130214968320397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
      4⤵
      PID:3568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,16724858358752033905,17348130214968320397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
      4⤵
      PID:5184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,16724858358752033905,17348130214968320397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
      4⤵
      PID:5312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4744
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:3772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5344
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5660
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:3220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7972
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7656
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4360
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:2040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1480
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:540
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:484
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2108
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5680
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:4576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2672
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:4180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:3464
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:2964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:228
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:2928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7672
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:2480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:1936
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8116
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3960
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8516
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8412
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8396
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8328
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8320
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8688
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8952
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8984
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9072
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9128
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:3128
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:4948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7596
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5200
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3488
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6320
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6452
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:2304
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:3396
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2340
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6628
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2512 --field-trial-handle=1712,i,4132128881156544981,529885079289915349,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5208
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:4572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2984
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:2044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:3916
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5340
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:248
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:2568
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5328
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5396
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5852
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5544
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8168
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4292
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4884
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6868
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:4684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:3152
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7412
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5520
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:2208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:2128
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:3036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4396
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:4348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7688
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2784
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:3056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7104
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:4388
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8492
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4520
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5052
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8868
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:780
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9052
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:4244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9124
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8848
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6332
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6216
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8860
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7832
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5748
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2712
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:4940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6868
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:3204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8100
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5852
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6972
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7144
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5488
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2488
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:3968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5204
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe

Filesize
477KB

MD5
31619556ed6d5ca481cfcc3b8a5b6a80

SHA1
61fbb30965a5b11b6d8d26e85f0aab14868fc97b

SHA256
d19ed921fe898222fc2bf4260820d58315ef30f178e87bafffd41b9602b791e4

SHA512
1a5725d88a8005a62cb2c229235752b63698323e7c5facb564d62c7b6e09188d75935c319b91c0e82e40eb6118d7fa9bcf048065f485b7e61e47523447bc06d9

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_disabled.svg

Filesize
569B

MD5
e7fdf6a9c8cae1fc1108dc5a803a1905

SHA1
2853f9ff5e63685ebb1449dcf693176b17e4ab60

SHA256
8ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e

SHA512
a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_hover.svg

Filesize
653B

MD5
76166804e6ce35e8a0c92917b8abc071

SHA1
8bd38726a11a9633ac937b9c6f205ce5d36348b0

SHA256
1bca2e912184b8168ee8961de68d1d839f4f9827fde6f48ab100fb61e82eff90

SHA512
93c4f1af7e9f89091a207ab308e05ddd4c92406c039f7465d3b8aca7e0cc7a6c922a22e1eee2f5c88db5e89016ef69294b2a0905d7d6a90fd32835bc11929005

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_normal.svg

Filesize
569B

MD5
3221ac69d7facd8aa90ffa15aea991b0

SHA1
e0571f30f4708ec78addc726a743679ca0f05e45

SHA256
92aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537

SHA512
5e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_pressed.svg

Filesize
653B

MD5
dfddf8d0788988c3e48fcbfb2a76cd20

SHA1
463bb61f0012289e860c32f1885a3a8f57467f2e

SHA256
9585f41eb6202e89f2087266fa31852d7f41ca8cc659b907c96753fe165f937d

SHA512
e708c5114c60f7574589d6a56c9faedda26ee4a40f0eeb25f5e12eadcf790f24fdbf393fa0aa6ad449b5337d625b092d6f8822472fa8a6ce1339aca59c50c3ca

Download Submit
C:\Program Files\BlueStacks_nxt\7zr.exe

Filesize
812KB

MD5
fbaba140f30a11e5ff4f97d921de6d45

SHA1
d12360b79d9fe7ddc5380a22539dc7d4768ff5f3

SHA256
4889c0826c633c0291264d37834363be90ee39d07fcea228494ed151386dcb16

SHA512
cd18bb1b057b1b077fde372ca5f98701614b196b692ac42ec56e5b839535022d884a2cd9b6bf644a520c6f48f12f673574a24e60580c70c695067b66442ea7a5

Download Submit
C:\Program Files\BlueStacks_nxt\BlueStacksUninstaller.exe.config

Filesize
392B

MD5
ca0a329097316832e4a6ea5d870c9268

SHA1
4a36b93361d3dc9df9b00313f2c2b394be9e1e72

SHA256
4b7df915d706af6459c38d75b09c5e14f951842ae0678078400f204ad1c7a7c2

SHA512
51f9a874e84f130be4fa29fcc4bc934105318234b5dd9ceedaf569e3f0e6b38e29f3bec056044724476ae24295a510b16d8a737b994fd6f1268609defa315271

Download Submit
C:\Program Files\BlueStacks_nxt\HD-ForceGPU.exe

Filesize
169KB

MD5
69457c9a9974ab32264fed54bceb4b1f

SHA1
7b00b9860fbb9fde7edaf6cb35a7070f79554dec

SHA256
115ca4c71da3c6f6cdf74247fedec9830b7e9490ec6358d77a301be27bf69e5e

SHA512
ccfc6597b2a34923f9f2162a4ab743d56486d169802772dd8ca87dad9c1e04d75330a960eac380e5af5e1db9a9e44b66221df1f583b0425dd4a91d0fea1d71dd

Download Submit
C:\Program Files\BlueStacks_nxt\HD-GLCheck.exe

Filesize
223KB

MD5
4be4afddacc41422970834d7a0d4d1d7

SHA1
82ffe2b1d535f2550ab63cbab450a6a3b6b034f5

SHA256
24552a2080acfe8022dcb0afbe73896a4b781bfa49007e2fa6022f368265565e

SHA512
228b79f571b459f7a968e79db2d2c78da103db5956f19d7e13e167bd3a4783d8f967dd055df73076e362194be67a2bdd25dd4af99e22d59ab451c5c767c2572a

Download Submit
C:\Program Files\BlueStacks_nxt\ProductLogo.ico

Filesize
131KB

MD5
169706218f98a42594a8c5c5a65771fe

SHA1
b8ded94180212578d86a031eb71ef93dcffe1a26

SHA256
3803045963af064936d7071c178de8e40854968b3d3f9171c57a182c869f3697

SHA512
1c3f18ed0a24ffa78fe938826eb88531eb8be134d6f209b87d7af5d0e8c4829f01947d7b0048996b9755562bbb7f52e000bcd15d07d646cacb2989ac881ce448

Download Submit
C:\Program Files\BlueStacks_nxt\resources\icudtl.dat

Filesize
10.0MB

MD5
03205e5952ea7b803839ecfe3bb000d6

SHA1
74146e76e31fd1e75ae1c34fa8194bc291b34a40

SHA256
8364e6c6bf5744357199de0de3f6ba30846ccda70288675b75059e6fd52241f3

SHA512
badb8843f9a483329cc4f559f95bd07a8cc1f9383e0e67dddacf74e586541067ca452a7fc28b63dcd28edc434c3be8ddc733dcbad0e06d973dafc99242f0b192

Download Submit
C:\Program Files\BlueStacks_nxt\resources\qtwebengine_resources.pak

Filesize
2.4MB

MD5
aed2766cd70116ab1e0c430001a30b8f

SHA1
a06c62b35c333412dd61c493d6a6520a8c04537c

SHA256
4ed3a10f1bbc40b9a2ce3b8cb6dab6f00fe922d0c0e1c6ab5adfd8617cec9389

SHA512
a1ca058b88c1a6839b2e329b08423ee115800864f580f832bbc4f4720f0965984f893d210437951bd79dcfd3b917137b0b2e8f381e50d2a1bc2de37ca5555961

Download Submit
C:\Program Files\BlueStacks_nxt\resources\qtwebengine_resources_100p.pak

Filesize
191KB

MD5
8615f18dea34c152e8aeb8f4e01fd17b

SHA1
032b7bab09943cc5c8a380b0aba29652d5539153

SHA256
e7e2cd13fa9fbaa33c537e8eecfd542e4ce4a621bc0b94159ef9e6e4541652a6

SHA512
2a68ba854d473883f20e1a26375fa39b689cd39d2e284a963b07f25fa3eb6865ff3d8fea2241af23ffc731b83e20ec5b8147486de0a507e83413f75d71eab248

Download Submit
C:\Program Files\BlueStacks_nxt\resources\qtwebengine_resources_200p.pak

Filesize
250KB

MD5
de5e6a97c80d698256369b10255ce45d

SHA1
8d4b979a8c2ee33c2dbc01ed13a165b455a5fdfc

SHA256
669f9d3388438377c440419e5c62973362e33e84a5b247ddd0dd4568da75eb13

SHA512
5609ca5053f581e636c0fe10def704f076c7acf5d958e235991fec32a2ddebd72b312f36a6648d2462766d1cb141f3df12d39df1a344e0dfb4a9e2946dcf1206

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\am.pak

Filesize
420KB

MD5
2a8ca8692a60fe8d33d51d99c9084a9d

SHA1
919d8adacce240fd394d6faf2aa41d2e5b8460ec

SHA256
73f0a7c7632313613814b3ccf5962962aff99de940e084e0b609ecbad1ec1d44

SHA512
080e56cce041226592e7fa816fe8c5e362a1f172a8c671bda4092ff127f0cbe8238c40d41751099f6bac8f02c71faccc011df270b1c1bb8b772286ab95f5f1ea

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ar.pak

Filesize
441KB

MD5
143ffa8ca3ac0e6dca9a8b3e8ba3f3f5

SHA1
6186940350b3fdd936f6ce41f3091bbca397e9a2

SHA256
3f35466a80f4ca5a5167b2d3a3278e75afd90821206ac98801210a2117c913e2

SHA512
a12b5e3ae821e08aa76657cf84bd79def6f8fdb413e908b13944f6c2bc1aa9724193d0a9a0abd5dc0b87e0845d61b021d39024a5048443531dafa19de707944e

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\bg.pak

Filesize
475KB

MD5
154217351d415b13dca71e28727902c4

SHA1
096a1640b5e83a7b20afdfa7cfe2507b4128e0a5

SHA256
da4bb8513745180a0eb26228a315786a6bfb98d6594173491d25cdf9d59c5bcf

SHA512
f1676a8b05c00588308c57b2290c00a6d844811e9ad4495ba94d62ae71a8c58d504ccd2697cfbf822fd5c2ce6423f76da8a901b4eae55095dc4b9667d9c2a8eb

