Malware Analysis Report

2025-01-03 09:24

Sample ID 240620-rxkszasdqg
Target Screenshot 2024-06-10 10.51.18 AM.png
SHA256 599adf86bd62df11577a48b131fa3338cbb035812322e0ef4e96aab18704dbc9
Tags
bootkit discovery evasion execution persistence privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

599adf86bd62df11577a48b131fa3338cbb035812322e0ef4e96aab18704dbc9

Threat Level: Likely malicious

The file Screenshot 2024-06-10 10.51.18 AM.png was found to be: Likely malicious.

Malicious Activity Summary

bootkit discovery evasion execution persistence privilege_escalation

Modifies Windows Firewall

Downloads MZ/PE file

Stops running service(s)

Loads dropped DLL

Executes dropped EXE

Adds Run key to start application

Checks installed software on the system

Writes to the Master Boot Record (MBR)

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Launches sc.exe

Drops file in Program Files directory

Event Triggered Execution: Netsh Helper DLL

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Modifies data under HKEY_USERS

NTFS ADS

Suspicious use of WriteProcessMemory

Modifies registry class

Checks processor information in registry

Enumerates processes with tasklist

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-20 14:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-20 14:34

Reported

2024-06-20 14:44

Platform

win11-20240611-en

Max time kernel

599s

Max time network

600s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-06-10 10.51.18 AM.png"

Signatures

Downloads MZ/PE file

Stops running service(s)

evasion execution

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-ForceGPU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe N/A
N/A N/A C:\ProgramData\BlueStacksServicesSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
N/A N/A C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden" C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\MEMZ.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\storage.json C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
File opened for modification C:\Windows\system32\storage.json C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\BlueStacks X\image\now.gg.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\translations\qt_it.qm C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\Qt5QmlModels.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\QtQuick\Controls\Styles\Desktop C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\checkBox\checked_hover.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\CloudGame\TitlebarRestore.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\MyGames\NavigatorBack_Click.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\misc\libexport_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\xplugins\SettingPlugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sk.pak C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\language C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\msvcp140.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files\BlueStacks_nxt\BstkVMMR0_nxt.r0 C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\de.pak C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\maximize_normal.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\MIM.ico C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\plugins\services_discovery\libwindrive_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files\BlueStacks_nxt\brotlidec.dll C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
File created C:\Program Files\BlueStacks_nxt\HD-GLCheck.exe C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\Search\Result_NoResult.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\translations\qt_hu.qm C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\imageformats\qsvg.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\plugins\stream_filter\libadf_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\dialog\min.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\Search\mini_and.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\QtQuick\Templates.2 C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\codec\libavcodec_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\Qt5SerialPort.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files\BlueStacks_nxt\QtQuick\Controls\Calendar.qml C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\QtQuick\Controls\Private\Control.qml C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\cef\locales\lt.pak C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\SideBar\left_arrow.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\default_img.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\LocalAPK\icon_add_hover.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\Qt5QuickControls2.dll C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\video_chroma C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\account\config.json C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\close_hover.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\CloudGame\TitlebarForward_Disable.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\access\libnfs_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files\BlueStacks_nxt\Assets\installer_logo.png C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
File created C:\Program Files\BlueStacks_nxt\BstkDD.dll C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\account\now.gg.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files\BlueStacks_nxt\Assets\close_red_click.png C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\vi.pak C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\plugins\access\libaccess_wasapi_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\plugins\access\libidummy_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\plugins\stream_filter\libinflate_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libmotiondetect_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\account\Choose_img2.png C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\maximize_normal.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\Qt5Widgets.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fil.pak C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\fr.pak C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\hr.pak C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\www\js\flexible.js C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ca.pak C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\MyGames\addApk_hover.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\MyGames\next_enable.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File created C:\Program Files\BlueStacks_nxt\QtGraphicalEffects\LinearGradient.qml C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\mux C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\api-ms-win-core-processthreads-l1-1-1.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libantiflicker_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\HD-GLCheck.exe C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\BlueStacksInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\BlueStacksInstaller.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633676937455490" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\ = "URL:BlueStacksX Protocol Handler" C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\URL Protocol C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\bstsrvs\shell\open\command C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\bstsrvs\URL Protocol C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\bstsrvs\shell C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\bstsrvs\shell\open C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\ C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command\ = "\"C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe\" -open \"%1\"" C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon\ = "C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe,0" C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\ C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\bstsrvs C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\bstsrvs\ = "URL:bstsrvs" C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\BlueStacksInstaller.exe N/A
N/A N/A C:\ProgramData\BlueStacksServicesSetup.exe N/A
N/A N/A C:\ProgramData\BlueStacksServicesSetup.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3264 wrote to memory of 3400 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3400 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 3444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3264 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-06-10 10.51.18 AM.png"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc586dab58,0x7ffc586dab68,0x7ffc586dab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2124 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3432 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4400 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4404 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4480 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4744 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3800 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3168 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3316 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=868 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4856 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4148 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3260 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1484 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3256 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4888 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5092 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4688 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5028 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe

"C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"

C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\BlueStacksInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\BlueStacksInstaller.exe"

C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\HD-CheckCpu.exe" --cmd checkHypervEnabled

C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\HD-CheckCpu.exe" --cmd checkSSE4

C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe

"C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe" -s

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\BlueStacks X\green.vbs"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c green.bat

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="BlueStacksWeb"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Cloud Game"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="BlueStacksWeb" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="Cloud Game" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\Cloud Game.exe"

C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe

"C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe" -versionMachineID=865ecc15-deab-4aa4-888d-e85e0b00808f -machineID=f66f478c-5206-41c0-9239-cffffb5adaf2 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.41.210.1001 -country=GB -skipBinaryShortcuts -isWalletFeatureEnabled

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\Bootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\Bootstrapper.exe" -versionMachineID=865ecc15-deab-4aa4-888d-e85e0b00808f -machineID=f66f478c-5206-41c0-9239-cffffb5adaf2 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.41.210.1001 -country=GB -skipBinaryShortcuts -isWalletFeatureEnabled

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\BlueStacksInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\BlueStacksInstaller.exe" -versionMachineID="865ecc15-deab-4aa4-888d-e85e0b00808f" -machineID="f66f478c-5206-41c0-9239-cffffb5adaf2" -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName="Pie64" -imageToLaunch="Pie64" -appToLaunch="bsx" -bsxVersion="10.41.210.1001" -country="GB" -skipBinaryShortcuts -isWalletFeatureEnabled -parentpath="C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe" -md5=64ba815394fc55b27f001d51176920bd -app64=

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\CommonInstallUtils.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\" -aoa

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\QtRedistx64.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\" -aoa

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-ForceGPU.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-ForceGPU.exe" 1 "C:\Program Files\BlueStacks_nxt"

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe" 1 2

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe" 4 2

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe" 2 2

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe" 1 1

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe" 4 1

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe" 2 1

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-CheckCpu.exe" --cmd checkSSE4

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\PF.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\\HD-GLCheck.exe" 2

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\\HD-GLCheck.exe" 3

C:\ProgramData\BlueStacksServicesSetup.exe

"C:\ProgramData\BlueStacksServicesSetup.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq BlueStacksServices.exe" | find "BlueStacksServices.exe"

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\\HD-GLCheck.exe" 1

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq BlueStacksServices.exe"

C:\Windows\SysWOW64\find.exe

find "BlueStacksServices.exe"

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\QtRedistx64.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe

"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --hidden --initialLaunch

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\PD.zip" -o"C:\ProgramData\BlueStacks_nxt" -aoa

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe" x "C:\ProgramData\Pie64_5.21.210.1023.exe" -o"C:\ProgramData\BlueStacks_nxt\Engine\Pie64" -aoa

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe

"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1716,i,17960547415732361577,6214123347753863890,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cscript.exe

cscript.exe

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe

"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1972 --field-trial-handle=1716,i,17960547415732361577,6214123347753863890,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe

"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id=com.bluestacks.services --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2616 --field-trial-handle=1716,i,17960547415732361577,6214123347753863890,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\HD-Player.exe" enable=yes

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall delete rule name="BlueStacksAppplayerWeb"

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall add rule name="BlueStacksAppplayerWeb" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe" enable=yes

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-CheckCpu.exe" --cmd checkSSE3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /c "sc.exe delete BlueStacksDrv_nxt"

C:\Windows\system32\sc.exe

sc.exe delete BlueStacksDrv_nxt

C:\Windows\SYSTEM32\reg.exe

"reg.exe" EXPORT HKLM\Software\BlueStacks_nxt "C:\Users\Admin\AppData\Local\Temp\2mbdfvbn.l15\RegHKLM.txt"

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe" a "C:\Users\Admin\AppData\Local\Temp\Installer.zip" -m0=LZMA:a=1 "C:\Users\Admin\AppData\Local\Temp\2mbdfvbn.l15\*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5656 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5040 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2112 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5932 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4500 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3188 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1640 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5532 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4428 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3696 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4996 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe

"C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"

C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\BlueStacksInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\BlueStacksInstaller.exe"

C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\HD-CheckCpu.exe" --cmd checkHypervEnabled

C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\HD-CheckCpu.exe" --cmd checkSSE4

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe

"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2548 --field-trial-handle=1716,i,17960547415732361577,6214123347753863890,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=3244 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=3272 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=3280 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5576 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5556 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5844 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4948 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 clients2.google.com tcp
GB 142.250.187.206:443 clients2.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
NL 20.103.156.88:443 tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.46:443 img.youtube.com udp
GB 142.250.187.238:443 img.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
GB 172.217.16.238:443 www.youtube.com udp
GB 142.250.187.196:443 www.google.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.10:443 jnn-pa.googleapis.com udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
GB 172.217.169.46:443 img.youtube.com udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
GB 172.217.169.46:443 img.youtube.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.195:443 id.google.com tcp
GB 216.58.212.246:443 i.ytimg.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com udp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.16.225:443 lh5.googleusercontent.com udp
GB 142.250.187.195:443 id.google.com udp
DE 13.32.121.127:443 www.bluestacks.com tcp
DE 13.32.121.127:443 www.bluestacks.com tcp
US 8.8.8.8:53 cdn-bgp.bluestacks.com udp
US 34.120.235.88:443 webapi-cloud.bluestacks.com tcp
US 8.8.8.8:53 cdn.now.gg udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 cmp.inmobi.com udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 3.160.150.61:443 cmp.inmobi.com tcp
US 2.20.12.91:443 cdn-www.bluestacks.com tcp
US 2.20.12.91:443 cdn-www.bluestacks.com tcp
US 2.20.12.91:443 cdn-www.bluestacks.com tcp
US 2.20.12.91:443 cdn-www.bluestacks.com tcp
US 2.20.12.91:443 cdn-www.bluestacks.com tcp
US 2.20.12.91:443 cdn-www.bluestacks.com tcp
US 2.20.12.69:443 cdn-bgp.bluestacks.com tcp
US 2.20.12.88:443 cdn.now.gg tcp
US 2.20.12.88:443 cdn.now.gg tcp
US 2.20.12.91:443 cdn-www.bluestacks.com udp
US 8.8.8.8:53 61.150.160.3.in-addr.arpa udp
US 8.8.8.8:53 91.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 69.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 88.12.20.2.in-addr.arpa udp
GB 216.58.212.234:443 content-autofill.googleapis.com udp
US 3.160.150.61:443 cmp.inmobi.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
DE 18.184.88.93:443 api.cmp.inmobi.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 64.233.166.156:443 stats.g.doubleclick.net tcp
US 34.120.235.88:443 webapi-cloud.bluestacks.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 34.160.86.181:443 cloud.bluestacks.com udp
US 34.120.235.88:443 webapi-cloud.bluestacks.com udp
US 2.20.12.70:443 ak-build.bluestacks.com tcp
BE 64.233.166.156:443 stats.g.doubleclick.net udp
GB 142.250.187.196:443 www.google.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 2.20.12.92:443 ak-build.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
N/A 127.0.0.1:50704 tcp
NL 20.103.156.88:443 tcp
N/A 127.0.0.1:50712 tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
N/A 127.0.0.1:63188 tcp
US 34.96.124.47:443 wallet.now.gg tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.4.4:443 dns.google udp
US 34.96.124.47:443 wallet.now.gg tcp
GB 142.250.200.10:443 fcmregistrations.googleapis.com tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
BE 173.194.76.188:5228 mtalk.google.com tcp
GB 142.250.179.251:443 storage.googleapis.com tcp
GB 142.250.187.196:443 www.google.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 172.217.169.46:443 play.google.com udp
DE 18.66.112.90:443 now.gg tcp
DE 18.66.112.90:443 now.gg tcp
US 8.8.8.8:53 cdn.now.gg udp
DE 18.66.112.90:443 now.gg udp
US 8.8.8.8:53 90.112.66.18.in-addr.arpa udp
US 2.20.12.88:443 cdn.now.gg udp
US 35.190.88.7:443 sessions.bugsnag.com tcp
US 35.190.88.7:443 sessions.bugsnag.com tcp
US 35.190.88.7:443 sessions.bugsnag.com udp
US 2.20.12.88:443 cdn.now.gg udp
DE 18.157.128.118:443 api.cmp.inmobi.com tcp
IE 209.85.203.84:443 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com udp
GB 142.250.178.14:443 google.com tcp
DE 18.66.112.90:443 now.gg udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
BE 64.233.166.156:443 stats.g.doubleclick.net udp
GB 2.18.66.177:443 tcp
GB 2.18.66.177:443 tcp
GB 2.18.66.177:443 tcp
US 104.208.16.90:443 browser.pipe.aria.microsoft.com tcp
NL 23.62.61.113:443 r.bing.com tcp
NL 23.62.61.113:443 r.bing.com tcp
NL 23.62.61.113:443 r.bing.com tcp
NL 23.62.61.113:443 r.bing.com tcp
NL 23.62.61.113:443 r.bing.com tcp
NL 23.62.61.113:443 r.bing.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 2.20.12.92:443 ak-build.bluestacks.com tcp
GB 142.250.179.251:443 storage.googleapis.com tcp
GB 142.250.187.196:443 www.google.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
GB 216.58.212.246:443 i.ytimg.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.6:443 static.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
GB 172.217.169.46:443 play.google.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
GB 142.250.180.10:443 content-autofill.googleapis.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp