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\bn.pak

Filesize
624KB

MD5
304432105fbe28b1625f0d7b6be3e7bf

SHA1
2d5474854bc0bca3f3ead1b9199d76ef533f0850

SHA256
ac282f17c5f25b55d368d06b305b89b614949d41c2a1377f1dd5aecb57d1ca8e

SHA512
8ab35cf2069f70a3a99dde98a7b7782821000abcefa97eaeb07b8a717d26a7b6c5461d5bcd39110b47db98aad9c56e463ca2707b7e6b71cda1092b8cf3a91ab8

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ca.pak

Filesize
294KB

MD5
a2c61a98fe7407ded9ece126c4c9d057

SHA1
c7d64d8bdc2fd9e7f1c62dff79e0e56e13f9cd69

SHA256
4d583b753104ae98a1e5858bfe38dfa3195d477128441ca59c882d158d52ebf8

SHA512
7522ee10397140b5eb45ec3d5cb32e9212a7d3cae8fbc377b270872aaf6c7077e7b13465f6005a85b5fdd4d2e86b1731c3366ddfb2e4bccae4ae2d1a178e0b1c

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\cs.pak

Filesize
303KB

MD5
c0bb82986abc67281d8067e5f20625c7

SHA1
e7cc8888dd95d9edf226893f0e4c12e572bf6bf8

SHA256
217718dd6d64f45da33db0629e6d56da8084ae0fd8123eafda909e662a5e5b50

SHA512
80f4542345cc6e0d3589aeb76e0e5f19a824f2d3186d397c8fb71c1e9d6c056108df7f9a192a6515eb9ee43505b7844c0bf76b77596adcaa3c0ee783dd590ad9

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\da.pak

Filesize
271KB

MD5
5eba7377be8e34dd03db766300039ed2

SHA1
b3460fa050b93454b9e05586d86d7cf67881f557

SHA256
94157ad608b35b29dd176a3106caa4613ed6d4c20268ce00ac4ccf13a9950f94

SHA512
7d24210b60fe38b42fc6a4437ffb1e06333b7084025efe462b66e086cdee953254a1d6fec69ab3c8569118156f3a4a957aed5259e1432772ab46cf7905aa4385

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\de.pak

Filesize
292KB

MD5
01cc5b8a05a435482dc692baef032d3a

SHA1
229a4d1c9aea9111bb46895d096dfcaf488b8d4a

SHA256
53d5743a2606d6b553e8dbff871f2f1d3d53666baeb9ecca5b1ed624d48d5835

SHA512
082654e8385811d4e0f35544c017704b0f13638f850947d76c9abe093333fdaf9d1d08c184bb8107d16b0eae6ebcbe0c522ed18138dcee30a71d9d75ea8c3488

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\el.pak

Filesize
522KB

MD5
26afc001a706679413f5deaa3c6603e4

SHA1
c9d780d930775cfc17cf9160712a2e90ca55106e

SHA256
4c2a3552e84fdd08852073d25c99727c4270160260d159572715c7d37e5861bc

SHA512
743380b99f6d55ad892296e8361b74cf90254403fef15de37c3e5fc302bae2991f5bb4ae21ba84bddc30da3b5b31fb4e741b0c524feede1656bcd2d531d76ea1

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\en-GB.pak

Filesize
239KB

MD5
06da37b66f4dbbe8c5ae1bd7e4addc99

SHA1
ac190bbb14b76d14143dcc088f460d1be2ba2886

SHA256
60f87ec2b06329bdea7f835a61e9893fae147343f133caa2bfa5215797881ee0

SHA512
c436359e259c0a1cdc0dea1bb9ecd2bc22fe1124d76b9deac7e8c7751d97d66cbe61739aecef650908ed05363156fa11453490a9c9f23c74c683ac4e8c7c8c3e

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\en-US.pak

Filesize
242KB

MD5
1e958f35257ef1e2e5115d860602a593

SHA1
688afb781ce3c4c9a55fee9696145260d2ce1400

SHA256
4a65112f4d03cf38abf2ccff5e3fe8e161cb3e47d588b510504007c9bb876b37

SHA512
a996e8708f4e92794cf3eb6b7780d9ac8e567b1359aface4fd50d427630e4219678f4cdcd58764123ab6baf12a9c87a08b6ba5767fa8f6042a7319fb45b72a27

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\es-419.pak

Filesize
289KB

MD5
f21b0783d062082ee46aa573eff68df0

SHA1
84f62d15eb68858245e56bef0cf317e273918044

SHA256
859cb8ad8666e97a47f0e24df4ae85aad80002fbf842b4e68afd0a308d6597fe

SHA512
d87e2d51cedba8ba4eba3b0fd390bfb32b25c5cda98a0d6465b5ae351dc745a67ac174c223e7def8b02c9f00729244026e895791add2611680579dfec4b7b07b

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\es.pak

Filesize
293KB

MD5
03265b1a7f6a996513067866d55f3bcb

SHA1
427eecd7810cf24c8758dc9beae18afc9d8969a0

SHA256
516234550bfda93687b28c5cb3b7b5362212bf41b900d790ade52747bcf766da

SHA512
d6ace0340666eaffe28f57fb070eb4504460bd47517cf3c0b9c07671a605ec017c4fb45a38fbb96b9c54887dcee639b41ef03b2fd85ed9a666af56dbb73023dc

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\et.pak

Filesize
261KB

MD5
73e6f20f0c75a9beb72798167f8c6f91

SHA1
d01932a69626d23e8ce9e9bc240f6d99dd155fb4

SHA256
ff1b0d50f6f067b291199578b6a7757797bd7fdc6b0ac472c9361076bf9eadaf

SHA512
98966566211bba402352607a0622dca7f64ad4c056cec2b40cb70572cd1ce5ed92556490b4399a32ed1c04a14d80a3841fd1a758225120ee416c68e9314316db

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fa.pak

Filesize
422KB

MD5
f913ea1db8c9c99bff701ceeaf8138f3

SHA1
6bef3ff865b3a95dc1900ba3c94c5bf556c695a1

SHA256
b4e0d3f7cb858ce12b5a75a71ef14f2a36494cd4138181b29f6fb3d6bd386c4c

SHA512
edca9b945c6dc90586f6d20e73316f620d5fff61f3ad4fd35c7e9064f55b1988cc77d372a97d100cbf572a2906cd193777a18ace98fabadea1604df42c8823a5

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fi.pak

Filesize
269KB

MD5
f55358f58eb17b4bc6abb19592c1aba7

SHA1
6dc1d99757bc5a447b9761a4a0c90a2be521c6b0

SHA256
cf3b9a857c63022d671f4cc335728c270935628f085ac9a17568a2529daeb4c1

SHA512
d7cb03ec31a3cd8c7f13e1bae1439fbba3b76636f1f254ba5376c5da82b9a98e93684fc3cab3bbe8a4c892ba42f17c0db1eec1531950e17932aee16007081aab

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fil.pak

Filesize
301KB

MD5
f5257136ed900e1715979c9a96de292d

SHA1
217cbe02931f6466bdbdb27c85c876b851610b23

SHA256
98a20cd0e9fae36f22de4a4db7b515532b4327e6d475d4e39ae93ea45b76cd90

SHA512
c38828d2736ba26ad0bff9976adc9d3910df7a417aad8cf6e3cf6383688a56ad2581cbda520403d44b010562b56d6107211385fc80988ac57e930199415ca654

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fr.pak

Filesize
318KB

MD5
75575474726cc8d98def90e0dbddcb0f

SHA1
3e62e3b73bab73597a01c3ece5871c64b142391f

SHA256
d37509844342371b4026b720dc00f77ff88fe2e7c2b27861e3ca66b10e76ca94

SHA512
37e8e5cc44ee4433b0206cd1baedb955947d0fdf172e69a28fb7bc09f2a57c4f27fb45c12a0a49753281cb2e2a92792b67d568f3cd4f90c9c87337249d031fc0

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\gu.pak

Filesize
596KB

MD5
e245057bea15117bed15bc3ee2911d74

SHA1
c8e2d5f85a974fa989c0d0f64121d2836a13bb84

SHA256
4ea64678c7c551c2b2088b9417bcc76218822f3213e9b8028d618864035b97a5

SHA512
a72a1c259332f279f976403034c9d2356a437a1677c0e20c243f23ac246a8ab65bf150a610867687eef48a0b7c87d23f0e357ef21bb1791386790243803ee70f

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\he.pak

Filesize
368KB

MD5
8c02d30c68c4abb4b1a7c2493d8fde51

SHA1
2cbe2f537d59971296f2180d146d9c2905d2a76f

SHA256
e37f0e2516799f320e4ac1a872d0ab7108c4f63d9ad33a17a4008923c7f93e9a

SHA512
9155cb07b6a23d7f73bf8f68af44ee3bc1e25c6ca643c2f8d64a808d3f78076e3ee60f68d3be9cfe3a6dcfbbfd4595e58c897cb4f8b92272e8ffb443cdf6f3a6

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hi.pak

Filesize
618KB

MD5
61838bdf13a1d60545d15e9cc49866be

SHA1
64bec7fe42caf53f192b58e4e5b068e56d835cec

SHA256
9a399dd9dac62ea30d700f94e83dd79d54827eac8b9cbce0343ad2dc0f4809a1

SHA512
7e9e0c3aabebd6f0c221918b6790d096824ee1c5f7338a21ac489952b8260b1e59be423005ce34bd5039cb38fa7c9197cf48b77974ed8f6b7ab2a2472e3daecf

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hr.pak

Filesize
290KB

MD5
a621446d9e94b0d47935bf3310c385b5

SHA1
5cb954846bd2a2c477cb28b99545cd9bc0fbe990

SHA256
93f7fbaf2c7e5f52187fc4a2b5726387e84decebd1efd8b922665bb831e5b842

SHA512
80c5ddea81bf8d1721a2c6cf094cb2c99a10a9aa443193bb2942360de9783da75292eaa341711700281626cc0c8a8f9dc071bd8bb589444f764ea307c4b9de37

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hu.pak

Filesize
312KB

MD5
3c70ba470c8503cae9407540d070f506

SHA1
0b841228d28e8605c37df79f1a3714402d2b18df

SHA256
0770854f32f041df5ee0190164aa24a1ad06e199c79efd46f3ab65e12129023e

SHA512
ded69524127431d1b6a68bcf85119079a57d3aae5c5be7fd8f215090ecc74570b899e8ec70d6cf74da49833d903f8ec2cbb06738a1c917efc5e19a44167183c1

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\id.pak

Filesize
259KB

MD5
fc2cd7f4af1976579f6b0eae3ab2d874

SHA1
c4e434b9d0d95a505947c97d396b05c9a18f3983

SHA256
48b670c94216623a0c81ad611cc3b47a47dc9368215e065fd02448b4ebf808ef

SHA512
9e355bcfcc31535755233cdd7a521b0bc68f897d85a22da658e3fe5bfa388ce8d8dfa7c01087ea04cd268d44d43862c5acf5b305e45b4572dcb25884e45a4535

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\it.pak

Filesize
285KB

MD5
56c13472d7efdb4466d5189af2d06ce6

SHA1
84025c148e10e1885125893dd286d0f9e751e101

SHA256
7114d3e0c7de30f25c789a1dcc7c50e85985b8ff35afce4600128e85318b4af4

SHA512
fa9b17d387585a281ef1582b8596cb61dc79658bf3b121f6fb6355bd6584c517d938e21d1a0b1be6491c01e5c15c2da666d9f77000a12a2da137c040046957f8

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ja.pak

Filesize
351KB

MD5
9705a8fcead214aa619f1be816135ea0

SHA1
f10d22cdbf5d7960aeaa13c98cf8f7de41034760

SHA256
c8db5560edd42f1a6acc4efd10865ce39c15dadd3b7dbdaaa28922e1f9c86320

SHA512
6d82ae6023e48ef54d6903a13b6f07069fdd5c87aa0e7b1219c0797bf49cc789170b3677d572fb1b63feda138e624f71e7175022eb7928db0dd413cc8652c6af

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\kn.pak

Filesize
693KB

MD5
2e9a1e91aa149308dde43e0b357e1c8a

SHA1
d657811a3b3dabe519fb7b5fad46977674234f51

SHA256
2a0411a1368fd5f342581b00fb3b451f89ad593fa49f0f79fd9abd5ee0d5f5e1

SHA512
d7b612562fb04a89dac28f51e691f42af39cf61bbd2199c4f652a3096330a99084c0f410bf0c449403031b9a264769ba2932cdae8b0c49bcf92b5ae7a4e8fe9b

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ko.pak

Filesize
296KB

MD5
2a0bc83152bfbc0f365d3a85fd1e1832

SHA1
9b972a8e823ff6f161ca2aadac11043b054b3146

SHA256
ae1cdf9a4cef3a86d3550f7501e5c650cc1e0924c9ab84900df702ea7e351f8f

SHA512
2c3ae97d3c78310cafe92620c0438dde4c624353cd682f3087c92050870d768e6f7071248e55d03232739a2dd94c7694975b0b329f1ffc6148221a18effa9088

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\lt.pak

Filesize
313KB

MD5
7769b6273b1519ea1a8ac9f059e78c93

SHA1
6d8807f4af484041bac83d5d8873d639d5f07d0e

SHA256
e88897c766d8746b9ad859123742dc84b4dc9e6bd05d10a9262b15055a67758a

SHA512
9c91942cb73bc0c2dfdd94a93759520d9a3ac7f6b43ac826d00d2ff46c6335ed87126024bfa955e9c9e744d437a832188d66ad238ae66378a23210b9d1e740ae

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\lv.pak

Filesize
310KB

MD5
17b9ff8c299fff962e9b9bc0d5f2f15b

SHA1
6224d9bf81c4771033e14477da0a652336326036

SHA256
7e4a42d3cc06b7c9cfebad08391de3a275ec129ac20d36ec90ac136ee88223f0

SHA512
8bd3f102b933b94cd0da09e77c78369a156e2ac22f29888ac0c9db8d9d4e2a7e4eeac99942ae7a8785c6207a0277c374c1727712a932922c10646e3fec609963

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ml.pak

Filesize
728KB

MD5
df01088842b8c05568fce402a69bb595

SHA1
4b97c244ee85efb9c35b69f65f64d9cfcb2d25aa

SHA256
9f1fe59eb3d0da8d36715d63da958b5773ced3967e04c5314b3d5aaad2f3c579

SHA512
b434a12884f7a1d417c02de2fd27955e6af2329d8d8d0db9781675a16396556b89e2f46dc951e070c4077073e126d492a5db7a077b7ac3b1f80fe4fab4d68125

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\mr.pak

Filesize
584KB

MD5
f40f6817a07049b8589310b7dba04534

SHA1
93afea27adbd165aa1e3261cb67d5ab719ea02db

SHA256
5429e2696d32638253c4372cc427b3fa154d7c997dc13aab90411fdf98c8f6d3

SHA512
450039cebfebd9b5dd012c2980587e78b64e777bb2ed7cebd1f3174b5e88f0a018cbd60af18ef3eaeeecf9729b420a0216a0b167867be4a2814744217bbf84e6

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ms.pak

Filesize
269KB

MD5
901240b9cb3a7a635c2d56d6ff1b3966

SHA1
c1fdd4ccf213bf1822696061d64930f47a017cdf

SHA256
a750d091e4ca00bdc647ca36c2a22cf9199126c69607fc14f468f6b3b588e55e

SHA512
2b316bc8d5f27f6f90434fa61d270a28f5aef2b9808b1467697c5671aedcfd99d7cf99d72f11d05dee06e73949ab2b22627ea1e925ce8b1ec65b4cd43d03eca4

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\nb.pak

Filesize
264KB

MD5
5c901b43287edab65f05464dbad3e301

SHA1
d76444677a7eeafdfe0bc27a0ff892f028144d67

SHA256
0bdd86ed3444e7e5508dfe4ec483673c2744925accaa5529bff4037cd1b0c2ed

SHA512
46fbe41905a44fe034f3b0798459a2b5bfb4ac408bb90fb5f0f9e82c91407e4b6eddaa82173c0926784881acee514da71284ed02decb49d99cb235784d072da2

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\nl.pak

Filesize
275KB

MD5
884f7faf0e79d04c6536506d6f95eab1

SHA1
39334913aa447b35012a8d7100e7f91e805c7e9d

SHA256
b4d9d873df0ab126f4a312755fde331d4d246519f1757f32087b36714ef4249f

SHA512
77a4379e148c7886950b92bdf8959c12c8695b7121be89142f4d4190cf32c43b8accb77f0c40718cd3c7e3ac0f90e99f3dcf5992140a5769821fc2adac988e18

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\pl.pak

Filesize
301KB

MD5
41ad390a8cc5fbd5b1f352e838b42ce1

SHA1
9efa8f2e5a0312e83f737929765a86112a874272

SHA256
979c4336b428df84e37a2a51a7c5f311ac33ef6e4edc309c138ab2866dd065c0

SHA512
1beb3c66c5b4f9d128e8badcaa8b9dfa9908d74ea910c40a7cde8be3b9b704525e7ddf1e646013cfecf7c66585975b8a8e640b43b27771335bbaa90158f45d01

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\pt-BR.pak

Filesize
285KB

MD5
4792f1e39c6875d8aa5e911f16ed638d

SHA1
c04ecb497096be4173f9aae3f0ae6accc8324156

SHA256
a39bf79dce50c0ef227c3f326728d12c7675a79ab5d4b891fc56913bcbe83e5e

SHA512
5fabf0e030f94c959eac797ae401f28b76ad63816e88d26e3875168978d7448317e3f86aa99b15c0ff266505c5dcb30124c796c6c46c0b90e09ce21b77324d69

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\pt-PT.pak

Filesize
288KB

MD5
0db54f0f25ec3a19dff541ba223bd5b4

SHA1
dc1f0c9b1c2578490af5923df179a92814c04904

SHA256
ff89da2b21c03475373f3839615c570d15b9929fa2cea991105915ef4e648d69

SHA512
96060c6c548085f019f3f127c4250ae6620c2b4f206da9203db94a7d2146c945b5384a661494ad886ceb35cf3f45500302b01009e08b43e549e17ddc318bc48c

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ro.pak

Filesize
297KB

MD5
14ee5c1a362e753a5c44b11343430fdb

SHA1
b87e4750d5319c5c695f1581feaacdd71abe0cda

SHA256
ac3134a201073f6482a4cceb29a745104325ac76b7ad0d262ac7567584f450a1

SHA512
ed647aa3f3ccd5033e41c8cbb8f85d1bd0dbf783472668abb9a7e83ce5ce05706b9d67d5cfb4c28791414e77b5ea9ca5335189545ee79475d3f7cf58c1f12377

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ru.pak

Filesize
477KB

MD5
3d28ef9e25426b08409db5379cfd55e3

SHA1
25fefc87d6233da5b287dbbf04a63c34cb9c5571

SHA256
b81a0b0175225dbdf35150dcc0c36154cfc042c1525df216d68034f0ae609057

SHA512
210b8bf28519c1e1576dfaa76260ceb6fe5dc46d23a6c74f1eaba9e08abb310b34989f0e667b6839999f765cb9bb77d35636db63ba082d471c6b73819b357995

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sk.pak

Filesize
308KB

MD5
b37b81799942fc174e05b6aac03ea4c3

SHA1
788d6d10c82614465628f79bbe1f2346839a582e

SHA256
579a167528badf2a6feafbab487bd2314dd6107d0cc87df17a88ae325ef16319

SHA512
31bb82eb4434665a1b22a21e3e91b48fb2fe78913aac18475f8f328f05fafb2e4bffdd1565b8f48c67061fbf760ad217300882b5871d1753255d969be2b49b44

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sl.pak

Filesize
294KB

MD5
4138dc422fc6a5afb1a855ffe0caba32

SHA1
8b23cb3c91167908e181eb0ce9d730ca5b3179e7

SHA256
7904fb9153a65105690d76ebda6e9edef2852b868f6a8d2e989b2013d40ffc3b

SHA512
a578919421c6458fd187d5985d721257cfb7bc3404f174dff413c211f29cb2d4552699fe10f0c01a651e224c1c7f3189706aaf71107187120a4260214881e531