Files

\??\pipe\crashpad_3264_FOVYLQKMBDRZXHMS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0a353d93465630c81a78a0c4fa666974
SHA1 fbe4febf59b6eae99319d20ab7e0ff3f6aa19c0c
SHA256 a8d0a9c92c26c488800dbe6e8e4017ed3def0fb6b696d6b27c0340353f078168
SHA512 d307b34582a57089155354a24d4f3b0468fb4be8f5d72a76dafcbe6e314f2fe0cd8b589af6909c4bc84a2cbf15381b0b21639864f00665e47e65ece0642065a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 08449baaefec53465c4c5da2a9ffd2c9
SHA1 6d0203bc276a27dcca894544bf5197a132393cbd
SHA256 20792f799a940c44adfe249092b63bb38bf8dd8daaf87ef289220aa1d39667f5
SHA512 6b12572aaf6f4f1d98ae8d97768c3675419590d0621b61f9230bc9bcc7c08c546bbcd4229522500575b62e1b3f54ba996e29bea2ec950d322156750411fc22b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 92af8471b010b178ebc3191eb25d90ad
SHA1 d71f2641bf6184e5d313973ccb4e550e5d92eceb
SHA256 81b388bbf44a5b7dad1fa4470b0f929e84a2a8ca479832251b8aae25eeec2b1c
SHA512 9ce0a220c6b8f9fc50db1c384d7f72bfaa1875690b08438d9865fd5b90fa94dad45eeb1cd2bad5494a0dbf032b876adf8fc3c38883e4d4684b132e8d165ff3dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f9c5803dd6add970af88bbd4eec2f613
SHA1 98f272ef5a78493d6277bdee671ca8769d24536a
SHA256 28b8b650f1682b7bbb3b44e698bbe9f70e426c44cee805fd9446da1578cdf7c4
SHA512 6915dc15c0f0f90443345ae31b976d7540920746d3ad2536c499816e5f4c1ce4d9b5990862ee1d9a12d27d060dc55b1c87b45ab72c9dbdd61f017b0771f31dbd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 09563358ebc36e795262740f25361e5d
SHA1 2f27584f8e7b83e93778900d9d9089ebbd335adb
SHA256 d835b428f7da1b49bc5928979da5e10dea7cc027fb1dbad81a05523602299ab8
SHA512 033b6445fbd385efcfd216a7a0d2ba1caae0fff91ebc6a9960f863a7aaecc7bf7cd3e587353cfb0c01ac24cb052ea926fab6b2e360e20c2e0fdcb7bc2d736eb2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 081c4aa5292d279891a28a6520fdc047
SHA1 c3dbb6c15f3555487c7b327f4f62235ddb568b84
SHA256 12cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f
SHA512 9a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cf0e6c714bba68ab8b0fd609dd7c43ea
SHA1 d35dd1b964fcf940ac097d59adc6fd30b41f5928
SHA256 f0d949d263dbcb26fa5158b424cf53d04b4169f34e06b1f4406b5fba325af2ef
SHA512 203a9b2075453e42fe4e1d6b2488137542bcd9fb5561f0271e03ce5e9a566bab74a996948caf6baa2d7e7d4f1eb455cc0cad28c2e5467baa45abcf73dc0890ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1c685b2324b04688f3ea933de95cb02f
SHA1 faa305b6f1282d9778954be23f04af56946c2fd5
SHA256 9977dbcb0efcf05bb9d6f6b8b83f0c595c9f2de7044013eaae48dbb14db792eb
SHA512 b65db464c69e725736eee365522c915dafc5d7bda54bcb5ae651b27fc5719acfbd5c2b45495e75966998d8989f562176fb44d7330cae249bea237584a60d0b3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1d7f576ca9940a0877f2fc1734892e62
SHA1 1a6925a6b79c699684a04b32418724c81577158c
SHA256 07a2fe1f7ac8904f750d6226e6845aa39a1edd050a8c0ff90613460efb48f915
SHA512 eb4ad838e1fe4f93ec401ee326ca8a4505c97a0d370b52b8c6a87c65087a603382dad53c2d4fbeba578968d0bddc93b379cd287136449c4e0ed4e9ef570981be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0257d3da-0a5f-4f7d-a213-701449ad338b.tmp

MD5 92904e56706cfe624206c52836f7eb15
SHA1 495a39fd167b544efbd967bbb06ad951639a442a
SHA256 826bab78666178fd76be70d1b0073c5486d9c12dd5d2189016e1845d7674e157
SHA512 b3c923a9b1a49c589880f7367705e3bd24f41915b2762a5c9c9c951994e07bbda8730b003f89120e19ff7641a311163856b39dc00e0b0a62dc2187dc0fa04a20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0724c84b4cd3165a360b8f3ebf882b2e
SHA1 e2b171d377a09b993cd3ada88cd749c5598a9485
SHA256 a470d9d8ca998f5f729717f8d14e511337c5cd53a9f3ae60ff8cdba903c6715e
SHA512 b56b236a8d77888e66ce1afa9c67b21ab458afe8e8dea49ad038de4ec0054300ce3ca2d6296041ca98aa97164a7798ecc3c57dd9bead6d07e5b115408f811ed0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2a72816ddc3fe0d68fcf9089a5bc272f
SHA1 30c99ee3395d65c7d5c1258b4e115da322f1d79c
SHA256 89eb04109ea26ab626b61649bd3d65e6b9246134d8cf209a7c38686887edd3da
SHA512 418204d3db595bc7f3d5552b4e5302a1d31aec8f3edcb0e12fb826fd8d501ad25c868bcbb78f0f229ea4cff8fd9de446705b2f00289f6e27d372d968e49320f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 76fa258a4baae6491e84e69675ec00c1
SHA1 6ae8bd7e15696ae72adaa592e736127fce901d97
SHA256 c87a38dd1028610dc2a4cd1e94b7dd4fb85f0b6f923d5d16afa60c069f9671a5
SHA512 c98e589d6b3fa557397b8e0b816fabf1fb1c6b2cdfaacc07c27047c14d42f7c95c2cc033fc0f356fdeb6ce7cd2869a1e20dec095623f1666aec56ef320165834

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d32a737884edb92bbfe2a91abef0e85d
SHA1 9dae58cdbcf6941f8f0106e0b3d8cd7c485889b3
SHA256 ab14c1eb9adb57ecb028c41aa15e4952ae79cd3808e9773f7f40ad72fbd99f7d
SHA512 f39949488221c0f5fd6667c7e5bf39e698f28cb931e6036073aff762443fc80549e52226c71fc2d39dfe9392efa7cc6c72afa5a41075fff5bf5cf58f9f2ff57f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1397d90bc81b7b403b1e2a6704b1ad43
SHA1 552f035c810cd7ad08ddeb6bababd951186cf716
SHA256 1e78ce771d9f8d026bc16cc5f55e13261f09878164ef28ccd139fa25a8f55f30
SHA512 5871f684e78682a67ae5a4407bcb342d620cb1d8deb8b575a5b657cc364f6718c4d319b5c4efdfe724ca5e066a50f02f28ba62cb7fa138987cfca856a00301b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b58b241e862f0695650154c15da38480
SHA1 131bf40bdb08d78d5466ffc6332c95b771dea7aa
SHA256 ca9df6783f039eea8b9660ab7337411667708a905b3d1848c34721498258b334
SHA512 1035bcf37d320707f7c3418d08dcab85ad9f7c857348e05fe3ec8747a7e4db40a75a2eac1326057fa6d60366e99d9909f8e443f87e79bea14bcd5b49ae2823e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2dbc54b1217789f37a77b8e08ab5899c
SHA1 1cfed3760085d06e96152d3aef8c77afba16103e
SHA256 486a89047038d48d1f54cbe315ee928e372621dbae7296ae27ce4f888bd4113d
SHA512 7de18b127184be8c21b38ddd9384f788f43044899cf9b9603c206dd7526e906c0ba37f82aea43ac0695025d0fa7508e9f423f9fa39d97a5fd1bdebab9e1ab7c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 94275bde03760c160b707ba8806ef545
SHA1 aad8d87b0796de7baca00ab000b2b12a26427859
SHA256 c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968
SHA512 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d29949b0349e7da962eb455516ecf081
SHA1 d4f7250726b9c1d7189b32435e4acab99a42794f
SHA256 7153b71df61e2c0efb08005dda39326d94788b83aadc4b83c4e8e9a9f991223f
SHA512 bcd3aecf91ffd842517a7766c3fe9f992f2bce5a8536189b704d825fee14b5759336edd7cdc96afc98ab78e02c149a966b8ec6429a905b9fd7f1f17d9dd6845e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0b3593d918899d45a4701e9c1dd53c9c
SHA1 82c6e14135c7e030487bee93607270d66b42bd74
SHA256 fc99648ad1f3a486353090cb13d82d2cff49f228bfab37ceb019b5e440bd496c
SHA512 c2be54decc742f133fe5063155b06c89709e3b7065c917233acabc88de6e4ec7ec758959015232764689efc02a7ded1c49b523fd1adcbc5dbf647feb5145934f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b7af0bcebb58dfa5855d1c14b83eff84
SHA1 f69f00d0e1727dc2c03b392a800e93c388e8778b
SHA256 e2b3726eef590b0ce34390c21e4a2ed04e45f14cf888b24be27c3a492d322ca5
SHA512 8a203ccf4c887c665d271b7449e977b745aa428ab0ccd56d8c758374949904c489bfa53769a332cca502c9c22479d89bf59e9ed5b0ea6e19511218afb2e18abf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b589592947c1eccda54a516a282877b0
SHA1 615d581f824af09cfce0c8a04fcff5d3324a7c07
SHA256 9ed99af0c09ac3d234676fe19163ae2b91234bc27ee1146e0c091dd7064ea88e
SHA512 f721476ff027c76e99a6c744470934521b3276a8442361525963ba08db7904069b1338f66c297345a0e1403069a1f7075b91ce8c6f5ab5a52083817d6815d352

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 921df38cecd4019512bbc90523bd5df5
SHA1 5bf380ffb3a385b734b70486afcfc493462eceec
SHA256 83289571497cbf2f2859d8308982493a9c92baa23bebfb41ceed584e3a6f8f3f
SHA512 35fa5f8559570af719f8a56854d6184daa7ef218d38c257e1ad71209272d37355e9ad93aaa9fbe7e3b0a9b8b46dfc9085879b01ce7bb86dd9308d4a6f35f09e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 40e01c775b4f150dec2ff43bdf0f1816
SHA1 29cc0f7eb904aced209cec12ebbf8e6ab192da53
SHA256 4d21e64e043f3f03c39754589e8131f993de6565a9da3bf86a21c205e37b3ca0
SHA512 c868ed04136d1c38c2d4f22f7c16337532fa1b62a3da413df9815ddeb2fbd5a5175d7987beb796193a4e812a679c117928c97a4e87042ce4383433ba479b923f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 c054cddd96069f22fe75e7a2c17ae412
SHA1 d38822115595dad9af041a2ac43dd74c782276c3
SHA256 5f2af02562178807d98ae12e1a8e1aeac6928440ed40276a8c3ea791a733ae71
SHA512 64506610fa6074e56f710f5e7b21ea47662237751121e2b73d77a9c1fc72ae61f2b3a2fd7cfd95c9b6a9500f56c307d0176f365e426aaa641b2afda81aa136c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 283b985d3850c8ea24e24f1352ad5a18
SHA1 cfa758bda5f26fc5eb71edf7b58e9a9539362c00
SHA256 dee0274bd3e5f2d737a3135085e2670589cc70b5f6f40a7b9d16a9b467a92c2a
SHA512 012c7b3c192990cdbea0f57bbd91564b0b78bc576323932a4515d3220ef1b88181f455b947500084d0b3e1557735d4d333d70635d10db933f69579f9df2a0d69

C:\Users\Admin\Downloads\Unconfirmed 924555.crdownload

MD5 d2c72208f8783ec83b123324e8093cc1
SHA1 4afbc9f19f8a194bccd5216e05083e0d7617fff0
SHA256 52ed4671a31c8529f2ba3027e25080c842d09f0517fe64e844f93d619cb4dd26
SHA512 03b7c6511e32f9822a42182776b2f862bae7627a2df374f874df05f3d46f90857a37afaf12d7d29a960f5d22536878dea9240c5872d84c9835663d219c5d531a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0c62d13f2422df0d095fd938a6cd019e
SHA1 7ed302eef18e4ec1a01a1772d60a75255cf35ff5
SHA256 d16390277b307b1fad78118344fd6e1c594a06b14b747de41dbbc4aa921292e1
SHA512 6d3652b9bd26ab5a3909a2a643113a389a760ef0b671deab02b320b1c4cc6b19e6fac1f01c78e527486d02ae49431f2283afef9ffe558e49a687da0bd72974ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a6b68a71e008fe8d6055bd7ec1d56ce7
SHA1 f03726f28410c101431dade415e0ff45beb2bbd5
SHA256 e61eeb553d8a46dca53bf92391c46824e9e56f7f0c6781a8e804b7ab52ff73bc
SHA512 b2c8d19a1654ecdec508ebf0ffd1c71e9fe7dfaf8fff2ca3c46528f4dc8940eccf5dec978a7da20e8f3190d343b6659471cfe4ad40b85dd26137f76ad2283973

C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe:Zone.Identifier

MD5 27bdcf74c8172d25fd9e576cd885a999
SHA1 c862104de26a7643b4d2ec6768cc9359afbdf437
SHA256 68543a3db7efd410c6c86e3368e89efe9375001021bf2404a223416ff9946117
SHA512 b24c1abf1dc7e009ea096d421d76e984ce252023d07d170b968eefd676a2832e0008caa83195c521c8c40d699b7b836f3b0faec73012dd9b7427bd87cb4196bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 bb605605c72b1b233f9b47de101c2b9c
SHA1 cbe419e46e4a124c860edf4e1886a15ab0cdd661
SHA256 75953025bd9eef39146d05fbbd65228c862e5c9f8150e4804d08192450eaa5c1
SHA512 5248c886afed71d67204801b39afef1ff72c29bf3a09dea788ebce64437d89ca92a1cf0d7dfb89e1b040afe62e680ce1e4670c1ff10853be2147872e50cbd765

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 a8bd3955e62562655a02ee14e0859e1e
SHA1 69bc2b4db2bd566d2851433b4da992333149713e
SHA256 d9f7bff3449f16f5ca5cb3e2423a734346174e8c435317f5cf4157b01d2bd714
SHA512 771964f4849c9d2a52524b11e32c9ab8bcf62e6a4e62a19b290e71ed1ea4c1ccb151dbb69e8e712cc66be4e00143bedd382c259f0df43a94544e6a3124c89b1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a65ff.TMP

MD5 8b332b4b3bd9fa02c57883753b38d420
SHA1 15843c88d512c9ecdb7a80c5c95d8ac908893d81
SHA256 8ee432fe9b9c61a8a28a35cb57646cc968c47afae4ffbf4acd59836d95713cd5
SHA512 1610066683b2071bea692fe57ebc5cfabd397cb1fec849fb596a9b5265b89686a76c6c1e1b256598a677219ef5cbfbf7fcef93976b3d9e2c981f205a4d9e7596

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b4297ed0f6973d95c25a07cb7020224d
SHA1 fe47e1e57e4ddae18b7efffb7c0f14126c4d13bc
SHA256 e0f5cd617a35f1f7a1017eab05db52c4eb0d37ee3bd382aed4e7e83876ac227b
SHA512 21df5a4c456c40a4c4f838c6577ba51828ad628a630c7750302ca7b10ff397a5dfaedd65b778464dc855838cff1f8e25ce763d3995c097b6ad4910c6d34603a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8e7949eccd63e489243f68a1955f30a2
SHA1 0b4581e2d7858ea500dcea6cf98ba6145876596c
SHA256 e35b7df8e5d1eac9f4460c570817f02c2390fb29a2866e1a250ab73391b6efb0
SHA512 59ecf14d433f9f94a9389c9ae0cd40c94bc3542262ecdda986be46a92b884f3aa556e82d356eee85deeebcbab1b99dd8f142e6efb73813033ab0b9d765e393a8

C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\BlueStacksInstaller.exe

MD5 c8ec5e0af9329936df1fb6382f092687
SHA1 fc8a59149198e5acef2ca6a51f01d1e3ff0f50fe
SHA256 7b3fcbf635508cde1dd74e41b3914f5b85bdb8de1bcece745ac6a05ddfde63da
SHA512 1bd43948428d964b94befe7e2b9cd74e0cb5d6af76f5adb166323510b2f775ae479e781df104222197ac5e04e83e885cf6a5ec65c7bb3c5aebd45dead24439cf

C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\BlueStacksInstaller.exe.config

MD5 1b456d88546e29f4f007cd0bf1025703
SHA1 e5c444fcfe5baf2ef71c1813afc3f2c1100cab86
SHA256 d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb
SHA512 c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

memory/1132-789-0x00000000006C0000-0x000000000075E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\JSON.dll

MD5 f5fd966e29f5c359f78cb61a571d1be4
SHA1 a55e7ed593b4bc7a77586da0f1223cfd9d51a233
SHA256 d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156
SHA512 d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

memory/1132-791-0x0000000002AD0000-0x0000000002B38000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\Locales\i18n.en-US.txt

MD5 206562eed57e938afe21fc6942fa8e59
SHA1 779e90fec866c0fd2f47da020651db71c89ec3dd
SHA256 27d611a71edf36307a7ed0651f6c5910292ac7e2b68074a7e33d306b3d93ec45
SHA512 275c3192a7aee28fad31beb521cf5e7c66010e7562ce244ba9fc4de352f35b4ab63180ed12a56ea0b1458c185e076e2d07ba6d8797467177d3c5b2ac14371b26

C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\HD-CheckCpu.exe

MD5 81234fd9895897b8d1f5e6772a1b38d0
SHA1 80b2fec4a85ed90c4db2f09b63bd8f37038db0d3
SHA256 2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c
SHA512 4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

memory/1132-798-0x000000001CA40000-0x000000001CF68000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\Assets\loader.png

MD5 03903fd42ed2ee3cb014f0f3b410bcb4
SHA1 762a95240607fe8a304867a46bc2d677f494f5c2
SHA256 076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1
SHA512 8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\ThemeFile

MD5 c3e6bab4f92ee40b9453821136878993
SHA1 94493a6b3dfb3135e5775b7d3be227659856fbc4
SHA256 de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6
SHA512 a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

memory/1132-802-0x000000001C920000-0x000000001C92E000-memory.dmp

memory/1132-801-0x000000001C960000-0x000000001C998000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\Assets\installer_minimize.png

MD5 38b539a1e4229738e5c196eedb4eb225
SHA1 f027b08dce77c47aaed75a28a2fce218ff8c936c
SHA256 a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2
SHA512 2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc

C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\Assets\close_red.png

MD5 93216b2f9d66d423b3e1311c0573332d
SHA1 5efaebec5f20f91f164f80d1e36f98c9ddaff805
SHA256 d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb
SHA512 922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32

C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\Assets\installer_logo.png

MD5 e33432b5d6dafb8b58f161cf38b8f177
SHA1 d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a
SHA256 9f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183
SHA512 520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf

C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\Assets\custom.png

MD5 03b17f0b1c067826b0fcc6746cced2cb
SHA1 e07e4434e10df4d6c81b55fceb6eca2281362477
SHA256 fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b
SHA512 67c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2

C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\Assets\unchecked_gray.png

MD5 e50df2a0768f7fc4c3fe8d784564fea3
SHA1 d1fc4db50fe8e534019eb7ce70a61fd4c954621a
SHA256 671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396
SHA512 c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998

C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\Assets\setpath.png

MD5 b2e7f40179744c74fded932e829cb12a
SHA1 a0059ab8158a497d2cf583a292b13f87326ec3f0
SHA256 5bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b
SHA512 b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c

C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\Assets\backicon.png

MD5 7ff5dc8270b5fa7ef6c4a1420bd67a7f
SHA1 b224300372feaa97d882ca2552b227c0f2ef4e3e
SHA256 fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1
SHA512 f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef

memory/1132-814-0x000000001BFA0000-0x000000001BFA8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\Assets\installer_bg.jpg

MD5 3478e24ba1dd52c80a0ff0d43828b6b5
SHA1 b5b13bbf3fb645efb81d3562296599e76a2abac0
SHA256 4c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904
SHA512 5c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 bec72ae30ce1a5b95610111b56f8a437
SHA1 68de29c05de66ddf72e5257f1be5e42322245e41
SHA256 25b1fe26243c4e96f0346f108286b05aa726644af1adb7af35bf8092540a974d
SHA512 901d4b475c9a9ce532d8819f359574dd8d1f7644feb460c6a5ecaeeeb21f003524c28e8dca4fa7c33f6fe8f3ccd87c9a01ca7f482ebacfd8610b209e8a3e2439

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a87858ac6f3e65f66691388e0495c582
SHA1 d46b6918de4fce1ef76616faaa46d71d058ea354
SHA256 96e208f1d606e9a8e35691d2e588c27ab5057fd0407191364e0aa220fc646fd8
SHA512 8bd54699403ee04b9ec5971c6ab95c618c05859f237aeb31243061beeec7a023bc805c9261b8eeac09a00cad78a007cdec630ee6375de2c9c7e2016582855d89

C:\Users\Admin\AppData\Local\Temp\nsc6995.tmp\nsDui.dll

MD5 97293a34cbd5897ee92dd96bb666fbbf
SHA1 06d39908d3ac86332758159d5e4accb80753aaf3
SHA256 8b08f564483fc6f4e61d0dc33ee8da4572055ecfb669c9d73645130aad17b4e6
SHA512 bd3688fed0397f19bef1f831d889a8f2d168262d243b9dd388ad77ab6422eca6907dbcac670092b3d7d1f3a4c0c524a68d7f10942d67f591931cfb7c9fa3046c

C:\Users\Admin\AppData\Local\Temp\nsc6995.tmp\BgWorker.dll

MD5 36c81676ada53ceb99e06693108d8cce
SHA1 d31fa4aebd584238b3edc4768dd5414494610889
SHA256 a9e4f7ec65670d2ce375ffaf09b6d07f4cd531132ca002452287a4d540154a38
SHA512 1300de7b3e1ac9e706e0aad0b70e3e2a21db8c860e05b314a52e63dd66b5dffdf6be1e38ab6ede13bfd3a64631cc909486bf4b1403e7d821e3b566edc514c63c

C:\Users\Admin\AppData\Local\Temp\nsc6995.tmp\nsDialogs.dll

MD5 f7b92b78f1a00a872c8a38f40afa7d65
SHA1 872522498f69ad49270190c74cf3af28862057f2
SHA256 2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e
SHA512 3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79

C:\Users\Admin\AppData\Local\Temp\nsc6995.tmp\nsis7z.dll

MD5 95f6f6ab9509bc366ab9215defe4251a
SHA1 e3f4a6effd6ca5838cfe91a01967cb72edcc7b0b
SHA256 a896a9ece055d334d431cd0f856113ab925d9ee86d2dee383c0bfbbef11a5b50
SHA512 a853f70d2ea7f384df99be067724bf3ca73c63f3c3573c112f5528fc86a96bd34509d934b038e2a81833f3abb3eedbc5894921291139100e01df6e35696c0ecc

C:\Users\Admin\AppData\Local\Temp\nsc6995.tmp\System.dll

MD5 959ea64598b9a3e494c00e8fa793be7e
SHA1 40f284a3b92c2f04b1038def79579d4b3d066ee0
SHA256 03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
SHA512 5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_pressed.svg

MD5 dfddf8d0788988c3e48fcbfb2a76cd20
SHA1 463bb61f0012289e860c32f1885a3a8f57467f2e
SHA256 9585f41eb6202e89f2087266fa31852d7f41ca8cc659b907c96753fe165f937d
SHA512 e708c5114c60f7574589d6a56c9faedda26ee4a40f0eeb25f5e12eadcf790f24fdbf393fa0aa6ad449b5337d625b092d6f8822472fa8a6ce1339aca59c50c3ca

C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_normal.svg

MD5 3221ac69d7facd8aa90ffa15aea991b0
SHA1 e0571f30f4708ec78addc726a743679ca0f05e45
SHA256 92aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537
SHA512 5e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328

C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_hover.svg

MD5 76166804e6ce35e8a0c92917b8abc071
SHA1 8bd38726a11a9633ac937b9c6f205ce5d36348b0
SHA256 1bca2e912184b8168ee8961de68d1d839f4f9827fde6f48ab100fb61e82eff90
SHA512 93c4f1af7e9f89091a207ab308e05ddd4c92406c039f7465d3b8aca7e0cc7a6c922a22e1eee2f5c88db5e89016ef69294b2a0905d7d6a90fd32835bc11929005

C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_disabled.svg

MD5 e7fdf6a9c8cae1fc1108dc5a803a1905
SHA1 2853f9ff5e63685ebb1449dcf693176b17e4ab60
SHA256 8ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e
SHA512 a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9

C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe

MD5 31619556ed6d5ca481cfcc3b8a5b6a80
SHA1 61fbb30965a5b11b6d8d26e85f0aab14868fc97b
SHA256 d19ed921fe898222fc2bf4260820d58315ef30f178e87bafffd41b9602b791e4
SHA512 1a5725d88a8005a62cb2c229235752b63698323e7c5facb564d62c7b6e09188d75935c319b91c0e82e40eb6118d7fa9bcf048065f485b7e61e47523447bc06d9

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\Assets\minimize_progress.png

MD5 1504b80f2a6f2d3fefc305da54a2a6c2
SHA1 432a9d89ebc2f693836d3c2f0743ea5d2077848d
SHA256 2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6
SHA512 675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\Assets\exit_close.png

MD5 26eb04b9e0105a7b121ea9c6601bbf2a
SHA1 efc08370d90c8173df8d8c4b122d2bb64c07ccd8
SHA256 7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157
SHA512 9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\Bootstrapper.exe

MD5 e896caa05303bdbd59395225248889bb
SHA1 85681e927d9c44b1260609ee88d12eed9a612100
SHA256 b96937b386fdd06060a61756d3c0e2cf0b99908833cd91490fe88db6a44d394e
SHA512 584611be4bf3574693c2fc9d835379d644cb568fef177b420e74548483b41f89ea8ccefb55c4464fca60e2db9fa2e0fd40d7d3da1c2de5cc25e8c4822ceeaaa8

memory/5308-13495-0x000000001BA50000-0x000000001BB34000-memory.dmp

memory/5308-13494-0x0000000000DB0000-0x0000000000DD8000-memory.dmp

memory/5208-13496-0x0000000000A00000-0x0000000000A54000-memory.dmp

memory/5208-13497-0x000000001CB90000-0x000000001CC10000-memory.dmp

C:\Program Files\BlueStacks_nxt\Assets\unchecked_gray_hover.png

MD5 62d7f14c26608f8392537d68f43dece1
SHA1 add4f30e7c3af4f7622e6bc55d960db612f3bb0a
SHA256 a631e26bd5b6ea19c8c65b766a056c92ba8a47e1483768dcf12b05293c9a7a0d
SHA512 e41210a78e6076954f75a2f73c0f7628e8604a09ecbb1d2ee0972741d4ef1d814b366828977c02944736b03ed116bc559a2ae47ddb7cbc6f4e54578c8263edf4

C:\Program Files\BlueStacks_nxt\BlueStacksUninstaller.exe.config

MD5 ca0a329097316832e4a6ea5d870c9268
SHA1 4a36b93361d3dc9df9b00313f2c2b394be9e1e72
SHA256 4b7df915d706af6459c38d75b09c5e14f951842ae0678078400f204ad1c7a7c2
SHA512 51f9a874e84f130be4fa29fcc4bc934105318234b5dd9ceedaf569e3f0e6b38e29f3bec056044724476ae24295a510b16d8a737b994fd6f1268609defa315271

C:\Program Files\BlueStacks_nxt\Assets\powered_by_bs.png

MD5 7a2e5c21140aa8269c2aafd207f5dbaa
SHA1 4e0d9e7e1b09e67eba10100d73dc51623517821e
SHA256 3d2afe5236ec813d9e8063bc43eb34b88c2155784e1bce19c6a533c32767af35
SHA512 63f512559f2068a9702c7c527c126f6017cd8d1d16af52e41b884aa9a64ff4294a57243ec78c3a416f70fb6178a79877d68345357725ff92c935709a2ef8adde