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sr.pak

Filesize
451KB

MD5
97ef86fc3b66a0a3aa4e1be4555369f0

SHA1
bbe68527d0c4c9e6624920d548c0ab0c09dbac88

SHA256
d5a48e324fba0fe6ad0b08da12fa2f4b9279b6271d36710663b3462794a0c7fb

SHA512
fd7802060a8891df3ad2df1252e0fe09f227c7ca81715917fe0020277d28788326d9798cb62acb8820f4701fb18627f78b6d22d9ee8ee402abcfeb4704718ef3

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sv.pak

Filesize
266KB

MD5
f2bf46d97477489d80659d0be53d9d05

SHA1
a76378ec45dcdef0c596aebe8a4cf36dd3f9c01c

SHA256
196265eea8a2d8746953564b11d64dfc38acc9b17d3e38965f3ae1ba78841e32

SHA512
d65d27d04beacb20d3367af016ef55bea774c782475271e0a0573d2bff2912835d96a803c216ca5f43b56d142e6a77b41a67f35c5bc704c10f5e2aee5d6b7348

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sw.pak

Filesize
273KB

MD5
e99bc71c3caeae580ef7060155ddd0ff

SHA1
d6986e1fe1dd6c110b05f44f84e956ecac188b97

SHA256
4282f200af58345ac756dbf88d0b898d26750f5aa16b7d2557b4d31c0ec126c8

SHA512
6bef16c9633387a3a0557cb644f152210d75157ac9b8ab1af6b94bdbdfb48b2511d0adc84d269ad16a439415ec46b78ff9a2e743bf72238cc5f25a4ce5bbd7f0

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ta.pak

Filesize
703KB

MD5
48554783d89587fe96d94cc1afb58248

SHA1
be0843e27225df82cbb27f017acb7bac27c92c5e

SHA256
df0d976ad84bd0dc165f341ca9c5dfe7995a4f676c1c0a09d7a4716747e94896

SHA512
2ec38646a550e86bd6634247de2a49be20e9f3c09820284da82f7aaa6ceabe32920c4395d3bcd728e3370f8342627a9a9f12b6a222de145213efe57239183784

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\te.pak

Filesize
658KB

MD5
079fbd6adf806504199dd0b05c87c697

SHA1
4fec8c3bae9b48f92e35b609fc3977eda5de2039

SHA256
ee2697e8850803f08bee80e461833bd9f4232532c3f569f56521b1320c99e5e2

SHA512
722c6f3f6f61a8eea6965eae290e580a3263b894e07f7aac08fb6cca67e668db92a874728e32764ee0c10f5307b753d1589b8cae5c8a39edb29c7253591c017d

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\th.pak

Filesize
556KB

MD5
433dbeabe2d4c70255f1685ece8fb97b

SHA1
966c16c364b4f3ae6ccb8c5019c0b6bca75b593e

SHA256
dedb178d79730bb0282605f7bbc6e410b03ee7bdcee1a64c08d9e9c442f49942

SHA512
b5f3d434f71b62136647700e7d4c4e207bafeeb20cdb03019c6cd6580e61f88f596a4f2a0ca77b010f38b41a3eaf5df8e2a00e06764db17244083cb95703213c

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\tr.pak

Filesize
282KB

MD5
1a505f3f30511c2b05eb29ee0e0bff26

SHA1
08d4002d32dc5ea8a9476495786f5d5c1bae7ea6

SHA256
27627a61c6857b80b5eec4f6720b585f82b38271b7470c00a444735beee254e0

SHA512
d925f59cc9af4d55ad5daee42094ddf5d120eae816cddb56e906cd8da47039502f7608e9c4af77994ee7db585697fb26dbbd1c2e7c0bee4e3b194c9eee80eeff

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\uk.pak

Filesize
478KB

MD5
e21f45d7685b75be483013e1e8dc8237

SHA1
8f4cdd3dea580d7671117e9c49891212ab950686

SHA256
dd57df6e7b591b3bd6663743c52f4c5f3a7a24e90fd8045b03479707f25702b3

SHA512
b29d8c67a259e4221e9cbb082f41a1b008f665e18dac568c7ac75fd40ee1e1e00df8bcd65825fbac63d51b1bf555c5c3752b96a9c8a4a153cd325377a165a048

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\vi.pak

Filesize
332KB

MD5
561050669f78bd04d0431de3eb98d160

SHA1
028a78bbaabe19ac338648ac95a8b944254e8d3d

SHA256
922eb514cc20dbb44f41745c9e793756f8b46892504207e75de188be0aca6333

SHA512
2df7ff472a616c9271da813a66c6bd98809d788c7dc752ff0f3f68423f245cadd6945a5424af740b17d14f4f6935a2f2bf030b369dc8a39fa6e968d7f2a1897d

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\zh-CN.pak

Filesize
245KB

MD5
54415acf2d54c65718c99ed78b4bf3e5

SHA1
311937480b01256a1e50d0556df9b4f9f9a46424

SHA256
3648945ec3205f590da62f76af957d8a4175890e6ddb5fd1103beeaf66728c7a

SHA512
4eba5d0f1be81e72699d8429252877096524b4e27fd7d8ac480ec13cb60a83f4b8288823299c1c4e210699278588662e578814b8061bd5b72b5179b956624fc9

Download Submit
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\zh-TW.pak

Filesize
245KB

MD5
c709c2e92d4c0a1a2fd30f5350bed636

SHA1
31c8463300bdfe0238f167451a1adffc4fa899a3

SHA256
37a8707ce5a07b4363579e2d411a1c641913ed1e0377ae1e8cdf70146cee889e

SHA512
38f8da72ecbf73f10a8109ba51f162e77b0f567f7415fe2fa17a2bd7677d9562ff8bd5c136251f44c192c7618cdf72684dfe11070f478255828a5bcc5df8c01d

Download Submit
C:\ProgramData\BlueStacks_nxt\Client\Assets\exit_close_click.png

Filesize
447B

MD5
b09525b48c0023f893d6b64d06add4b1

SHA1
10ecd439ea04e02eefe17f6c110d0c0a78a1db21

SHA256
caa2a8fe9b282939a21b86f8f61fb0c9452222cc3409f06cbb0dcc45613aca8e

SHA512
c6f5a7014c24133eb576708ca17d15becf2b45ec278b3f94e5275e47c78cf0f2eb8bb1a17d277d1a665039f38f2e25faf830e275f426b0a94c6a3da096b6204f

Download Submit
C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_selected_hover.png

Filesize
577B

MD5
47ff3e4cc15b8c4a07e3ceb6cb619b62

SHA1
0318e54c613b8ff00f54d843e90ef88310c1a96f

SHA256
4786cfb7c98edcf01d6b670abf19c50891d56a4de87b96a5e17be142b1af666a

SHA512
0212bd7f6cee390d3bc221a22189b75407fa660a0951c7f768645bf97e7b61ee86fa9b1de6f546ff1151560dcb3b071db8c14a7b08b0e771b539a817b31b154e

Download Submit
C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_unselected_hover.png

Filesize
480B

MD5
22efccf38e15df945962ac85ac3aa3b7

SHA1
b94a8615dc92982e1637680446896080f97c2564

SHA256
0ec39ed4bf89a341f1b5aea56d0e99ff5c923b9c3a6a81adeb9ff21764136f92

SHA512
41a4dbb57abed1a16aa84c72c202da461ca45cbaf68f69a10cb3e5529e8dff659e89f7f4459d1e2e8f3549c6fd51f23fc8422f86667577ebed5ab5df149c79ee

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\Log\log.txt

Filesize
770B

MD5
48ebb57df63bca70680f8333267311a9

SHA1
7a89de5f97a0894f89de1ff8beb3cde52965d337

SHA256
bf1037501b0cc0e12125285369159327538398c11317d6b8085fd04495be45d5

SHA512
244c0a3f221e380436d248f0ed5243e88ee936a2c748f260dea151e2399a3fcb692e8f918a84c102199373ef0c5d59fbe403dfe09a9746211605b22496d4e3cc

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\Log\log.txt

Filesize
4KB

MD5
2d0e75e5faa70dcdba8b09d05f0a2288

SHA1
acc96271bc43e615ae9c0d228c9dc1ce402a4917

SHA256
2f22531e1dd157689571621236185888876276391e3664df0238fc029eb39ca7

SHA512
84397f9c1e476cda1a2ebf01f29c41726cc3518e5b77f94ee943b50cc45baf6ac77b4a52e6efa417e6b1c91b2c1d0abec03430e93723c698526002c0ae030381

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Network Persistent State

Filesize
489B

MD5
1d47d815b7ebeaf0616951ee407456f6

SHA1
c78e393627960485d58a7e9a867147fe5c8717f0

SHA256
37304602e22a4c3ff32b282af3e65c6afc2031ec94e7160fe0f91defcb4949e8

SHA512
7989cb1459f34f183323ec83e754185319748f2a01f81a3f438d6bf8c180c6164f0209e8122802c0e9f93a7b14468adea4563f743f62066950b85a7c127d8322

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\TransportSecurity

Filesize
539B

MD5
084d92f37e622a4263cc3833b283e39f

SHA1
c4decf4c74988944436b726a14dc6cb305f7dad7

SHA256
106bf545b3c1abc3eeee5cc3ae3f9eaaff04baefc28649ae00de488eb901c81a

SHA512
1121ab31bc24873738bdd60963ef800687590e6659efd8f0e9dc23b6eca48f270d687fc87c52a90c63ddab7da3f2369affe18be21acb60c4a7f460c0a703bcce

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\TransportSecurity

Filesize
539B

MD5
9962d40c331aa8d9454f4ef1b6545f66

SHA1
e01c8b0ea28b931081c3ca0be93faf9fc4813491

SHA256
13cabc8bf4dc8286867b2207072168747b7648df55652cc65c1b645ea23a5ae5

SHA512
5f140bb0a7ff3271d26a335482181606bf1396396015fdf55d28b68fdb3dcbb9a0f8d93f59dccd066f571ea3922202585f783ff669cf0557ec0e0f7fc1720555

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\TransportSecurity~RFe59edf0.TMP