C:\Program Files\BlueStacks_nxt\Assets\close_red_hover.png

MD5 5ceab43aa527bc146f9453a1586ddf03
SHA1 88ffb3cadccb54d4be3aabf31cf4d64210b5f553
SHA256 7c625ae4668cc03e37e4ffc478b87eace06b49b77e71e3209f431c23d98acdd0
SHA512 8a5c81c048fb7d02b246ed23a098ae5f95cdf6f4ca58fd3d30e4fe3001c933444310ca6391096cfaeed86b13f568236f84df4ea9a3d205c0677e31025616f19e

C:\Program Files\BlueStacks_nxt\Assets\close_red_click.png

MD5 6db7460b73a6641c7621d0a6203a0a90
SHA1 d39b488b96f3e5b5fe93ee3eecb6d28bb5b03cf3
SHA256 d5a7e6fc5e92e0b29a4f65625030447f3379b4e3ac4bed051a0646a7932ce0cd
SHA512 a0e6911853f51d73605e8f1a61442391fad25ff7b50a3f84d140d510fd98e262c971f130fb8a237a63704b8162c24b8440a5f235f51a5c343389f64e67c1c852

C:\Program Files\BlueStacks_nxt\Assets\checked_gray_hover.png

MD5 ea22933e94c7ab813b639627f2b38286
SHA1 c5358c5cb7fb1a0744c775f8148c2376928fb509
SHA256 d7c79677d2ef897fa0ad1efc90e916c46da29f571208f78f24505603b7165c20
SHA512 ba447a1aedec49419e2b4a8de85c6047886f1a5ebb94f1c45e205a3780c6826f412a3892e97115b35e43839f43e346f3c72ffbf0c57d57f6d26b360ae61b3964

C:\Program Files\BlueStacks_nxt\Assets\checked_gray.png

MD5 ce144d2aab3bf213af693d4e18f87a59
SHA1 df59dc3dbba88bdc5ffc25f2e5e7b73ac3de5afa
SHA256 d8e502fab00b0c6f06ba6abede6922ab3b423fe6f2d2f56941dabc887b229ad3
SHA512 0f930edd485a0d49ef157f6cc8856609c087c91b77845adeb5cc8c8a80ebc7ec5416df351ffa1af780caad884dbb49dcc778b0b30de6fb7c85ffef22d7220ebe

C:\Program Files\BlueStacks_nxt\7zr.exe

MD5 fbaba140f30a11e5ff4f97d921de6d45
SHA1 d12360b79d9fe7ddc5380a22539dc7d4768ff5f3
SHA256 4889c0826c633c0291264d37834363be90ee39d07fcea228494ed151386dcb16
SHA512 cd18bb1b057b1b077fde372ca5f98701614b196b692ac42ec56e5b839535022d884a2cd9b6bf644a520c6f48f12f673574a24e60580c70c695067b66442ea7a5

C:\Users\Admin\AppData\Local\Temp\nszC6A4.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Program Files\BlueStacks_nxt\HD-ForceGPU.exe

MD5 69457c9a9974ab32264fed54bceb4b1f
SHA1 7b00b9860fbb9fde7edaf6cb35a7070f79554dec
SHA256 115ca4c71da3c6f6cdf74247fedec9830b7e9490ec6358d77a301be27bf69e5e
SHA512 ccfc6597b2a34923f9f2162a4ab743d56486d169802772dd8ca87dad9c1e04d75330a960eac380e5af5e1db9a9e44b66221df1f583b0425dd4a91d0fea1d71dd

C:\Program Files\BlueStacks_nxt\HD-GLCheck.exe

MD5 4be4afddacc41422970834d7a0d4d1d7
SHA1 82ffe2b1d535f2550ab63cbab450a6a3b6b034f5
SHA256 24552a2080acfe8022dcb0afbe73896a4b781bfa49007e2fa6022f368265565e
SHA512 228b79f571b459f7a968e79db2d2c78da103db5956f19d7e13e167bd3a4783d8f967dd055df73076e362194be67a2bdd25dd4af99e22d59ab451c5c767c2572a

C:\Program Files\BlueStacks_nxt\ProductLogo.ico

MD5 169706218f98a42594a8c5c5a65771fe
SHA1 b8ded94180212578d86a031eb71ef93dcffe1a26
SHA256 3803045963af064936d7071c178de8e40854968b3d3f9171c57a182c869f3697
SHA512 1c3f18ed0a24ffa78fe938826eb88531eb8be134d6f209b87d7af5d0e8c4829f01947d7b0048996b9755562bbb7f52e000bcd15d07d646cacb2989ac881ce448

C:\Users\Admin\AppData\Local\Temp\nszC6A4.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Program Files\BlueStacks_nxt\resources\icudtl.dat

MD5 03205e5952ea7b803839ecfe3bb000d6
SHA1 74146e76e31fd1e75ae1c34fa8194bc291b34a40
SHA256 8364e6c6bf5744357199de0de3f6ba30846ccda70288675b75059e6fd52241f3
SHA512 badb8843f9a483329cc4f559f95bd07a8cc1f9383e0e67dddacf74e586541067ca452a7fc28b63dcd28edc434c3be8ddc733dcbad0e06d973dafc99242f0b192

C:\Program Files\BlueStacks_nxt\resources\qtwebengine_resources_100p.pak

MD5 8615f18dea34c152e8aeb8f4e01fd17b
SHA1 032b7bab09943cc5c8a380b0aba29652d5539153
SHA256 e7e2cd13fa9fbaa33c537e8eecfd542e4ce4a621bc0b94159ef9e6e4541652a6
SHA512 2a68ba854d473883f20e1a26375fa39b689cd39d2e284a963b07f25fa3eb6865ff3d8fea2241af23ffc731b83e20ec5b8147486de0a507e83413f75d71eab248

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\bg.pak

MD5 154217351d415b13dca71e28727902c4
SHA1 096a1640b5e83a7b20afdfa7cfe2507b4128e0a5
SHA256 da4bb8513745180a0eb26228a315786a6bfb98d6594173491d25cdf9d59c5bcf
SHA512 f1676a8b05c00588308c57b2290c00a6d844811e9ad4495ba94d62ae71a8c58d504ccd2697cfbf822fd5c2ce6423f76da8a901b4eae55095dc4b9667d9c2a8eb

C:\Program Files\BlueStacks_nxt\resources\qtwebengine_resources_200p.pak

MD5 de5e6a97c80d698256369b10255ce45d
SHA1 8d4b979a8c2ee33c2dbc01ed13a165b455a5fdfc
SHA256 669f9d3388438377c440419e5c62973362e33e84a5b247ddd0dd4568da75eb13
SHA512 5609ca5053f581e636c0fe10def704f076c7acf5d958e235991fec32a2ddebd72b312f36a6648d2462766d1cb141f3df12d39df1a344e0dfb4a9e2946dcf1206

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\de.pak

MD5 01cc5b8a05a435482dc692baef032d3a
SHA1 229a4d1c9aea9111bb46895d096dfcaf488b8d4a
SHA256 53d5743a2606d6b553e8dbff871f2f1d3d53666baeb9ecca5b1ed624d48d5835
SHA512 082654e8385811d4e0f35544c017704b0f13638f850947d76c9abe093333fdaf9d1d08c184bb8107d16b0eae6ebcbe0c522ed18138dcee30a71d9d75ea8c3488

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\el.pak

MD5 26afc001a706679413f5deaa3c6603e4
SHA1 c9d780d930775cfc17cf9160712a2e90ca55106e
SHA256 4c2a3552e84fdd08852073d25c99727c4270160260d159572715c7d37e5861bc
SHA512 743380b99f6d55ad892296e8361b74cf90254403fef15de37c3e5fc302bae2991f5bb4ae21ba84bddc30da3b5b31fb4e741b0c524feede1656bcd2d531d76ea1

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\da.pak

MD5 5eba7377be8e34dd03db766300039ed2
SHA1 b3460fa050b93454b9e05586d86d7cf67881f557
SHA256 94157ad608b35b29dd176a3106caa4613ed6d4c20268ce00ac4ccf13a9950f94
SHA512 7d24210b60fe38b42fc6a4437ffb1e06333b7084025efe462b66e086cdee953254a1d6fec69ab3c8569118156f3a4a957aed5259e1432772ab46cf7905aa4385

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\cs.pak

MD5 c0bb82986abc67281d8067e5f20625c7
SHA1 e7cc8888dd95d9edf226893f0e4c12e572bf6bf8
SHA256 217718dd6d64f45da33db0629e6d56da8084ae0fd8123eafda909e662a5e5b50
SHA512 80f4542345cc6e0d3589aeb76e0e5f19a824f2d3186d397c8fb71c1e9d6c056108df7f9a192a6515eb9ee43505b7844c0bf76b77596adcaa3c0ee783dd590ad9

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ca.pak

MD5 a2c61a98fe7407ded9ece126c4c9d057
SHA1 c7d64d8bdc2fd9e7f1c62dff79e0e56e13f9cd69
SHA256 4d583b753104ae98a1e5858bfe38dfa3195d477128441ca59c882d158d52ebf8
SHA512 7522ee10397140b5eb45ec3d5cb32e9212a7d3cae8fbc377b270872aaf6c7077e7b13465f6005a85b5fdd4d2e86b1731c3366ddfb2e4bccae4ae2d1a178e0b1c

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\bn.pak

MD5 304432105fbe28b1625f0d7b6be3e7bf
SHA1 2d5474854bc0bca3f3ead1b9199d76ef533f0850
SHA256 ac282f17c5f25b55d368d06b305b89b614949d41c2a1377f1dd5aecb57d1ca8e
SHA512 8ab35cf2069f70a3a99dde98a7b7782821000abcefa97eaeb07b8a717d26a7b6c5461d5bcd39110b47db98aad9c56e463ca2707b7e6b71cda1092b8cf3a91ab8

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ar.pak

MD5 143ffa8ca3ac0e6dca9a8b3e8ba3f3f5
SHA1 6186940350b3fdd936f6ce41f3091bbca397e9a2
SHA256 3f35466a80f4ca5a5167b2d3a3278e75afd90821206ac98801210a2117c913e2
SHA512 a12b5e3ae821e08aa76657cf84bd79def6f8fdb413e908b13944f6c2bc1aa9724193d0a9a0abd5dc0b87e0845d61b021d39024a5048443531dafa19de707944e

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\am.pak

MD5 2a8ca8692a60fe8d33d51d99c9084a9d
SHA1 919d8adacce240fd394d6faf2aa41d2e5b8460ec
SHA256 73f0a7c7632313613814b3ccf5962962aff99de940e084e0b609ecbad1ec1d44
SHA512 080e56cce041226592e7fa816fe8c5e362a1f172a8c671bda4092ff127f0cbe8238c40d41751099f6bac8f02c71faccc011df270b1c1bb8b772286ab95f5f1ea

C:\Program Files\BlueStacks_nxt\resources\qtwebengine_resources.pak

MD5 aed2766cd70116ab1e0c430001a30b8f
SHA1 a06c62b35c333412dd61c493d6a6520a8c04537c
SHA256 4ed3a10f1bbc40b9a2ce3b8cb6dab6f00fe922d0c0e1c6ab5adfd8617cec9389
SHA512 a1ca058b88c1a6839b2e329b08423ee115800864f580f832bbc4f4720f0965984f893d210437951bd79dcfd3b917137b0b2e8f381e50d2a1bc2de37ca5555961

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\en-GB.pak

MD5 06da37b66f4dbbe8c5ae1bd7e4addc99
SHA1 ac190bbb14b76d14143dcc088f460d1be2ba2886
SHA256 60f87ec2b06329bdea7f835a61e9893fae147343f133caa2bfa5215797881ee0
SHA512 c436359e259c0a1cdc0dea1bb9ecd2bc22fe1124d76b9deac7e8c7751d97d66cbe61739aecef650908ed05363156fa11453490a9c9f23c74c683ac4e8c7c8c3e

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\es-419.pak

MD5 f21b0783d062082ee46aa573eff68df0
SHA1 84f62d15eb68858245e56bef0cf317e273918044
SHA256 859cb8ad8666e97a47f0e24df4ae85aad80002fbf842b4e68afd0a308d6597fe
SHA512 d87e2d51cedba8ba4eba3b0fd390bfb32b25c5cda98a0d6465b5ae351dc745a67ac174c223e7def8b02c9f00729244026e895791add2611680579dfec4b7b07b

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\et.pak

MD5 73e6f20f0c75a9beb72798167f8c6f91
SHA1 d01932a69626d23e8ce9e9bc240f6d99dd155fb4
SHA256 ff1b0d50f6f067b291199578b6a7757797bd7fdc6b0ac472c9361076bf9eadaf
SHA512 98966566211bba402352607a0622dca7f64ad4c056cec2b40cb70572cd1ce5ed92556490b4399a32ed1c04a14d80a3841fd1a758225120ee416c68e9314316db

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hi.pak

MD5 61838bdf13a1d60545d15e9cc49866be
SHA1 64bec7fe42caf53f192b58e4e5b068e56d835cec
SHA256 9a399dd9dac62ea30d700f94e83dd79d54827eac8b9cbce0343ad2dc0f4809a1
SHA512 7e9e0c3aabebd6f0c221918b6790d096824ee1c5f7338a21ac489952b8260b1e59be423005ce34bd5039cb38fa7c9197cf48b77974ed8f6b7ab2a2472e3daecf

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hu.pak

MD5 3c70ba470c8503cae9407540d070f506
SHA1 0b841228d28e8605c37df79f1a3714402d2b18df
SHA256 0770854f32f041df5ee0190164aa24a1ad06e199c79efd46f3ab65e12129023e
SHA512 ded69524127431d1b6a68bcf85119079a57d3aae5c5be7fd8f215090ecc74570b899e8ec70d6cf74da49833d903f8ec2cbb06738a1c917efc5e19a44167183c1

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\lv.pak

MD5 17b9ff8c299fff962e9b9bc0d5f2f15b
SHA1 6224d9bf81c4771033e14477da0a652336326036
SHA256 7e4a42d3cc06b7c9cfebad08391de3a275ec129ac20d36ec90ac136ee88223f0
SHA512 8bd3f102b933b94cd0da09e77c78369a156e2ac22f29888ac0c9db8d9d4e2a7e4eeac99942ae7a8785c6207a0277c374c1727712a932922c10646e3fec609963

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ms.pak

MD5 901240b9cb3a7a635c2d56d6ff1b3966
SHA1 c1fdd4ccf213bf1822696061d64930f47a017cdf
SHA256 a750d091e4ca00bdc647ca36c2a22cf9199126c69607fc14f468f6b3b588e55e
SHA512 2b316bc8d5f27f6f90434fa61d270a28f5aef2b9808b1467697c5671aedcfd99d7cf99d72f11d05dee06e73949ab2b22627ea1e925ce8b1ec65b4cd43d03eca4

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sk.pak

MD5 b37b81799942fc174e05b6aac03ea4c3
SHA1 788d6d10c82614465628f79bbe1f2346839a582e
SHA256 579a167528badf2a6feafbab487bd2314dd6107d0cc87df17a88ae325ef16319
SHA512 31bb82eb4434665a1b22a21e3e91b48fb2fe78913aac18475f8f328f05fafb2e4bffdd1565b8f48c67061fbf760ad217300882b5871d1753255d969be2b49b44

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sl.pak

MD5 4138dc422fc6a5afb1a855ffe0caba32
SHA1 8b23cb3c91167908e181eb0ce9d730ca5b3179e7
SHA256 7904fb9153a65105690d76ebda6e9edef2852b868f6a8d2e989b2013d40ffc3b
SHA512 a578919421c6458fd187d5985d721257cfb7bc3404f174dff413c211f29cb2d4552699fe10f0c01a651e224c1c7f3189706aaf71107187120a4260214881e531

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\te.pak

MD5 079fbd6adf806504199dd0b05c87c697
SHA1 4fec8c3bae9b48f92e35b609fc3977eda5de2039
SHA256 ee2697e8850803f08bee80e461833bd9f4232532c3f569f56521b1320c99e5e2
SHA512 722c6f3f6f61a8eea6965eae290e580a3263b894e07f7aac08fb6cca67e668db92a874728e32764ee0c10f5307b753d1589b8cae5c8a39edb29c7253591c017d

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\tr.pak

MD5 1a505f3f30511c2b05eb29ee0e0bff26
SHA1 08d4002d32dc5ea8a9476495786f5d5c1bae7ea6
SHA256 27627a61c6857b80b5eec4f6720b585f82b38271b7470c00a444735beee254e0
SHA512 d925f59cc9af4d55ad5daee42094ddf5d120eae816cddb56e906cd8da47039502f7608e9c4af77994ee7db585697fb26dbbd1c2e7c0bee4e3b194c9eee80eeff

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\zh-TW.pak

MD5 c709c2e92d4c0a1a2fd30f5350bed636
SHA1 31c8463300bdfe0238f167451a1adffc4fa899a3
SHA256 37a8707ce5a07b4363579e2d411a1c641913ed1e0377ae1e8cdf70146cee889e
SHA512 38f8da72ecbf73f10a8109ba51f162e77b0f567f7415fe2fa17a2bd7677d9562ff8bd5c136251f44c192c7618cdf72684dfe11070f478255828a5bcc5df8c01d

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\zh-CN.pak

MD5 54415acf2d54c65718c99ed78b4bf3e5
SHA1 311937480b01256a1e50d0556df9b4f9f9a46424
SHA256 3648945ec3205f590da62f76af957d8a4175890e6ddb5fd1103beeaf66728c7a
SHA512 4eba5d0f1be81e72699d8429252877096524b4e27fd7d8ac480ec13cb60a83f4b8288823299c1c4e210699278588662e578814b8061bd5b72b5179b956624fc9

C:\ProgramData\BlueStacks_nxt\Client\Assets\exit_close_click.png

MD5 b09525b48c0023f893d6b64d06add4b1
SHA1 10ecd439ea04e02eefe17f6c110d0c0a78a1db21
SHA256 caa2a8fe9b282939a21b86f8f61fb0c9452222cc3409f06cbb0dcc45613aca8e
SHA512 c6f5a7014c24133eb576708ca17d15becf2b45ec278b3f94e5275e47c78cf0f2eb8bb1a17d277d1a665039f38f2e25faf830e275f426b0a94c6a3da096b6204f

C:\ProgramData\BlueStacks_nxt\Locales\i18n.zh-TW.txt

MD5 35dbabb7d08aae38d44bb326ccd10eea
SHA1 193c8df23ae63107227a1faa03658c91635af058
SHA256 c5ad750e534b3a1ef73e2b8b8aacdb5f591a72c366583f9ae1ca8138eae5979c
SHA512 75aa4b75b3a9d76d0306360c6dbb49b86a7ecf7c88d8f31f28918f5a93d623e578f8e5faeae95c11b82d17f161834f65970088fbd293a12fca9f9322b5fad3af

C:\ProgramData\BlueStacks_nxt\Locales\i18n.zh-CN.txt

MD5 0d168bc28c89f0fd4bf3b7f2d9c65eda
SHA1 733690096aabff107a7b9a8d8a45c7a68aa9335c
SHA256 9a5032c277e2af24fc596e1d2f535dd8873530cdf055ef7b9a27b84a1e4bce88
SHA512 bb1e632e0c6aef6915ff178e9fb2b71173d1a3a00bfb294b59933e2d84f05642001d4201e42a2cbb7716cb4df039e4acc9ee24f91c784a48521039a2deedcdc1

C:\ProgramData\BlueStacks_nxt\Locales\i18n.vi-VN.txt

MD5 fcbbad664f3eb4d57764f73eb0765942
SHA1 cfb0601f07f12a78993d701168aa93109fa891c0
SHA256 401a8d87d3057dc1b2dae6338c93ad8f5a5f7de628ea2d5fb94ab781f9d1a776
SHA512 aa077fa7ddf698ba5e619239025775ce81972af515d82d1211039e0c65e5a30524ced698dcc1b7a1e1c943992ab6ea8fd5d28dbdd5abf57ba0c246360e21f08d

C:\ProgramData\BlueStacks_nxt\Locales\i18n.tr-TR.txt

MD5 3aeda0b485130bfc9dedff4b8fef1961
SHA1 ace8100a277ea0f8e06902d68c1c39061a44fb26
SHA256 3c465dcb8fe7197b0862637548d7c383574965666dd8305f5eb617444e9acfc1
SHA512 319cad94c82fd188103a0178a4aaa6433d57358a7fc99348522336fdc786946f2b08fd405fd104573d7aeab62248577a7ff6a27ad35cff50790d0eada45440f4

C:\ProgramData\BlueStacks_nxt\Locales\i18n.th-TH.txt

MD5 19402422b374354b36b182df60197aba
SHA1 75b68c2f7f9ef4730f0fe738f9477c543feb46c8
SHA256 d1de34e55cdb1a8abf9ad3bdf0c875b8f14825ac25df5526da98ced87588aefb
SHA512 c2f6991d15bc870a0998bfa74a939c66131f2d17485b3771e41fe876cee02050ece0c8a25cbca6720254ea8e25542fcab6ad569864a8443b5e3a0e266282490f

C:\ProgramData\BlueStacks_nxt\Locales\i18n.ru-RU.txt

MD5 c14b9c7f08c0e2a57ccfee06a7c5a05d
SHA1 c630e7233059006b1213807f8dfcb38295dde240
SHA256 b61b82dbc223e35f7451fb848978a79703b345c7a7728d60d59fb95171e11969
SHA512 15e3fe85a248c065429cfb52b5fa3f454d2440ac39612452974c7fe1fc890316c57a2b6c4137de36b3642276aa6791345e1b41af6628e80c4e7a3c6247dff6d5

C:\ProgramData\BlueStacks_nxt\Locales\i18n.pt-BR.txt

MD5 35c829fe17dd39d16ed9ed9d3c3a423f
SHA1 e2f498fb2ebd74647eea70edbe29d49dec3856f0
SHA256 a3a3183e5f85ef1d84f386deab1052871fe8ee1cfba2800cd6443459e3609346
SHA512 4a9db0e592d62cfec1ddf7fb1a67d2ed9338af50edce9582321d9ca798548cd65c53b810631cd862791c925cae2075a10f3183b02b5851cdb2cb2f54db229698

C:\ProgramData\BlueStacks_nxt\Locales\i18n.pl-PL.txt

MD5 1d824987054f6109e386a2af3a2930ff
SHA1 f0103827d00e343161463cbb436a751135ab7c68
SHA256 a5c2f911ae2e891f152d08203e8e99e78735f09de4b7421fc6cf343987b48e34
SHA512 df45abf4e8b24683eb3314478bfa9820caa83799e7d685473ec963bc9f07d72e763eab14a80aaaa7e1e44232223efb43cc6e9ec777c028516e7831694994d8f2

C:\ProgramData\BlueStacks_nxt\Locales\i18n.ko-KR.txt

MD5 21af008aed42c6654b0a6eadd1fca98a
SHA1 9f1dd90654b10a1d56c0b7345de9226deafeac52
SHA256 7f9e11fcb9567e432cacc5ec0b399fcbfedcdb0838f21ee84641cc4eb7794155
SHA512 da2bcca88b89caff19edfc38cae25fb8aaf1805dc80c28b0e1a51f5de64ce7b5c671bceb2ceb897969906fe80477e47efb9df7cd377d62f8aa3ae9ae1200d440

C:\Users\Admin\AppData\Local\Temp\nszC6A4.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nszC6A4.tmp\Registry.dll

MD5 2b7007ed0262ca02ef69d8990815cbeb
SHA1 2eabe4f755213666dbbbde024a5235ddde02b47f
SHA256 0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d
SHA512 aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

C:\Users\Admin\AppData\Local\Temp\nszC6A4.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

C:\Users\Admin\AppData\Local\Temp\nszC6A4.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\ProgramData\BlueStacks_nxt\Locales\i18n.ja-JP.txt

MD5 da7a6902f658d02dffe24e7b29ae25a8
SHA1 2942cfd645e7de104aadb45d65976c073dd54a64
SHA256 0c28d5d9178465b76fab0f5d736962095ecd333d7b2b1775c31becd38aded023
SHA512 1079fc5da14e53157486609ec2faac6c88272c74c2acaa8a02f7cc698cd078f118bbdc9d979a40b183055dfd3104d1792d530b9bdeff4b1d1f12131a7f3253e4

C:\ProgramData\BlueStacks_nxt\Locales\i18n.it-IT.txt

MD5 ea49ac9605d0ddbff07b0e19d6d34517
SHA1 c17fef2467a8973db193de95f7b66e6f511529d5
SHA256 408c2ff8977fd6fba4ece99f547182394ab62d22401454344f48ea085707ebbf
SHA512 e45a6d19a570f496a30eb2b39991a04743d491ff85b29390e52be2a5e146f7819c2197cd0b0357120a0c5ad9c792059584e6c4fe8f8098ecaf435aad6a44731f

C:\ProgramData\BlueStacks_nxt\Locales\i18n.id-ID.txt

MD5 623b1aacfbaf85b09a4e0c180e9ef178
SHA1 e41bfa201d627d093bf446eb39fab268528e5e32
SHA256 ce6bf3cbca52a1ae369199ee190272f6842a45e64da9ab6cac8b48842aa099ca
SHA512 83b91c326561b725483fa703d7bfc66a3eafc55a25772bb22251bc88869a30bf11c2c5aeabd5a07da8fd7f2d2b93ab2ba47edaf025f8055f6ebf07df99f9b77e

C:\ProgramData\BlueStacks_nxt\Locales\i18n.fr-FR.txt

MD5 6b1fc0b4e861692c83e8f36848e7faad
SHA1 79e064008b2c2bcc63146664cdf1a63f1d5ab58f
SHA256 f5684f68c50b3f8f5c1ce0e1266e003f2099d3ae401c848b2cd30260a998feed
SHA512 0a15eded536ea683c4493af1f45f8bcfdc24ae69747386a6747dfb2bd3475f88f4d15d2ac77515eb5ce75b65870f2fe2337bdef0fae5758edd72684683a9180d

C:\ProgramData\BlueStacks_nxt\Locales\i18n.es-ES.txt

MD5 5f5cacda94bb2384f9d6bdece58ac526
SHA1 c10f095a312e623b79c42ab7ca3f48130b348d62
SHA256 2b698fd5d6f4fd959c4a24b47b02c2e1a9f51a72a66cfab3ed72d8f667d221cd
SHA512 1ca9373b2eff0620d02249ab82fe46644f6452db36a2b61334cc258d2e9910200c33543f7794e0bdc69761f5b86aedacca0fe6491293ecd1df2992eaa5aaae99

C:\ProgramData\BlueStacks_nxt\Locales\i18n.de-DE.txt

MD5 a9ce4896a111f0ea2149e25ddfcf27aa
SHA1 5f242727905a3f30263793e3095fff8fe7a3a0f2
SHA256 941d60fe4e4f1a66166e8fe75f885ab1086a4037a4627004e391d7493e3e8911
SHA512 05d0f13214d60fc4533652f5b1dc161f3f14c8b194d74e45a34412f97267fd69b7b19f1f647f348ebfbbd2551c4060e36e746a6a79963db7e78cd95c92dc4d3e

C:\ProgramData\BlueStacks_nxt\Locales\i18n.ar-IL.txt

MD5 9fb07e066cc2f213a64d35a97a8c2922
SHA1 a70db989f5c562bc69caad89a1402c8ad7c9b80e
SHA256 65e7b0f37b5e2aa805ac8d57969804d803430186f34e9703ca9fa09ba908ef90
SHA512 81680bff55b475a62a4bf29a8c219230b84894c1165f60e372209a5aacdba8e4819c3dfb76f3b55c15d472ababeabf0cd4b30c04e7daa26df63c8a5101970c3c