Filesize
539B

MD5
45336c2121463df79350b05b93a057ea

SHA1
b3fe70bc302c1cc2106417c64264a9053b9df03f

SHA256
ea7caddf3675fe09f8d97a3906f9f226709bf51d54d3e63bacad7aeed84b918e

SHA512
b43d2416f646ed8c3b3436a20747595befb2ff75f88c9780ae063603e0f94bd07dab5bcd96eb108861d4a86911cb7d8f509ba6ed0554ac8583311a6ea9e11788

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\user_prefs.json

Filesize
135B

MD5
eb0f2514ec0cf1e38a34bde5b41a8233

SHA1
ee5e4221ed4521c0989a43e2b3de3e154f96c7c5

SHA256
829bf2e3534438e0c0ecc43e3746630b6102316cea24aade6400e8d09b8b6910

SHA512
b522d7f4a539a487e061581cbb582d29cee8f7448743f580613b7dceaa5bddb0b7530f2bd2d0c88924a23da36b9800acb316194707ec3d53aaf4307bfdd87ff6

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\user_prefs.json~RFe5a9878.TMP

Filesize
75B

MD5
e28e7497d0dcfec538488318019bfb45

SHA1
7bc190c58bbee95cc2dd8dcb570b86e21b248220

SHA256
fa6baecf718208d213af0abaf31cb34236b7409dfb325d9e979742478a1dcd38

SHA512
5698919fb23e8c8b736ccdfb6563b332981ce62111228e637f3b0cc3745d3888cb6ae5501df361f87a565036616aa0cc14b785bff6b0b3242ac1002c932f533a

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_000014

Filesize
110KB

MD5
8b3f97e2020f3a9c12900df003d7067b

SHA1
ad0ddc8ff1a520f38cc0ae346b6f1aa9b939ff0e

SHA256
1f4a4bfac8bcd76157b59d5591b7345018144baebf401612690d4df115c61e84

SHA512
2edf9d608d6cbd95a4fdaabc73032d29cde59db8203e4077d36712bc5bf96a43a4850c113e502fa55f3c77fefd2f52c0f426ffd5807eb67bcdbe6a1cffe5545f

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_000016

Filesize
197KB

MD5
fa90561b2ffa23ec5c54d5505258c1f2

SHA1
9e826a78863038be3312811b4426dddb2c1eb1df

SHA256
da034ab2386a6f1af21da6a3b9637563fb28d346eb8facaec0fe4ee435e8f315

SHA512
e43548c35dde73a601ad08ff7a2c715a623597b746264c07cb1527d4b19d6354ca23890679aebb7c980f49579d0a4c4af6f7864dae8094dc31d74b3e314c21d1

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_000017

Filesize
176KB

MD5
5f1fbc15b93ab78518b773fd93338897

SHA1
c33f5966bada687b79a390b3cc229d8ec03fc575

SHA256
3e7ab5cd3e2f56a91feab7371a1bc16f0d6bb5215468e6981899b0a1d70c0875

SHA512
d954003511592a55895bee7f971c05ceb37a5da53beb46d92f9a2687ee86486be0ecd36597d75e18ccb01af6d79552a572b68f6623add8361916ddf1716b9aeb

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_00001b

Filesize
152KB

MD5
72b50e1a0d8eeb7107be5b44275b694b

SHA1
a56c08e0d4f9ae21001fab3484e8534f0d2a6532

SHA256
f756b47760f5affb9fcd83fa5fb2fe2df0ee97b0773d899463cf4021ffa7ed21

SHA512
49479165bcbfb776eafaced6981fa899e5529c68e402d8d40c59f443b1531f4f1a396c711db049fc1dc83b2ff18eacb2b2be429a003c1ebb3d27941ad6dfc434

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_000021

Filesize
132KB

MD5
191976d0f600600fd0fd2e6805628f62

SHA1
06e664fc4030ddb7dbda1b36110f8848878161d0

SHA256
601df13b264778535485e455059bdb284d7c578cc4286965e3218a45a9b7631c

SHA512
65f434a5e28e8d463e1a81f4a42097428f7dff1c80a52ed7d316df9d8b537dff1f7d0df9bd5116ee9926dd92e9bc2967757bb4bcdec08e8a4facf816e5f4f286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a74887034b3a720c50e557d5b1c790bf

SHA1
fb245478258648a65aa189b967590eef6fb167be

SHA256
f25b27187fad2b82ac76fae98dfdddc1c04f4e8370d112d45c1dd17a8908c250

SHA512
888c3fceb1a28a41c5449f5237ca27c7cbd057ce407f1542973478a31aa84ce9b77943130ca37551c31fa7cd737b9195b7374f886a969b39148a531530a91af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
64f055a833e60505264595e7edbf62f6

SHA1
dad32ce325006c1d094b7c07550aca28a8dac890

SHA256
7172dc46924936b8dcee2d0c39535d098c2dbf510402c5bbb269399aed4d4c99

SHA512
86644776207d0904bc3293b4fec2fa724b8b3c9c3086cd0ef2696027ab3d840a8049b6bde3464c209e57ffa83cbc3df6115500fbe36a9acb222830c1aac4dc7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
069a67bb441ba2449d02056bbeeb915c

SHA1
bd2d014e66e322d9ec4c054065a1ead8acde9031

SHA256
7f9036827557a6ecbd4a3e7b44dac388514ec0341d9ad0f8cc474c2ff2f866da

SHA512
271b747b1d528f3086797e61c5a7227bd22bb6f520511882b31dcc6e72cb16a329f4b00e348c60e05c3ea16f5a5f07fc2da65ffe96c4e378ef6d2e3fbec77cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
59d684ffb52ecb4ce0752f7c04501555

SHA1
8fa8d8da225e39f572713863be2de214ad793e10

SHA256
2d38eaa19ce3e21c56ba503b87f1b5626af1fd71b2f672d485aaf42238a4fe98

SHA512
e800512f1efbaad2494866da8f2d7a560f83426f36038e2762fe4d359c5179ae78532620974bde9005461c626bf9c74c581d38667c33b8c73b52a05aa87b74af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7ab8791a49576b9b0f0e1dfe3d2f3b0b

SHA1
1256d799ddbcc31c4829c4126ad02993a947caff

SHA256
aa88abff789eecabfb64d77ab0d3c12b89c4357f1fa41a2e01e34a756c20878e

SHA512
fc04209d2c30dabb465a40b32e10ea84f0c275c223332cef39df0623dd7fe05bc6e0206c3df25210e1746ad947c6a819e4b4061f152601b94db0b7c92e53a90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS00353967\Assets\backicon.png

Filesize
15KB

MD5
7ff5dc8270b5fa7ef6c4a1420bd67a7f

SHA1
b224300372feaa97d882ca2552b227c0f2ef4e3e

SHA256
fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1

SHA512
f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS00353967\Assets\close_red.png

Filesize
15KB

MD5
93216b2f9d66d423b3e1311c0573332d

SHA1
5efaebec5f20f91f164f80d1e36f98c9ddaff805

SHA256
d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb

SHA512
922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS00353967\Assets\custom.png

Filesize
17KB

MD5
03b17f0b1c067826b0fcc6746cced2cb

SHA1
e07e4434e10df4d6c81b55fceb6eca2281362477

SHA256
fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b

SHA512
67c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS00353967\Assets\installer_bg.jpg

Filesize
78KB

MD5
3478e24ba1dd52c80a0ff0d43828b6b5

SHA1
b5b13bbf3fb645efb81d3562296599e76a2abac0

SHA256
4c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904

SHA512
5c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS00353967\Assets\installer_logo.png

Filesize
14KB

MD5
e33432b5d6dafb8b58f161cf38b8f177

SHA1
d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a

SHA256
9f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183

SHA512
520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS00353967\Assets\installer_minimize.png

Filesize
113B

MD5
38b539a1e4229738e5c196eedb4eb225

SHA1
f027b08dce77c47aaed75a28a2fce218ff8c936c

SHA256
a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2

SHA512
2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS00353967\Assets\loader.png

Filesize
279B

MD5
03903fd42ed2ee3cb014f0f3b410bcb4

SHA1
762a95240607fe8a304867a46bc2d677f494f5c2

SHA256
076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1

SHA512
8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS00353967\Assets\setpath.png

Filesize
15KB

MD5
b2e7f40179744c74fded932e829cb12a

SHA1
a0059ab8158a497d2cf583a292b13f87326ec3f0

SHA256
5bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b

SHA512
b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS00353967\Assets\unchecked_gray.png

Filesize
192B

MD5
e50df2a0768f7fc4c3fe8d784564fea3

SHA1
d1fc4db50fe8e534019eb7ce70a61fd4c954621a

SHA256
671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396

SHA512
c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS00353967\BlueStacksInstaller.exe

Filesize
623KB

MD5
c8ec5e0af9329936df1fb6382f092687

SHA1
fc8a59149198e5acef2ca6a51f01d1e3ff0f50fe

SHA256
7b3fcbf635508cde1dd74e41b3914f5b85bdb8de1bcece745ac6a05ddfde63da

SHA512
1bd43948428d964b94befe7e2b9cd74e0cb5d6af76f5adb166323510b2f775ae479e781df104222197ac5e04e83e885cf6a5ec65c7bb3c5aebd45dead24439cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS00353967\BlueStacksInstaller.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS00353967\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS00353967\JSON.dll

Filesize
411KB

MD5
f5fd966e29f5c359f78cb61a571d1be4

SHA1
a55e7ed593b4bc7a77586da0f1223cfd9d51a233

SHA256
d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

SHA512
d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS00353967\Locales\i18n.en-US.txt

Filesize
19KB

MD5
206562eed57e938afe21fc6942fa8e59

SHA1
779e90fec866c0fd2f47da020651db71c89ec3dd

SHA256
27d611a71edf36307a7ed0651f6c5910292ac7e2b68074a7e33d306b3d93ec45

SHA512
275c3192a7aee28fad31beb521cf5e7c66010e7562ce244ba9fc4de352f35b4ab63180ed12a56ea0b1458c185e076e2d07ba6d8797467177d3c5b2ac14371b26

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS00353967\ThemeFile

Filesize
80KB

MD5
c3e6bab4f92ee40b9453821136878993

SHA1
94493a6b3dfb3135e5775b7d3be227659856fbc4

SHA256
de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6

SHA512
a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4AAD8888\Assets\exit_close.png