C:\ProgramData\BlueStacks_nxt\Locales\i18n.ar-EG.txt

MD5 7a7d65e41e785a7a848f0b021cc0c0d7
SHA1 9d61357d9aaec43adb92b95dd63103c566aa2083
SHA256 e02e378326e351980325f9cbf4e27327ac03aabf85286e7636c99220da950806
SHA512 8f67d2e4ef55abffdc1062997cab7a44cc81e42b16174d88dad41939992903b7a9ce9c7775db10835d30cf4aaecfac7c8d6f2cd1611f17e40d3c66ee0fb928cb

C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_unselected_hover.png

MD5 22efccf38e15df945962ac85ac3aa3b7
SHA1 b94a8615dc92982e1637680446896080f97c2564
SHA256 0ec39ed4bf89a341f1b5aea56d0e99ff5c923b9c3a6a81adeb9ff21764136f92
SHA512 41a4dbb57abed1a16aa84c72c202da461ca45cbaf68f69a10cb3e5529e8dff659e89f7f4459d1e2e8f3549c6fd51f23fc8422f86667577ebed5ab5df149c79ee

C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_selected_hover.png

MD5 47ff3e4cc15b8c4a07e3ceb6cb619b62
SHA1 0318e54c613b8ff00f54d843e90ef88310c1a96f
SHA256 4786cfb7c98edcf01d6b670abf19c50891d56a4de87b96a5e17be142b1af666a
SHA512 0212bd7f6cee390d3bc221a22189b75407fa660a0951c7f768645bf97e7b61ee86fa9b1de6f546ff1151560dcb3b071db8c14a7b08b0e771b539a817b31b154e

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\vi.pak

MD5 561050669f78bd04d0431de3eb98d160
SHA1 028a78bbaabe19ac338648ac95a8b944254e8d3d
SHA256 922eb514cc20dbb44f41745c9e793756f8b46892504207e75de188be0aca6333
SHA512 2df7ff472a616c9271da813a66c6bd98809d788c7dc752ff0f3f68423f245cadd6945a5424af740b17d14f4f6935a2f2bf030b369dc8a39fa6e968d7f2a1897d

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\uk.pak

MD5 e21f45d7685b75be483013e1e8dc8237
SHA1 8f4cdd3dea580d7671117e9c49891212ab950686
SHA256 dd57df6e7b591b3bd6663743c52f4c5f3a7a24e90fd8045b03479707f25702b3
SHA512 b29d8c67a259e4221e9cbb082f41a1b008f665e18dac568c7ac75fd40ee1e1e00df8bcd65825fbac63d51b1bf555c5c3752b96a9c8a4a153cd325377a165a048

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\th.pak

MD5 433dbeabe2d4c70255f1685ece8fb97b
SHA1 966c16c364b4f3ae6ccb8c5019c0b6bca75b593e
SHA256 dedb178d79730bb0282605f7bbc6e410b03ee7bdcee1a64c08d9e9c442f49942
SHA512 b5f3d434f71b62136647700e7d4c4e207bafeeb20cdb03019c6cd6580e61f88f596a4f2a0ca77b010f38b41a3eaf5df8e2a00e06764db17244083cb95703213c

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sw.pak

MD5 e99bc71c3caeae580ef7060155ddd0ff
SHA1 d6986e1fe1dd6c110b05f44f84e956ecac188b97
SHA256 4282f200af58345ac756dbf88d0b898d26750f5aa16b7d2557b4d31c0ec126c8
SHA512 6bef16c9633387a3a0557cb644f152210d75157ac9b8ab1af6b94bdbdfb48b2511d0adc84d269ad16a439415ec46b78ff9a2e743bf72238cc5f25a4ce5bbd7f0

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sv.pak

MD5 f2bf46d97477489d80659d0be53d9d05
SHA1 a76378ec45dcdef0c596aebe8a4cf36dd3f9c01c
SHA256 196265eea8a2d8746953564b11d64dfc38acc9b17d3e38965f3ae1ba78841e32
SHA512 d65d27d04beacb20d3367af016ef55bea774c782475271e0a0573d2bff2912835d96a803c216ca5f43b56d142e6a77b41a67f35c5bc704c10f5e2aee5d6b7348

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sr.pak

MD5 97ef86fc3b66a0a3aa4e1be4555369f0
SHA1 bbe68527d0c4c9e6624920d548c0ab0c09dbac88
SHA256 d5a48e324fba0fe6ad0b08da12fa2f4b9279b6271d36710663b3462794a0c7fb
SHA512 fd7802060a8891df3ad2df1252e0fe09f227c7ca81715917fe0020277d28788326d9798cb62acb8820f4701fb18627f78b6d22d9ee8ee402abcfeb4704718ef3

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ta.pak

MD5 48554783d89587fe96d94cc1afb58248
SHA1 be0843e27225df82cbb27f017acb7bac27c92c5e
SHA256 df0d976ad84bd0dc165f341ca9c5dfe7995a4f676c1c0a09d7a4716747e94896
SHA512 2ec38646a550e86bd6634247de2a49be20e9f3c09820284da82f7aaa6ceabe32920c4395d3bcd728e3370f8342627a9a9f12b6a222de145213efe57239183784

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ru.pak

MD5 3d28ef9e25426b08409db5379cfd55e3
SHA1 25fefc87d6233da5b287dbbf04a63c34cb9c5571
SHA256 b81a0b0175225dbdf35150dcc0c36154cfc042c1525df216d68034f0ae609057
SHA512 210b8bf28519c1e1576dfaa76260ceb6fe5dc46d23a6c74f1eaba9e08abb310b34989f0e667b6839999f765cb9bb77d35636db63ba082d471c6b73819b357995

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ro.pak

MD5 14ee5c1a362e753a5c44b11343430fdb
SHA1 b87e4750d5319c5c695f1581feaacdd71abe0cda
SHA256 ac3134a201073f6482a4cceb29a745104325ac76b7ad0d262ac7567584f450a1
SHA512 ed647aa3f3ccd5033e41c8cbb8f85d1bd0dbf783472668abb9a7e83ce5ce05706b9d67d5cfb4c28791414e77b5ea9ca5335189545ee79475d3f7cf58c1f12377

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\pt-BR.pak

MD5 4792f1e39c6875d8aa5e911f16ed638d
SHA1 c04ecb497096be4173f9aae3f0ae6accc8324156
SHA256 a39bf79dce50c0ef227c3f326728d12c7675a79ab5d4b891fc56913bcbe83e5e
SHA512 5fabf0e030f94c959eac797ae401f28b76ad63816e88d26e3875168978d7448317e3f86aa99b15c0ff266505c5dcb30124c796c6c46c0b90e09ce21b77324d69

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\pl.pak

MD5 41ad390a8cc5fbd5b1f352e838b42ce1
SHA1 9efa8f2e5a0312e83f737929765a86112a874272
SHA256 979c4336b428df84e37a2a51a7c5f311ac33ef6e4edc309c138ab2866dd065c0
SHA512 1beb3c66c5b4f9d128e8badcaa8b9dfa9908d74ea910c40a7cde8be3b9b704525e7ddf1e646013cfecf7c66585975b8a8e640b43b27771335bbaa90158f45d01

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\nl.pak

MD5 884f7faf0e79d04c6536506d6f95eab1
SHA1 39334913aa447b35012a8d7100e7f91e805c7e9d
SHA256 b4d9d873df0ab126f4a312755fde331d4d246519f1757f32087b36714ef4249f
SHA512 77a4379e148c7886950b92bdf8959c12c8695b7121be89142f4d4190cf32c43b8accb77f0c40718cd3c7e3ac0f90e99f3dcf5992140a5769821fc2adac988e18

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\nb.pak

MD5 5c901b43287edab65f05464dbad3e301
SHA1 d76444677a7eeafdfe0bc27a0ff892f028144d67
SHA256 0bdd86ed3444e7e5508dfe4ec483673c2744925accaa5529bff4037cd1b0c2ed
SHA512 46fbe41905a44fe034f3b0798459a2b5bfb4ac408bb90fb5f0f9e82c91407e4b6eddaa82173c0926784881acee514da71284ed02decb49d99cb235784d072da2

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\pt-PT.pak

MD5 0db54f0f25ec3a19dff541ba223bd5b4
SHA1 dc1f0c9b1c2578490af5923df179a92814c04904
SHA256 ff89da2b21c03475373f3839615c570d15b9929fa2cea991105915ef4e648d69
SHA512 96060c6c548085f019f3f127c4250ae6620c2b4f206da9203db94a7d2146c945b5384a661494ad886ceb35cf3f45500302b01009e08b43e549e17ddc318bc48c

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\mr.pak

MD5 f40f6817a07049b8589310b7dba04534
SHA1 93afea27adbd165aa1e3261cb67d5ab719ea02db
SHA256 5429e2696d32638253c4372cc427b3fa154d7c997dc13aab90411fdf98c8f6d3
SHA512 450039cebfebd9b5dd012c2980587e78b64e777bb2ed7cebd1f3174b5e88f0a018cbd60af18ef3eaeeecf9729b420a0216a0b167867be4a2814744217bbf84e6

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ml.pak

MD5 df01088842b8c05568fce402a69bb595
SHA1 4b97c244ee85efb9c35b69f65f64d9cfcb2d25aa
SHA256 9f1fe59eb3d0da8d36715d63da958b5773ced3967e04c5314b3d5aaad2f3c579
SHA512 b434a12884f7a1d417c02de2fd27955e6af2329d8d8d0db9781675a16396556b89e2f46dc951e070c4077073e126d492a5db7a077b7ac3b1f80fe4fab4d68125

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\lt.pak

MD5 7769b6273b1519ea1a8ac9f059e78c93
SHA1 6d8807f4af484041bac83d5d8873d639d5f07d0e
SHA256 e88897c766d8746b9ad859123742dc84b4dc9e6bd05d10a9262b15055a67758a
SHA512 9c91942cb73bc0c2dfdd94a93759520d9a3ac7f6b43ac826d00d2ff46c6335ed87126024bfa955e9c9e744d437a832188d66ad238ae66378a23210b9d1e740ae

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ko.pak

MD5 2a0bc83152bfbc0f365d3a85fd1e1832
SHA1 9b972a8e823ff6f161ca2aadac11043b054b3146
SHA256 ae1cdf9a4cef3a86d3550f7501e5c650cc1e0924c9ab84900df702ea7e351f8f
SHA512 2c3ae97d3c78310cafe92620c0438dde4c624353cd682f3087c92050870d768e6f7071248e55d03232739a2dd94c7694975b0b329f1ffc6148221a18effa9088

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\kn.pak

MD5 2e9a1e91aa149308dde43e0b357e1c8a
SHA1 d657811a3b3dabe519fb7b5fad46977674234f51
SHA256 2a0411a1368fd5f342581b00fb3b451f89ad593fa49f0f79fd9abd5ee0d5f5e1
SHA512 d7b612562fb04a89dac28f51e691f42af39cf61bbd2199c4f652a3096330a99084c0f410bf0c449403031b9a264769ba2932cdae8b0c49bcf92b5ae7a4e8fe9b

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ja.pak

MD5 9705a8fcead214aa619f1be816135ea0
SHA1 f10d22cdbf5d7960aeaa13c98cf8f7de41034760
SHA256 c8db5560edd42f1a6acc4efd10865ce39c15dadd3b7dbdaaa28922e1f9c86320
SHA512 6d82ae6023e48ef54d6903a13b6f07069fdd5c87aa0e7b1219c0797bf49cc789170b3677d572fb1b63feda138e624f71e7175022eb7928db0dd413cc8652c6af

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\it.pak

MD5 56c13472d7efdb4466d5189af2d06ce6
SHA1 84025c148e10e1885125893dd286d0f9e751e101
SHA256 7114d3e0c7de30f25c789a1dcc7c50e85985b8ff35afce4600128e85318b4af4
SHA512 fa9b17d387585a281ef1582b8596cb61dc79658bf3b121f6fb6355bd6584c517d938e21d1a0b1be6491c01e5c15c2da666d9f77000a12a2da137c040046957f8

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\id.pak

MD5 fc2cd7f4af1976579f6b0eae3ab2d874
SHA1 c4e434b9d0d95a505947c97d396b05c9a18f3983
SHA256 48b670c94216623a0c81ad611cc3b47a47dc9368215e065fd02448b4ebf808ef
SHA512 9e355bcfcc31535755233cdd7a521b0bc68f897d85a22da658e3fe5bfa388ce8d8dfa7c01087ea04cd268d44d43862c5acf5b305e45b4572dcb25884e45a4535

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hr.pak

MD5 a621446d9e94b0d47935bf3310c385b5
SHA1 5cb954846bd2a2c477cb28b99545cd9bc0fbe990
SHA256 93f7fbaf2c7e5f52187fc4a2b5726387e84decebd1efd8b922665bb831e5b842
SHA512 80c5ddea81bf8d1721a2c6cf094cb2c99a10a9aa443193bb2942360de9783da75292eaa341711700281626cc0c8a8f9dc071bd8bb589444f764ea307c4b9de37

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\he.pak

MD5 8c02d30c68c4abb4b1a7c2493d8fde51
SHA1 2cbe2f537d59971296f2180d146d9c2905d2a76f
SHA256 e37f0e2516799f320e4ac1a872d0ab7108c4f63d9ad33a17a4008923c7f93e9a
SHA512 9155cb07b6a23d7f73bf8f68af44ee3bc1e25c6ca643c2f8d64a808d3f78076e3ee60f68d3be9cfe3a6dcfbbfd4595e58c897cb4f8b92272e8ffb443cdf6f3a6

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\gu.pak

MD5 e245057bea15117bed15bc3ee2911d74
SHA1 c8e2d5f85a974fa989c0d0f64121d2836a13bb84
SHA256 4ea64678c7c551c2b2088b9417bcc76218822f3213e9b8028d618864035b97a5
SHA512 a72a1c259332f279f976403034c9d2356a437a1677c0e20c243f23ac246a8ab65bf150a610867687eef48a0b7c87d23f0e357ef21bb1791386790243803ee70f

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fr.pak

MD5 75575474726cc8d98def90e0dbddcb0f
SHA1 3e62e3b73bab73597a01c3ece5871c64b142391f
SHA256 d37509844342371b4026b720dc00f77ff88fe2e7c2b27861e3ca66b10e76ca94
SHA512 37e8e5cc44ee4433b0206cd1baedb955947d0fdf172e69a28fb7bc09f2a57c4f27fb45c12a0a49753281cb2e2a92792b67d568f3cd4f90c9c87337249d031fc0

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fil.pak

MD5 f5257136ed900e1715979c9a96de292d
SHA1 217cbe02931f6466bdbdb27c85c876b851610b23
SHA256 98a20cd0e9fae36f22de4a4db7b515532b4327e6d475d4e39ae93ea45b76cd90
SHA512 c38828d2736ba26ad0bff9976adc9d3910df7a417aad8cf6e3cf6383688a56ad2581cbda520403d44b010562b56d6107211385fc80988ac57e930199415ca654

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fa.pak

MD5 f913ea1db8c9c99bff701ceeaf8138f3
SHA1 6bef3ff865b3a95dc1900ba3c94c5bf556c695a1
SHA256 b4e0d3f7cb858ce12b5a75a71ef14f2a36494cd4138181b29f6fb3d6bd386c4c
SHA512 edca9b945c6dc90586f6d20e73316f620d5fff61f3ad4fd35c7e9064f55b1988cc77d372a97d100cbf572a2906cd193777a18ace98fabadea1604df42c8823a5

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\es.pak

MD5 03265b1a7f6a996513067866d55f3bcb
SHA1 427eecd7810cf24c8758dc9beae18afc9d8969a0
SHA256 516234550bfda93687b28c5cb3b7b5362212bf41b900d790ade52747bcf766da
SHA512 d6ace0340666eaffe28f57fb070eb4504460bd47517cf3c0b9c07671a605ec017c4fb45a38fbb96b9c54887dcee639b41ef03b2fd85ed9a666af56dbb73023dc

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fi.pak

MD5 f55358f58eb17b4bc6abb19592c1aba7
SHA1 6dc1d99757bc5a447b9761a4a0c90a2be521c6b0
SHA256 cf3b9a857c63022d671f4cc335728c270935628f085ac9a17568a2529daeb4c1
SHA512 d7cb03ec31a3cd8c7f13e1bae1439fbba3b76636f1f254ba5376c5da82b9a98e93684fc3cab3bbe8a4c892ba42f17c0db1eec1531950e17932aee16007081aab

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\en-US.pak

MD5 1e958f35257ef1e2e5115d860602a593
SHA1 688afb781ce3c4c9a55fee9696145260d2ce1400
SHA256 4a65112f4d03cf38abf2ccff5e3fe8e161cb3e47d588b510504007c9bb876b37
SHA512 a996e8708f4e92794cf3eb6b7780d9ac8e567b1359aface4fd50d427630e4219678f4cdcd58764123ab6baf12a9c87a08b6ba5767fa8f6042a7319fb45b72a27

C:\Users\Admin\AppData\Roaming\bluestacks-services\Local Storage\leveldb\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

memory/1848-15419-0x00007FFC77D50000-0x00007FFC77D51000-memory.dmp

memory/1848-15418-0x00007FFC77FC0000-0x00007FFC77FC1000-memory.dmp

C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json.tmp-8894421256a12ea6

MD5 487fc6e243eef27429beb166a15a3ec1
SHA1 b488193e077b4a6282b4b14eef9367989a6920b4
SHA256 90df765357f11a96139ffde8addbabe6d5842587b3158dcd3d6667ad2c96beb5
SHA512 31d16830461207750e7f958cc73f761f8649276e71b420db3d17cd67cbb4ac76d0c595073638776c803568920160a293d708c63440f523fe81326ffb78dfea3b

C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

MD5 b71d1813b629f50a0ba5706d71ec9e9f
SHA1 af6e3c808151e1d20610880fe9790e11424183b4
SHA256 c41b2b682f5497a3775278e17e5fabf849b555a66a4e86d31babeb027c9597d0
SHA512 e096f5c8f2ad2f5738c53ed0ee066deb96072dd71449261cea996f1506fd1f44ebc58c198c64eaad926438f754cb9e3bb2d980e6f1474333cfff8eaf0bd5c2db

memory/1848-15491-0x00000166713D0000-0x00000166714BA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2mbdfvbn.l15\BlueStacks-Installer_5.21.210.1023.log

MD5 ae62acf0c62192d60b6851cc2097263b
SHA1 c9fe80e98c455c44542df2a47624fbe17d790eb3
SHA256 1aaa75f7e60f649155fc34ad293f4d8746293bb0683eefdac165db1fc882adb4
SHA512 40e6f4e49c8bf7115b16e571f4937d972034bcf870833ce97f446dc1d436bc841ccf69d1faf0130f612ec5c506a229419b19cec4e0ae8f225eeac1a6fd8c3e37

memory/5208-15512-0x0000000020F00000-0x0000000020F08000-memory.dmp

memory/5208-15513-0x00000000215A0000-0x00000000215C2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 caaa5222d179a24ca5540080c7018b99
SHA1 1f415a7a73a12a4c16f25709504f4e4e4beae9dd
SHA256 b729255f2e984a20fa0f0eb07e08368cf468fd17ff27a7d1dbb4042ec261d8cf
SHA512 71b4f878aa154ba4a8523c2e36faa8dbe3cfafa082b18796d8b69539dee9506253b9e55fc9b71cc2c9027d22ae08587b0e2ddadbc8d3395dbb73584d1ca1ebcc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 84c78b5b597d8bdc1df906ee09e5bf7b
SHA1 6b1904e7436415295f90fb7892aa7ffcd2fcc2c0
SHA256 12b4b447bd916d97ca96b673300abfab61a54e9fb75355df76930f0ee849fc65
SHA512 83bd69f948f3c807aca5468a6047ef9289be36083e2ecc0afba1bf1972a031131d08053b2de1832ee83c91459b8e3dc5efcc48ebc736afaac646ef2bd7da9d48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 71505e4e1f8882e8c24242baa05af668
SHA1 adfaa4e1c58e4c9832d62cace2a7484a70b4dd39
SHA256 6b6d4952718f2cbf7a0de99cf6b511d789a5391838c5f5002d3b30098b784873
SHA512 1e11fe3579ab1168ba85043da8e12640743b789a98808ce5cfb8d643c0cd41856c2a8512e83e6688616ea85963be6795cb6e5aff65ce54afb71b4f3f20b13215

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7f100f4b1ca23d596f54d661ebf198e5
SHA1 eae7033508a63360cf72500be579691fc0de6b8f
SHA256 64956d75e53fba86d138b66dbe85626edbf35b29be6a147fd80eac63f2b8fc44
SHA512 da3f1bc22ede80345f4d9c655d5a86ad70c6ba9c69caee40dca13dfb9fca8d99079e1be3cb222878b6dfd5bb7e8620e5d5ad32c18d690d1b78c701697837859b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 6edce8f9beec6d170da2d1830e25647f
SHA1 79424f50152196789796a62822b0224f9cc36421
SHA256 0218f648781361570009743826c3c48140ccb02da9c755164693d9f9eb0f10c8
SHA512 5f848e6224bdb050847a5531ed9423a819d959f238e717b563be7a6297e1abb6bfd11f506d00e1ce97d338e0d06df28339cb6ad1ada4f0674ad1b0ed5a62605b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 dd88ab23b63312097033a5a33105b140
SHA1 44357e37b4429eade84188d61f3ab0e87319d0c1
SHA256 bea500aa0d507016a7d4ec20ea7c13eea5bffc49cf645ea2dca126529fa96757
SHA512 14e001db7a9e20f8578b36cc762497c9b5f94e6d5e4b3302a2cac640d23375a54dbd610cc0fd84170afd30481f1c8c2f14328e5e55b362d0c6caaa8e0debe42b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 5c49b87c49583889e2563d612a609115
SHA1 732315eda57a2f8a32d2d3e449722501ab4573c5
SHA256 18fae5a62412ebe3386e6425d0e2dc43e63b71cec9fac09c6ece2888fa357ce6
SHA512 3a3b7e3c6f9f344711502692b4c3affb1a74127ddd0bb0af0a1ad4b93d97211eb37f25e606616f02f7450bd6ae496c3d8cbf069b4fabfe909dfbb8b631effb80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 cfd2fdfedddc08d2932df2d665e36745
SHA1 b3ddd2ea3ff672a4f0babe49ed656b33800e79d0
SHA256 576cff014b4dea0ff3a0c7a4044503b758bceb6a30c2678a1177446f456a4536
SHA512 394c2f25b002b77fd5c12a4872fd669a0ef10c663b2803eb66e2cdaee48ca386e1f76fe552200535c30b05b7f21091a472a50271cd9620131dfb2317276dbe6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 345678c7b07498ce68e2e2fa13304646
SHA1 0ed7de2d587429e8c1247e5598c97d5c8c3c73d9
SHA256 936fb600a931283084561f117f5e1940133d83936958ab4a54287b1d7dd3b46a
SHA512 3e671299f5bbcf451021fff53da51277e3d078e2e5d63546bd941da83403cc95473bc559065b34c01aa9461919fc1ff212bbefaf1efac62d82b3d45ec0d5e708

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6cc7779ce799439ac649499546d270cc
SHA1 73dc33b4f1bea58b7eb4c5e6090b289e45b98b14
SHA256 69c0de40b536aa65dc765da450a94b131d337becd5a6eea11c72c3ebdd1dd506
SHA512 46daa67038150f9dfe683ded71930e4753ee5f77c21f44d5b05df2a1e2233a78456b3f7041780ceb508f29c86c42b31622a633d43ba44ac3f0fee2b19b1aa2ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 43a8b734e79899a7ae4de535702a90f0
SHA1 a06f5a0c999445541fe27edd2e7ffadea0ba2600
SHA256 fa82f40c73354bd2cac552ed7d578bd62e208bd39293f58145a9d36755fc4859
SHA512 62219fb78ac8f9f899cbefe78ff512d7c8210ff954e18b3b540562c5c09edd1e95b42662cfca094f94c1ccb9a9615b5eca4ccde6a77ffc66db1e8039c7e40de4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 37c7a38bdf4b2c563131cf238a788564
SHA1 9b0cb5c3aacdb2a02bae081f28530f182cfeb15a
SHA256 3bc79a543bd516199b468b539f285cc3a81dbe4165663e3aa9d5d8710fd6a621
SHA512 b7d65b0867ea02d337fb15ebe070719e786ade4ee292ad6ffe90d2e8f74c3b3ea6d65b35c407fe81184911dfa93668f969efd79f8f90b5d5c6f58facbc034afb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ec57d21470c3be07e363c6f729feb2ed
SHA1 d7fe191ac72e0fe1e20c666dfc06e9b7dd91fdce
SHA256 623dc5667496cbd6086617109e19c38487ec8878a399832c16ca829be324eaf0
SHA512 43aea135e5c2d371bbe4d38b305eaf556c40be6424e93ab05d0f90d92b7b4cfc1236a2bb2b49ead64d63b7d3c414c1f1507896dd04b470d3f971000cc0d63b24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bfc6a1384eaab370360b835bb05550ae
SHA1 60d003451f9341b422d8e859b4f8c8eae652dd8c
SHA256 db874a499dcb2062690e5ae2efa4dc3354e26f857228f16d9a19845f5d58449d
SHA512 d737d643a687cdca76e99b9afb812583da6dc197ef950297e9d3636847df0dc5491c458fa3034b5426e533051ecfee8a4a5100a50e56fb047712ed33548c58b2

C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State

MD5 d55f480fe907d8e329a98cedbb46e92f
SHA1 b7ccc8196410296514d2703589050f5f340e1519
SHA256 406688b3627405f4d3d66e62da1ff58423898ac73c6d38a97c7e323563f71cb6
SHA512 262453162d9b6503219298da2c917c2179be2fed263692a852c87a2c96284663bfe9f68f6af5d35fa89836796e2fecfd5fb8761a7a4c1782ea23990f40d0f613

C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State~RFe5e0f40.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\Assets\setpath_hover.png

MD5 b1e53a76b6ddb3ecff52bfc1a8e5b09d
SHA1 012b5879e879fa25bf48e4bb62c35ee829eea571
SHA256 2da3f9367c847e47131370dd163f611c4639287512a47f487e0025c5665830e0
SHA512 4369891858b4adaf9144636c44b55979290177bcff57f67f341071e42e90f992531024e122c0bc5436ddb8c55e994e7b913ec37137a642dc0164e6e2516f0b68

C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\Assets\setpath_click.png

MD5 624e84e9b49bc150043aa9fb0eed2822
SHA1 f23f2a4ec609e3e9cff9319533e561968ccabb22
SHA256 c94924e95a49b175c8fc00bdc2821bb70a85b864cc193becc553b32f0024dde1
SHA512 288e1954d29bd3d22b56fadb2e0d3d10580a540fa1f2bab1284d957708bad96df5e38b67c6dc14784e1e275b89082c57370b786c0d0c4307601c0d2bf3704460

C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\Assets\minimize_progress_hover.png

MD5 fc2a0361a751177d3aacdba9c31b2682
SHA1 0a8f672d7a8777d1106e3b8ee36bd6e45bd322ab
SHA256 1a4aaa46893e2a9b011c478fbb0cd0e84c199f9f3520703189640088969ef5cd
SHA512 a15542c90972387133d86f6a94c17435432b1493b02502533c4d7978428ed7d44a7d3c5564fe08946561638f8a5a3dd0b35b81979c2929dcc386ee5f6f7ecccb

C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\Assets\link.png

MD5 ae2c73ee43d722c327c7fb6fdbee905c
SHA1 96f238bf53ac80f5b7a9ad6ef2531e8e3f274628
SHA256 28c0abc6bfe7a155815104883a37a53dd783d142300471064c95eddf3cae0eaf
SHA512 5a1e341f727cf1cb4832cced8e96c5a74971451629603c48bfb91ceb4561d0122ab9ae701f8b34681d5f13115a384467d430ccb8282494b40f4577ebc3ad825b

C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\Assets\installer_upgrade_image_bg.jpg

MD5 3bb85d2c8cef28c89a2d07adf931e955
SHA1 596d13e7742455afce8a534382b28cfd2f6aa185
SHA256 b7f75233e633107d50f24ca82099225c83a832571cd2ce92901f2db3897f058b
SHA512 7075fe989d69ad5f0f4cca5fbbbabad16e0949c2ab8538f3f96020b831a4ec1cc3a701dcb7332e577b5eceba230449efbbf8e288dad47a53d76e40c2337dc730