Filesize
670B

MD5
26eb04b9e0105a7b121ea9c6601bbf2a

SHA1
efc08370d90c8173df8d8c4b122d2bb64c07ccd8

SHA256
7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

SHA512
9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4AAD8888\Assets\minimize_progress.png

Filesize
212B

MD5
1504b80f2a6f2d3fefc305da54a2a6c2

SHA1
432a9d89ebc2f693836d3c2f0743ea5d2077848d

SHA256
2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

SHA512
675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Assets\checked_gray.png

Filesize
538B

MD5
ce144d2aab3bf213af693d4e18f87a59

SHA1
df59dc3dbba88bdc5ffc25f2e5e7b73ac3de5afa

SHA256
d8e502fab00b0c6f06ba6abede6922ab3b423fe6f2d2f56941dabc887b229ad3

SHA512
0f930edd485a0d49ef157f6cc8856609c087c91b77845adeb5cc8c8a80ebc7ec5416df351ffa1af780caad884dbb49dcc778b0b30de6fb7c85ffef22d7220ebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Assets\checked_gray_hover.png

Filesize
412B

MD5
ea22933e94c7ab813b639627f2b38286

SHA1
c5358c5cb7fb1a0744c775f8148c2376928fb509

SHA256
d7c79677d2ef897fa0ad1efc90e916c46da29f571208f78f24505603b7165c20

SHA512
ba447a1aedec49419e2b4a8de85c6047886f1a5ebb94f1c45e205a3780c6826f412a3892e97115b35e43839f43e346f3c72ffbf0c57d57f6d26b360ae61b3964

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Assets\close_red_click.png

Filesize
15KB

MD5
6db7460b73a6641c7621d0a6203a0a90

SHA1
d39b488b96f3e5b5fe93ee3eecb6d28bb5b03cf3

SHA256
d5a7e6fc5e92e0b29a4f65625030447f3379b4e3ac4bed051a0646a7932ce0cd

SHA512
a0e6911853f51d73605e8f1a61442391fad25ff7b50a3f84d140d510fd98e262c971f130fb8a237a63704b8162c24b8440a5f235f51a5c343389f64e67c1c852

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Assets\close_red_hover.png

Filesize
15KB

MD5
5ceab43aa527bc146f9453a1586ddf03

SHA1
88ffb3cadccb54d4be3aabf31cf4d64210b5f553

SHA256
7c625ae4668cc03e37e4ffc478b87eace06b49b77e71e3209f431c23d98acdd0

SHA512
8a5c81c048fb7d02b246ed23a098ae5f95cdf6f4ca58fd3d30e4fe3001c933444310ca6391096cfaeed86b13f568236f84df4ea9a3d205c0677e31025616f19e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Assets\custom_click.png

Filesize
15KB

MD5
ced07c9db242115400e159d9a02bb7b7

SHA1
6f2bebd1714dd7522479b5f3e3f2b3f0d18e8c77

SHA256
1318e0f34a551edae1e82818fdf7de5ac627493db5b24556d919f525052d5b90

SHA512
d52e63792a5b4172d4ac4e2d369b22b170578616d04de5a40be15b260a2741bf8158b3aed9509760c334283360dd13a4fa21538fc4547ba464be5dd700a22b70

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Assets\custom_hover.png

Filesize
15KB

MD5
f3e05f142e742e25a98d4f5af3ae0623

SHA1
88363e81ddef700803f4859d2f3f0b4af516bbf3

SHA256
d588ef0eaa334ed8482f32e5839a7ee0d0b544d5b8d5f7720b8c57010e080424

SHA512
5f07a7163c9834564dc4de5a1a484ac8208151bc244f8e72d64556abf88c35f6a81dd6718a3e6f681265c10e2dbbadb07570fa64c31113342a88fd605019496a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Assets\error_icon.png

Filesize
1KB

MD5
dab2c4538a83422b5deae0e0de9b7a30

SHA1
78c2ab2271aa4020df1e0289bc3c1ba9a43fd424

SHA256
666ad4fe456216ddc06618967846ed31f81d8db5be97da6531842c0667352b89

SHA512
24cb30a68ce117ba16edd1e94c7d066343eb265c874cd55467db2f913c01b9d776b2ad846e3414cd820c0ba10d93f132aea27739d16165b6e9dd5fbc8890bfdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Assets\error_icon_72.png

Filesize
1KB

MD5
4aaf83d2b3fd56ad806708e60474df39

SHA1
144777a265879b69fadea3eb3ac6939458918578

SHA256
84e59d14d9433e6c3d92daeb8c443063b5e3be6c0b297f0403dbde473a05cb3f

SHA512
3b8485f054fe6ed2374bc81cb1786f09741219fbfcb22503707b11cf5db1ab262ba4349633597d5d9ddabc3415b170fa8eebc932f58d211d7092b8fb96fa1304

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Assets\exit_close_hover.png

Filesize
575B

MD5
92c2bf222d6ab81fe7a0c072bf31c107

SHA1
8853eb08a2aa3e99fae6dabb9cff6461704f2a2e

SHA256
bcc053a9a087e077d58114106d29701a34f7851f4052f3157102811355d3e709

SHA512
6548d0038f4bda1db69de0729cc9648725d744953649a396b9147afb16abf018a5aef7ff7d3bb019031863f20c81bc202d6e37d171027ab9fde3b37402e179c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Assets\installer_minimize_click.png

Filesize
112B

MD5
08fc39a69fa17e0f529915919cea1633

SHA1
2966a3f739698e2ce368585fb7f6ac4eae4497b1

SHA256
2599d6a55a8e12b1f05a6e8982d55559151a25ae3690e6637510b6283622dd95

SHA512
f5eae902f9b631410b03b6d4f9be1b4cf6547a94f1a2eee6bf70b0f3036499c01a42c9d58cf98ffbe10edbe79577a01e64faf0e527a70bc9470a1c3d9263b805

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Assets\installer_minimize_hover.png

Filesize
112B

MD5
18fb6465b029206477d0222e8da6fdf9

SHA1
b7f91e5e3002a5d3c84a30ca6cebe1a89a65ba7b

SHA256
57aae4bf49dcbb0ad6cff6263200015c89d7752dc75c2ad918bf846e1ce9646d

SHA512
f045dfed35ea9ff31336cd354a0dd2e9a7ac2582cea1d25a444fffa3bd01e03d73611f786873a81a27a370e5ddb3a6043713e29f064d274088df1c925eb6785f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Assets\installer_upgrade_image_bg.jpg

Filesize
19KB

MD5
3bb85d2c8cef28c89a2d07adf931e955

SHA1
596d13e7742455afce8a534382b28cfd2f6aa185

SHA256
b7f75233e633107d50f24ca82099225c83a832571cd2ce92901f2db3897f058b

SHA512
7075fe989d69ad5f0f4cca5fbbbabad16e0949c2ab8538f3f96020b831a4ec1cc3a701dcb7332e577b5eceba230449efbbf8e288dad47a53d76e40c2337dc730

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Assets\link.png

Filesize
306B

MD5
ae2c73ee43d722c327c7fb6fdbee905c

SHA1
96f238bf53ac80f5b7a9ad6ef2531e8e3f274628

SHA256
28c0abc6bfe7a155815104883a37a53dd783d142300471064c95eddf3cae0eaf

SHA512
5a1e341f727cf1cb4832cced8e96c5a74971451629603c48bfb91ceb4561d0122ab9ae701f8b34681d5f13115a384467d430ccb8282494b40f4577ebc3ad825b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Assets\minimize_progress_hover.png

Filesize
214B

MD5
fc2a0361a751177d3aacdba9c31b2682

SHA1
0a8f672d7a8777d1106e3b8ee36bd6e45bd322ab

SHA256
1a4aaa46893e2a9b011c478fbb0cd0e84c199f9f3520703189640088969ef5cd

SHA512
a15542c90972387133d86f6a94c17435432b1493b02502533c4d7978428ed7d44a7d3c5564fe08946561638f8a5a3dd0b35b81979c2929dcc386ee5f6f7ecccb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Assets\powered_by_bs.png

Filesize
9KB

MD5
7a2e5c21140aa8269c2aafd207f5dbaa

SHA1
4e0d9e7e1b09e67eba10100d73dc51623517821e

SHA256
3d2afe5236ec813d9e8063bc43eb34b88c2155784e1bce19c6a533c32767af35

SHA512
63f512559f2068a9702c7c527c126f6017cd8d1d16af52e41b884aa9a64ff4294a57243ec78c3a416f70fb6178a79877d68345357725ff92c935709a2ef8adde

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Assets\setpath_click.png

Filesize
15KB

MD5
624e84e9b49bc150043aa9fb0eed2822

SHA1
f23f2a4ec609e3e9cff9319533e561968ccabb22

SHA256
c94924e95a49b175c8fc00bdc2821bb70a85b864cc193becc553b32f0024dde1

SHA512
288e1954d29bd3d22b56fadb2e0d3d10580a540fa1f2bab1284d957708bad96df5e38b67c6dc14784e1e275b89082c57370b786c0d0c4307601c0d2bf3704460

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Assets\setpath_hover.png

Filesize
15KB

MD5
b1e53a76b6ddb3ecff52bfc1a8e5b09d

SHA1
012b5879e879fa25bf48e4bb62c35ee829eea571

SHA256
2da3f9367c847e47131370dd163f611c4639287512a47f487e0025c5665830e0

SHA512
4369891858b4adaf9144636c44b55979290177bcff57f67f341071e42e90f992531024e122c0bc5436ddb8c55e994e7b913ec37137a642dc0164e6e2516f0b68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Assets\unchecked_gray_hover.png

Filesize
176B

MD5
62d7f14c26608f8392537d68f43dece1

SHA1
add4f30e7c3af4f7622e6bc55d960db612f3bb0a

SHA256
a631e26bd5b6ea19c8c65b766a056c92ba8a47e1483768dcf12b05293c9a7a0d

SHA512
e41210a78e6076954f75a2f73c0f7628e8604a09ecbb1d2ee0972741d4ef1d814b366828977c02944736b03ed116bc559a2ae47ddb7cbc6f4e54578c8263edf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Bootstrapper.exe