C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\Assets\installer_minimize_hover.png

MD5 18fb6465b029206477d0222e8da6fdf9
SHA1 b7f91e5e3002a5d3c84a30ca6cebe1a89a65ba7b
SHA256 57aae4bf49dcbb0ad6cff6263200015c89d7752dc75c2ad918bf846e1ce9646d
SHA512 f045dfed35ea9ff31336cd354a0dd2e9a7ac2582cea1d25a444fffa3bd01e03d73611f786873a81a27a370e5ddb3a6043713e29f064d274088df1c925eb6785f

C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\Assets\installer_minimize_click.png

MD5 08fc39a69fa17e0f529915919cea1633
SHA1 2966a3f739698e2ce368585fb7f6ac4eae4497b1
SHA256 2599d6a55a8e12b1f05a6e8982d55559151a25ae3690e6637510b6283622dd95
SHA512 f5eae902f9b631410b03b6d4f9be1b4cf6547a94f1a2eee6bf70b0f3036499c01a42c9d58cf98ffbe10edbe79577a01e64faf0e527a70bc9470a1c3d9263b805

C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\Assets\exit_close_hover.png

MD5 92c2bf222d6ab81fe7a0c072bf31c107
SHA1 8853eb08a2aa3e99fae6dabb9cff6461704f2a2e
SHA256 bcc053a9a087e077d58114106d29701a34f7851f4052f3157102811355d3e709
SHA512 6548d0038f4bda1db69de0729cc9648725d744953649a396b9147afb16abf018a5aef7ff7d3bb019031863f20c81bc202d6e37d171027ab9fde3b37402e179c7

C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\Assets\error_icon_72.png

MD5 4aaf83d2b3fd56ad806708e60474df39
SHA1 144777a265879b69fadea3eb3ac6939458918578
SHA256 84e59d14d9433e6c3d92daeb8c443063b5e3be6c0b297f0403dbde473a05cb3f
SHA512 3b8485f054fe6ed2374bc81cb1786f09741219fbfcb22503707b11cf5db1ab262ba4349633597d5d9ddabc3415b170fa8eebc932f58d211d7092b8fb96fa1304

C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\Assets\error_icon.png

MD5 dab2c4538a83422b5deae0e0de9b7a30
SHA1 78c2ab2271aa4020df1e0289bc3c1ba9a43fd424
SHA256 666ad4fe456216ddc06618967846ed31f81d8db5be97da6531842c0667352b89
SHA512 24cb30a68ce117ba16edd1e94c7d066343eb265c874cd55467db2f913c01b9d776b2ad846e3414cd820c0ba10d93f132aea27739d16165b6e9dd5fbc8890bfdc

C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\Assets\custom_hover.png

MD5 f3e05f142e742e25a98d4f5af3ae0623
SHA1 88363e81ddef700803f4859d2f3f0b4af516bbf3
SHA256 d588ef0eaa334ed8482f32e5839a7ee0d0b544d5b8d5f7720b8c57010e080424
SHA512 5f07a7163c9834564dc4de5a1a484ac8208151bc244f8e72d64556abf88c35f6a81dd6718a3e6f681265c10e2dbbadb07570fa64c31113342a88fd605019496a

C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\Assets\custom_click.png

MD5 ced07c9db242115400e159d9a02bb7b7
SHA1 6f2bebd1714dd7522479b5f3e3f2b3f0d18e8c77
SHA256 1318e0f34a551edae1e82818fdf7de5ac627493db5b24556d919f525052d5b90
SHA512 d52e63792a5b4172d4ac4e2d369b22b170578616d04de5a40be15b260a2741bf8158b3aed9509760c334283360dd13a4fa21538fc4547ba464be5dd700a22b70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 91fc0db872cb4ba24de1941fa3fd4190
SHA1 2c054ba2dd94687e492e0b8eca89a4bbd04d0bfc
SHA256 78602eb3c6f60e3f47536cfd8138466e5fabdd7b123024f405b38c0c3bf5313c
SHA512 b8db4e134af3fafc192e86514386c620eda1d5ff0b11eccb966aadd85f782499500e756696025e9a35ab87844ee1f63eca72f00a7ea8e4b4cd81a7083e81003c

C:\Users\Admin\AppData\Local\Temp\BlueStacksMicroInstaller_5.21.210.1023.log_bst

MD5 3f3a4927a4c46058dff16c0fe467c649
SHA1 70ca2bebd44bc6a62543ab9139889155382ddf58
SHA256 984b767fba7e9dc38ac09d2f48b07a1de7b92e8b9fad1f89b55647d5195bb62d
SHA512 df3c65c756b93688233cc32c6cf2e816e1098c2b3abfaf8acf264e019b50e1e76501785ccdbbc66e822ddbbf2254558fe8fba59eab2b875d14cd465b9c750b32

memory/9148-16095-0x000001A793BE0000-0x000001A793BE1000-memory.dmp

memory/9148-16096-0x000001A793BE0000-0x000001A793BE1000-memory.dmp

memory/9148-16097-0x000001A793BE0000-0x000001A793BE1000-memory.dmp

memory/9148-16101-0x000001A793BE0000-0x000001A793BE1000-memory.dmp

memory/9148-16104-0x000001A793BE0000-0x000001A793BE1000-memory.dmp

memory/9148-16107-0x000001A793BE0000-0x000001A793BE1000-memory.dmp

memory/9148-16106-0x000001A793BE0000-0x000001A793BE1000-memory.dmp

memory/9148-16105-0x000001A793BE0000-0x000001A793BE1000-memory.dmp

memory/9148-16103-0x000001A793BE0000-0x000001A793BE1000-memory.dmp

memory/9148-16102-0x000001A793BE0000-0x000001A793BE1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 3dda883b89b1f31dd1e8e0be2d4250e9
SHA1 ff69000e8307afcb2b4db7d6117b47975f9de06a
SHA256 e60268695e6c66a62ad318850e45954bb22d21f2ae62fe9f0c5490dcb1e69f9b
SHA512 25176c5acc9cf658129508ccc1b7fc8e93777cc59a404caf06a0e0eeb7c10b5276923aa51d56a99ebfd45d9f05b16f598794fb31ea0aa39565770b3c3b8c8c43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 654b495cf8877c0a6c9423793216dd88
SHA1 17526245d961301ad40c738f6b6d16a2afe6ac8a
SHA256 e6e0c443422b16eb462ce281ca745a2e8cd58d266c10bec39a12dbd45b92af69
SHA512 0c319332fa505d54972ec8046e209f109c52dde42ae303d862856e2107e7f16ed5332375acc5a9c1272d940dc7be3576e57b833e3746ffbbbf9b8c71ec3482f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 443826e43ae39d6b6d996ec061398f84
SHA1 a996ce34b3bac4eb02a8c113b1105de8f17f0868
SHA256 87fb32803b0681980e6fcf71b9d20c00239b622beffa02de6184e8b15d7b9b51
SHA512 6875d9dfaa2d4b0fcced2350ac95aac477e9289ffc4e192f8a3d20eda57020d31d6feff74b5f4978f1e5f6373b13d81fd041ad95978c1a20c867710bb1acd477

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 296107fd9e4b08da2a5eb5381e62e59c
SHA1 0fab647f77db64c6284dd6335f6f01696217fb88
SHA256 9a75f06abaf3c4db9cb4110d32c18ba80356efafd79e6f6255aefc31054ff133
SHA512 519f5c12f414e6321e63c5c2992b4eb89131334543310513ffefcb9b4cfdc9cbf9adc48854dd40daa8475b238ec4a1b1d6f31d666e5edb773f433582777bea43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 20adea22eec53811cc6bb3e6fb9648a1
SHA1 89ccfb989609bb343bff0f260fbc28e78b0ae16a
SHA256 d1b7f4208210049da4739648765e40bb8d8f0a7fd4e942df1d736e803739f5ea
SHA512 24342b4e909b88faa4b028aba8428bf4b3fac6203a61e74890a4c3439817444826c6d4785f0cef484b73c6116a9913c2980be3c59abaf2b3711942e1e53e6b55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a0121768-2b00-42ca-ad5d-4391e237ea68\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

MD5 f28938e450beb8019cfbe1d5f002cdee
SHA1 aaf091b45e04f04ff09363cebcf5af68429d081c
SHA256 f278dfebf5d58cf523e6d65309c4ef7746ac1a2a3fc43fda23433f81617b49c1
SHA512 f847474285f8ed7cbc794037b2f383d31f7a1cee6bf689688dccb2cf96324d953562521b5ea714e4dd52cc214202167f922ac7643c3d214e9f93e3292b27f068

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe5ecd9e.TMP

MD5 1041d90245f44200792c157e80fff879
SHA1 94a2f79335f1afdbee62fde8247c86955f62f1ff
SHA256 1faa7e1be82bb9273a57fb3de7cc809f3f9a105025ec200c0497f397c422a23f
SHA512 6b447e247ae7ad867cca37da48872fe0d1ff0a8ec0c6fcb38c36e7a6d6ab46dc80df32af032f2c9767c74590337d543e041e802586615ef8e98f25b6a1071aea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 47a33e5cd941ceba6d22a13597658ccf
SHA1 92f8c6709019842f6d3a0d20f4c4700fbab597ce
SHA256 3c1831451ae3a9eee645b7bdf4649da2dc56300a2ca2c7e77fa3932e754a99a7
SHA512 ca778cd4030677c1e65de67931b9dd84a2d2130108a08ac93e8826794dacc2e51e3a58fd56dbc9a5abe42e9b543e0167e78f4f230211e235caf0bf38152cb3ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

MD5 bd62a36585291603009924e7f1738cbd
SHA1 2d44e0e5690e75d8471cd2057e653f147abe8f3e
SHA256 1423b4cfd6210689ddcb674e05435df36f9249879090c915c0b129d285dc6967
SHA512 c9cef00dfb76e99d4e9a54779401e257b4bb04f2c707724b0be567d836ff1de4fbbf51d7adfe3e0e97458b367c598eaeb0cb7c49b5aa05e4009419fcb28d57ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ae4e396912baaae6fde28376e06ff531
SHA1 09a02fac081273abcfa74ebdbf7c252c49652bfe
SHA256 ef0ee8b6b4399c0115860d4834e1f67bc0aeb6eb0bc8339ce5ef68caa655d7c0
SHA512 ab20b77a634efddec759fe34ff30f7bc1da5480364e3411c31f67d376d0fe0570accdeb39d875cfae89ac64ff38631cf5c52028bca53e8597898df2875afa265

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 03c9ea25f545592dfe97f6c5d2d9fcf1
SHA1 c65e778516b7cfbf212d03b1e4d41c09dd13791f
SHA256 ce2ae238374c95d2d26cc93ab7e3dfe1b394b5c0fb79880323ff4ed51e689472
SHA512 764cf1b3f602ba13022d06c65b839c8c912a8f09463cc006da34e82e8b67afb104efdb50dbe41e2bdffed1fc2a50a239548add207481d111918f6c84e2f5d785

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ef06710f026332f4cb28bc3eb2e3540c
SHA1 2e55865fa5f58f822846ceabdcc01cd901f88fb0
SHA256 a3c4acf7ab56299d7f31c3d9f43e141afa8430ea30a745e08fc64bd01cf66f8d
SHA512 d6c63e295d5b5cf4680e041b69755b7fa37d16e47804d52a3b0ba2ccd26ce2870d4defc059e502251ad7ad3190b14768d59b0454f8a6afb4b93b15a683886823

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9bd2a050b64f465ec12d52047c403dba
SHA1 a7e2c4a0ae5a43d8c4532788f726ebd5b9e0e062
SHA256 eac094035110875efb8526bbf56ca71c65e5daed0bf2227015a21fccfaf3337a
SHA512 ff7911036648245eee77b38d451187ead85b4fc1946d49ecdfed4d4a0389325be6b8b17c25c2febc9d555307635b512874ac68d3d92da5a44363178f994d954f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 81c92a55774349bcf89247c03ad4d200
SHA1 d873cc12c048483f32893ce857904708d22e0a83
SHA256 9081f8405cfb7bf660e5281f9358f8c4eee85a6171565fd37289682a0ec2a434
SHA512 5129a95949eb1d523c7a842d5c9d89b8bd115013fa86868f317364203d10fe6c3f9fde51409a709a16c7d303c5cf5ae3cdb1cde6057bfb3a7507caa87d6e9eef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 58589003a8844f592c245a2e1f230b4b
SHA1 ea26abd83749d395186602cb84865c6d02062675
SHA256 6824a1a00fb666c43608a41a28437bcc2ceeaf9e6764f2046eb1c4d0694133a3
SHA512 6995fd85ef24dc64789a3fe83509a91be6490c18f3be2ea42ae5a2219160f2066114741f816feadb3cde8ffbcad61ce53b998388c1e9926776f1544d01acd1ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a66c52851ffabb29ba39b42becc44437
SHA1 9cece3996498fee11132481bec3968d460c43d4e
SHA256 445cee6cc20d38eee4dbd2dd6255724c82a7ed53594f517d8257ed2cb1cbd709
SHA512 27a0756f49141e075a06a8f8592ff62d71ac9fcfdbe695c6e6e245e7e38d5527f6dd58dd0dfe22ee3a475852c695f08680aa83db8537dc8fb3a294e4bf399ba0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1d2c503ac593e3fe04fea08930898dcf
SHA1 962a4aad8cf69c822bac749875d0c36acd510a93
SHA256 baf7d8cd5af65bc2482cf19d32a69480c0bb11f9bd28a5b8079b4a9ffb81bd81
SHA512 f634799270603032c2e17aa35416341cf9197cec5dca5d7d09eff3f735af613e0ffd4c6ee3e69653cebe086639cdf045e6271f6b401ac412ece1f4b5959fe27a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 39e184d177d280f01b2b26430654af0e
SHA1 5301905df34e8888da7f272830de022d44b31e1c
SHA256 d2ba5ed68cf72ddaa867e6fab86c84292d497738f95c30fc896af7e87dbae0cc
SHA512 96c32f4a8e57be9df2879f54a7de57b9a3f9abe44e858f72c4eab798e737236616ae89156474861c108d04427eceb12cf429be56931c6acd06e7a2e389e0d97d