Filesize
153KB

MD5
e896caa05303bdbd59395225248889bb

SHA1
85681e927d9c44b1260609ee88d12eed9a612100

SHA256
b96937b386fdd06060a61756d3c0e2cf0b99908833cd91490fe88db6a44d394e

SHA512
584611be4bf3574693c2fc9d835379d644cb568fef177b420e74548483b41f89ea8ccefb55c4464fca60e2db9fa2e0fd40d7d3da1c2de5cc25e8c4822ceeaaa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Locales\i18n.ar-EG.txt

Filesize
25KB

MD5
7a7d65e41e785a7a848f0b021cc0c0d7

SHA1
9d61357d9aaec43adb92b95dd63103c566aa2083

SHA256
e02e378326e351980325f9cbf4e27327ac03aabf85286e7636c99220da950806

SHA512
8f67d2e4ef55abffdc1062997cab7a44cc81e42b16174d88dad41939992903b7a9ce9c7775db10835d30cf4aaecfac7c8d6f2cd1611f17e40d3c66ee0fb928cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Locales\i18n.ar-IL.txt

Filesize
14KB

MD5
9fb07e066cc2f213a64d35a97a8c2922

SHA1
a70db989f5c562bc69caad89a1402c8ad7c9b80e

SHA256
65e7b0f37b5e2aa805ac8d57969804d803430186f34e9703ca9fa09ba908ef90

SHA512
81680bff55b475a62a4bf29a8c219230b84894c1165f60e372209a5aacdba8e4819c3dfb76f3b55c15d472ababeabf0cd4b30c04e7daa26df63c8a5101970c3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Locales\i18n.de-DE.txt

Filesize
22KB

MD5
a9ce4896a111f0ea2149e25ddfcf27aa

SHA1
5f242727905a3f30263793e3095fff8fe7a3a0f2

SHA256
941d60fe4e4f1a66166e8fe75f885ab1086a4037a4627004e391d7493e3e8911

SHA512
05d0f13214d60fc4533652f5b1dc161f3f14c8b194d74e45a34412f97267fd69b7b19f1f647f348ebfbbd2551c4060e36e746a6a79963db7e78cd95c92dc4d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Locales\i18n.es-ES.txt

Filesize
21KB

MD5
5f5cacda94bb2384f9d6bdece58ac526

SHA1
c10f095a312e623b79c42ab7ca3f48130b348d62

SHA256
2b698fd5d6f4fd959c4a24b47b02c2e1a9f51a72a66cfab3ed72d8f667d221cd

SHA512
1ca9373b2eff0620d02249ab82fe46644f6452db36a2b61334cc258d2e9910200c33543f7794e0bdc69761f5b86aedacca0fe6491293ecd1df2992eaa5aaae99

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Locales\i18n.fr-FR.txt

Filesize
22KB

MD5
6b1fc0b4e861692c83e8f36848e7faad

SHA1
79e064008b2c2bcc63146664cdf1a63f1d5ab58f

SHA256
f5684f68c50b3f8f5c1ce0e1266e003f2099d3ae401c848b2cd30260a998feed

SHA512
0a15eded536ea683c4493af1f45f8bcfdc24ae69747386a6747dfb2bd3475f88f4d15d2ac77515eb5ce75b65870f2fe2337bdef0fae5758edd72684683a9180d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Locales\i18n.id-ID.txt

Filesize
20KB

MD5
623b1aacfbaf85b09a4e0c180e9ef178

SHA1
e41bfa201d627d093bf446eb39fab268528e5e32

SHA256
ce6bf3cbca52a1ae369199ee190272f6842a45e64da9ab6cac8b48842aa099ca

SHA512
83b91c326561b725483fa703d7bfc66a3eafc55a25772bb22251bc88869a30bf11c2c5aeabd5a07da8fd7f2d2b93ab2ba47edaf025f8055f6ebf07df99f9b77e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Locales\i18n.it-IT.txt

Filesize
21KB

MD5
ea49ac9605d0ddbff07b0e19d6d34517

SHA1
c17fef2467a8973db193de95f7b66e6f511529d5

SHA256
408c2ff8977fd6fba4ece99f547182394ab62d22401454344f48ea085707ebbf

SHA512
e45a6d19a570f496a30eb2b39991a04743d491ff85b29390e52be2a5e146f7819c2197cd0b0357120a0c5ad9c792059584e6c4fe8f8098ecaf435aad6a44731f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Locales\i18n.ja-JP.txt

Filesize
25KB

MD5
da7a6902f658d02dffe24e7b29ae25a8

SHA1
2942cfd645e7de104aadb45d65976c073dd54a64

SHA256
0c28d5d9178465b76fab0f5d736962095ecd333d7b2b1775c31becd38aded023

SHA512
1079fc5da14e53157486609ec2faac6c88272c74c2acaa8a02f7cc698cd078f118bbdc9d979a40b183055dfd3104d1792d530b9bdeff4b1d1f12131a7f3253e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Locales\i18n.ko-KR.txt

Filesize
22KB

MD5
21af008aed42c6654b0a6eadd1fca98a

SHA1
9f1dd90654b10a1d56c0b7345de9226deafeac52

SHA256
7f9e11fcb9567e432cacc5ec0b399fcbfedcdb0838f21ee84641cc4eb7794155

SHA512
da2bcca88b89caff19edfc38cae25fb8aaf1805dc80c28b0e1a51f5de64ce7b5c671bceb2ceb897969906fe80477e47efb9df7cd377d62f8aa3ae9ae1200d440

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Locales\i18n.pl-PL.txt

Filesize
21KB

MD5
1d824987054f6109e386a2af3a2930ff

SHA1
f0103827d00e343161463cbb436a751135ab7c68

SHA256
a5c2f911ae2e891f152d08203e8e99e78735f09de4b7421fc6cf343987b48e34

SHA512
df45abf4e8b24683eb3314478bfa9820caa83799e7d685473ec963bc9f07d72e763eab14a80aaaa7e1e44232223efb43cc6e9ec777c028516e7831694994d8f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Locales\i18n.pt-BR.txt

Filesize
21KB

MD5
35c829fe17dd39d16ed9ed9d3c3a423f

SHA1
e2f498fb2ebd74647eea70edbe29d49dec3856f0

SHA256
a3a3183e5f85ef1d84f386deab1052871fe8ee1cfba2800cd6443459e3609346

SHA512
4a9db0e592d62cfec1ddf7fb1a67d2ed9338af50edce9582321d9ca798548cd65c53b810631cd862791c925cae2075a10f3183b02b5851cdb2cb2f54db229698

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Locales\i18n.ru-RU.txt

Filesize
29KB

MD5
c14b9c7f08c0e2a57ccfee06a7c5a05d

SHA1
c630e7233059006b1213807f8dfcb38295dde240

SHA256
b61b82dbc223e35f7451fb848978a79703b345c7a7728d60d59fb95171e11969

SHA512
15e3fe85a248c065429cfb52b5fa3f454d2440ac39612452974c7fe1fc890316c57a2b6c4137de36b3642276aa6791345e1b41af6628e80c4e7a3c6247dff6d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Locales\i18n.th-TH.txt

Filesize
34KB

MD5
19402422b374354b36b182df60197aba

SHA1
75b68c2f7f9ef4730f0fe738f9477c543feb46c8

SHA256
d1de34e55cdb1a8abf9ad3bdf0c875b8f14825ac25df5526da98ced87588aefb

SHA512
c2f6991d15bc870a0998bfa74a939c66131f2d17485b3771e41fe876cee02050ece0c8a25cbca6720254ea8e25542fcab6ad569864a8443b5e3a0e266282490f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Locales\i18n.tr-TR.txt

Filesize
21KB

MD5
3aeda0b485130bfc9dedff4b8fef1961

SHA1
ace8100a277ea0f8e06902d68c1c39061a44fb26

SHA256
3c465dcb8fe7197b0862637548d7c383574965666dd8305f5eb617444e9acfc1

SHA512
319cad94c82fd188103a0178a4aaa6433d57358a7fc99348522336fdc786946f2b08fd405fd104573d7aeab62248577a7ff6a27ad35cff50790d0eada45440f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Locales\i18n.vi-VN.txt

Filesize
23KB

MD5
fcbbad664f3eb4d57764f73eb0765942

SHA1
cfb0601f07f12a78993d701168aa93109fa891c0

SHA256
401a8d87d3057dc1b2dae6338c93ad8f5a5f7de628ea2d5fb94ab781f9d1a776

SHA512
aa077fa7ddf698ba5e619239025775ce81972af515d82d1211039e0c65e5a30524ced698dcc1b7a1e1c943992ab6ea8fd5d28dbdd5abf57ba0c246360e21f08d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Locales\i18n.zh-CN.txt

Filesize
18KB

MD5
0d168bc28c89f0fd4bf3b7f2d9c65eda

SHA1
733690096aabff107a7b9a8d8a45c7a68aa9335c

SHA256
9a5032c277e2af24fc596e1d2f535dd8873530cdf055ef7b9a27b84a1e4bce88

SHA512
bb1e632e0c6aef6915ff178e9fb2b71173d1a3a00bfb294b59933e2d84f05642001d4201e42a2cbb7716cb4df039e4acc9ee24f91c784a48521039a2deedcdc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS827FF13B\Locales\i18n.zh-TW.txt

Filesize
18KB

MD5
35dbabb7d08aae38d44bb326ccd10eea

SHA1
193c8df23ae63107227a1faa03658c91635af058

SHA256
c5ad750e534b3a1ef73e2b8b8aacdb5f591a72c366583f9ae1ca8138eae5979c

SHA512
75aa4b75b3a9d76d0306360c6dbb49b86a7ecf7c88d8f31f28918f5a93d623e578f8e5faeae95c11b82d17f161834f65970088fbd293a12fca9f9322b5fad3af

Download Submit
C:\Users\Admin\AppData\Local\Temp\n5or3s2s.5jb\BlueStacks-Installer_5.21.210.1023.log

Filesize
127KB

MD5
2658486b6aa44750115ec98507fc16b3

SHA1
8455e4ba174548c60ec34cf7e091fcf32a32cf77

SHA256
0e030133b5ed14e40673e00230ad0ad66e62f0057f6c1fcdf6bf41090cfb0080

SHA512
868cb27a50a12adb22c1f6a5d5238a4d27995cd0bb9ca316cc6ffef7dc21acb0b1b7093d9f9ee091ace5b1c59bea8cc79cb4dfb0bbcde544f62ffd24bbf0c77e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa10EF.tmp\Registry.dll

Filesize
24KB

MD5
2b7007ed0262ca02ef69d8990815cbeb

SHA1
2eabe4f755213666dbbbde024a5235ddde02b47f

SHA256
0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

SHA512
aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa10EF.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa10EF.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa10EF.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa10EF.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa10EF.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC40C.tmp\BgWorker.dll

Filesize
12KB

MD5
36c81676ada53ceb99e06693108d8cce

SHA1
d31fa4aebd584238b3edc4768dd5414494610889

SHA256
a9e4f7ec65670d2ce375ffaf09b6d07f4cd531132ca002452287a4d540154a38

SHA512
1300de7b3e1ac9e706e0aad0b70e3e2a21db8c860e05b314a52e63dd66b5dffdf6be1e38ab6ede13bfd3a64631cc909486bf4b1403e7d821e3b566edc514c63c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC40C.tmp\System.dll

Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC40C.tmp\nsDialogs.dll

Filesize
9KB

MD5
f7b92b78f1a00a872c8a38f40afa7d65

SHA1
872522498f69ad49270190c74cf3af28862057f2

SHA256
2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e

SHA512
3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC40C.tmp\nsDui.dll

Filesize
3.0MB

MD5
97293a34cbd5897ee92dd96bb666fbbf

SHA1
06d39908d3ac86332758159d5e4accb80753aaf3

SHA256
8b08f564483fc6f4e61d0dc33ee8da4572055ecfb669c9d73645130aad17b4e6

SHA512
bd3688fed0397f19bef1f831d889a8f2d168262d243b9dd388ad77ab6422eca6907dbcac670092b3d7d1f3a4c0c524a68d7f10942d67f591931cfb7c9fa3046c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC40C.tmp\nsis7z.dll

Filesize
434KB

MD5
95f6f6ab9509bc366ab9215defe4251a

SHA1
e3f4a6effd6ca5838cfe91a01967cb72edcc7b0b

SHA256
a896a9ece055d334d431cd0f856113ab925d9ee86d2dee383c0bfbbef11a5b50

SHA512
a853f70d2ea7f384df99be067724bf3ca73c63f3c3573c112f5528fc86a96bd34509d934b038e2a81833f3abb3eedbc5894921291139100e01df6e35696c0ecc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State

Filesize
614B

MD5
6c1caf46fb9d322cb5806bcb42b22b97

SHA1
72575bd3676ac7347b12722b3a4dcfecae567d83

SHA256
db7b20f9f76112228e6daec81a36c29703ea31e7f0d57ecd74251300905cc859

SHA512
4c3f6ded0af9755b5190f33ace1061b47c169aa620c4a0775a5319b0726bc418d6d0236d8c05ec427c974b3d8737ec45a978c126f4355571f4593715fecb4a77

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

Filesize
1KB

MD5
e66cf895db2203e54231c05e740feeee

SHA1
019ef0793b0ce7327386665002c91a9b09e1ad03

SHA256
282b5b9b7bc597eebdefa62f3e14fa519557c33db5c8c480805f9f066f53ae8d

SHA512
df7321455af0dae91cfec93a73802a43e41ad916a22e1ddda9d13b69fb2286d8ec2d875918db5999a04f40b73fff38d9234bc29fcf2d2c04e977e6a0e52acc55

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

Filesize
2KB

MD5
61f6bbdfa833274e8cd05bc4b5477ea9

SHA1
58fece7f73387efa08f2bab74b9757e880697b52

SHA256
1c3abebb5a27f708dd269daa0cc1c130bf671cb196b781f0e1b7d5d409884263

SHA512
67103c3f385ce0d5f742f291bec2af17e0121e225a341ec36be02e12ab106e2c40ee6b6c7cb111db6bad6bf12820de13228e2e0c10cd09723157f659af36f260

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

Filesize
2KB

MD5
8c86fb2513a4d3dc06bb239ce59b2b93

SHA1
2425171015aaf641ac9f7f6157f69fb13bb85584

SHA256
97921aa2f3551c572080d57e2afd3c275d8a8764672d22b27f1eb36c8b675fb8

SHA512
b71c4a2ac81c39ca109bb39c4e45f48063b914a864dbd896c3040e27032493429ffaa1e440271b793b892f6de10a20a3a954302e5a87b41ac06ffd675945c06f

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

Filesize
57B

MD5
c063e8d2aba586ca252121e795966428

SHA1
47dbade2b49d9d081fc53986a0df66b72c53910c

SHA256
6f654f2e6db340908505c8bedca9c3d67650363d83883a6f97d63b65d259a08c

SHA512
6aea3f99e133e51e605be4c51a6383327eae00f22132381ac2f0227cb971b105ff5c995ea20f5d8da8eb9814a25f1ed091335e61aa93e5eedaa0af85c677a8f6

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json.tmp-8217163214cfd085

Filesize
92B

MD5
6a32bb7001742782d0bb3719bb7db593

SHA1
6d176c0495855e7c71e541fefaf183b0cad002c1

SHA256
14e24f563c400af8cf2a96cf06c961f45609623ec2160c1c1ff440b77de3b095

SHA512
6133220892107466772c96ae6bc7b44a759ef1dbb55e21eae0f07b0c027c6285351b10fe96f32e2e81db43c4d8f19b230b0b67a52a608bda93509c2d5988fbf5

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json.tmp-8217163270e04958

Filesize
119B

MD5
7bd31951e5b322fe2f3dd5172111e153

SHA1
ce02beeec434643922c6d4ea1adc923fc4bd493a

SHA256
01e8ed36c274293aa9186ae7c5995416774a5e088a502d45bf96d07b348c6c5e

SHA512
2c357884abac52dcf5de8b32c49b8e2f76da12556b620f02bc733e03bf931fd4d0bc9771e131f0aa33d91c2b555255026950bbc5d10569f9e9db10a793a99477

Download Submit
C:\Windows\System32\storage.json

Filesize
51B

MD5
aa9ab927f7bc1bc84ada9519e58f9650

SHA1
a9515474d15f9cd43c4f1c30b2c7041d6c6b05c4

SHA256
3cb23b535845ddd6fd6160dbb5fb6b14096161d3e632e0dc424a788875c85094

SHA512
b5bb47ea20ec20587e29dd3b6f8f68e7f8ac567e087b1e432320c3264769ae5e03b16693f5c9d4ba38a0c67d2f2a071b3ee7d104e75cbfaa0aa9342515f0085c

Download Submit
memory/1920-24409-0x0000025C8B210000-0x0000025C8B211000-memory.dmp

Filesize
4KB

Download
memory/1920-24415-0x0000025C8B210000-0x0000025C8B211000-memory.dmp

Filesize
4KB

Download
memory/1920-24418-0x0000025C8B210000-0x0000025C8B211000-memory.dmp

Filesize
4KB

Download
memory/1920-24408-0x0000025C8B210000-0x0000025C8B211000-memory.dmp

Filesize
4KB

Download
memory/1920-24410-0x0000025C8B210000-0x0000025C8B211000-memory.dmp

Filesize
4KB

Download
memory/1920-24414-0x0000025C8B210000-0x0000025C8B211000-memory.dmp

Filesize
4KB

Download
memory/1920-24416-0x0000025C8B210000-0x0000025C8B211000-memory.dmp

Filesize
4KB

Download
memory/1920-24420-0x0000025C8B210000-0x0000025C8B211000-memory.dmp

Filesize
4KB

Download
memory/1920-24419-0x0000025C8B210000-0x0000025C8B211000-memory.dmp

Filesize
4KB

Download
memory/1920-24417-0x0000025C8B210000-0x0000025C8B211000-memory.dmp

Filesize
4KB

Download
memory/3896-159-0x00007FF961CF3000-0x00007FF961CF5000-memory.dmp

Filesize
8KB

Download
memory/3896-131-0x00007FF961CF0000-0x00007FF9627B2000-memory.dmp

Filesize
10.8MB

Download
memory/3896-119-0x00007FF961CF3000-0x00007FF961CF5000-memory.dmp

Filesize
8KB

Download
memory/3896-3075-0x00007FF961CF0000-0x00007FF9627B2000-memory.dmp

Filesize
10.8MB

Download
memory/3896-120-0x0000000000720000-0x00000000007BE000-memory.dmp

Filesize
632KB

Download
memory/3896-122-0x0000000002A70000-0x0000000002AD8000-memory.dmp

Filesize
416KB

Download
memory/3896-123-0x00007FF961CF0000-0x00007FF9627B2000-memory.dmp

Filesize
10.8MB

Download
memory/3896-130-0x000000001C970000-0x000000001CE98000-memory.dmp

Filesize
5.2MB

Download
memory/3896-12903-0x00007FF961CF0000-0x00007FF9627B2000-memory.dmp

Filesize
10.8MB

Download
memory/3896-160-0x00007FF961CF0000-0x00007FF9627B2000-memory.dmp

Filesize
10.8MB

Download
memory/3896-134-0x00007FF961CF0000-0x00007FF9627B2000-memory.dmp

Filesize
10.8MB

Download
memory/3896-146-0x000000001F610000-0x000000001F618000-memory.dmp

Filesize
32KB

Download
memory/3896-137-0x000000001BF10000-0x000000001BF1E000-memory.dmp

Filesize
56KB

Download
memory/3896-136-0x000000001BF40000-0x000000001BF78000-memory.dmp

Filesize
224KB

Download
memory/4864-12973-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/4864-12822-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/7176-24594-0x000000001B230000-0x000000001B314000-memory.dmp

Filesize
912KB

Download
memory/7176-24593-0x0000000000580000-0x00000000005A8000-memory.dmp

Filesize
160KB

Download
memory/7380-24595-0x0000000000F50000-0x0000000000FA4000-memory.dmp

Filesize
336KB

Download
memory/7380-24596-0x00000000031E0000-0x0000000003260000-memory.dmp

Filesize
512KB

Download
memory/7956-13415-0x00007FF980DD0000-0x00007FF980DD1000-memory.dmp

Filesize
4KB

Download
memory/7956-13419-0x00007FF981650000-0x00007FF981651000-memory.dmp

Filesize
4KB

Download