hxxps://drive[.]google[.]com/file/d/183Iog3X1r_uNXwX6wVinN9W29KAwMx77/view

Analysis

max time kernel
615s
max time network
617s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 15:40

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://drive.google.com/file/d/183Iog3X1r_uNXwX6wVinN9W29KAwMx77/view

Score

8^/10

discovery evasion persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file

Modifies Windows Firewall 2 TTPs 2 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
2784	netsh.exe
768	netsh.exe

.NET Reactor proctector 3 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/files/0x0007000000023977-2477.dat	net_reactor
behavioral1/memory/4744-2478-0x000000001BC00000-0x000000001BE04000-memory.dmp	net_reactor
behavioral1/memory/3968-8759-0x0000000000FE0000-0x0000000001584000-memory.dmp	net_reactor

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	HD-Player.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	Bluestacks.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	BlueStacksInstaller.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	HD-Player.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	HD-Player.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 44 IoCs

pid	Process
4744	BlueStacksInstaller.exe
1576	7zr.exe
4876	HD-ForceGPU.exe
1324	HD-GLCheck.exe
3388	HD-GLCheck.exe
764	HD-GLCheck.exe
1624	HD-CheckCpu.exe
3656	HD-GLCheck.exe
2132	HD-GLCheck.exe
2816	HD-GLCheck.exe
5020	HD-GLCheck.exe
3352	7zr.exe
4292	HD-GLCheck.exe
876	HD-GLCheck.exe
1968	HD-GLCheck.exe
2816	7zr.exe
3720	7zr.exe
3800	HD-ComRegistrar.exe
2600	HD-ComRegistrar.exe
3440	HD-Player.exe
3488	BstkSVC.exe
872	HD-Agent.exe
3076	HD-LogCollector.exe
228	HD-Quit.exe
3968	Bluestacks.exe
3944	HD-Player.exe
2768	HD-Agent.exe
2600	HD-LogCollector.exe
1656	Bluestacks.exe
4072	HD-Player.exe
4412	HD-Adb.exe
2760	HD-LogCollector.exe
3924	HD-Adb.exe
2248	HD-Adb.exe
3644	HD-Adb.exe
1516	HD-Adb.exe
2528	HD-Adb.exe
3840	HD-Adb.exe
4428	HD-Adb.exe
4332	HD-Adb.exe
1456	HD-Adb.exe
1868	HD-Adb.exe
2680	HD-Quit.exe
4264	7zr.exe

Loads dropped DLL 64 IoCs

pid	Process
4744	BlueStacksInstaller.exe
1324	HD-GLCheck.exe
3388	HD-GLCheck.exe
3388	HD-GLCheck.exe
3388	HD-GLCheck.exe
3388	HD-GLCheck.exe
3388	HD-GLCheck.exe
764	HD-GLCheck.exe
764	HD-GLCheck.exe
764	HD-GLCheck.exe
764	HD-GLCheck.exe
4744	BlueStacksInstaller.exe
3656	HD-GLCheck.exe
2132	HD-GLCheck.exe
2132	HD-GLCheck.exe
2132	HD-GLCheck.exe
2132	HD-GLCheck.exe
2816	HD-GLCheck.exe
2816	HD-GLCheck.exe
2816	HD-GLCheck.exe
2816	HD-GLCheck.exe
2816	HD-GLCheck.exe
5020	HD-GLCheck.exe
5020	HD-GLCheck.exe
5020	HD-GLCheck.exe
5020	HD-GLCheck.exe
5020	HD-GLCheck.exe
5020	HD-GLCheck.exe
5020	HD-GLCheck.exe
4292	HD-GLCheck.exe
4292	HD-GLCheck.exe
4292	HD-GLCheck.exe
4292	HD-GLCheck.exe
876	HD-GLCheck.exe
876	HD-GLCheck.exe
876	HD-GLCheck.exe
876	HD-GLCheck.exe
1968	HD-GLCheck.exe
3800	HD-ComRegistrar.exe
3800	HD-ComRegistrar.exe
3800	HD-ComRegistrar.exe
3800	HD-ComRegistrar.exe
2600	HD-ComRegistrar.exe
2600	HD-ComRegistrar.exe
2600	HD-ComRegistrar.exe
2600	HD-ComRegistrar.exe
3440	HD-Player.exe
3440	HD-Player.exe
3440	HD-Player.exe
3440	HD-Player.exe
3440	HD-Player.exe
3440	HD-Player.exe
3440	HD-Player.exe
3440	HD-Player.exe
3440	HD-Player.exe
3488	BstkSVC.exe
3488	BstkSVC.exe
3488	BstkSVC.exe
3488	BstkSVC.exe
3488	BstkSVC.exe
3440	HD-Player.exe
3440	HD-Player.exe
3440	HD-Player.exe
3440	HD-Player.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\BlueStacks\HD-Frontend-Native.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-GLCheck.exe	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-XapkHandler.exe	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\libGLES_CM_translator.dll	7zr.exe
File created	C:\Program Files\BlueStacks\LICENSE.txt	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\BlueStacks.Core.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\Bluestacks.exe	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\BstkRT.lib	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\BstkTypeLib.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-RunApp.exe.config	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\libGLES_V2_translator.dll	7zr.exe
File created	C:\Program Files\BlueStacks\libOpenglRender.dll	7zr.exe
File created	C:\Program Files\BlueStacks\Assets\close_red_click.png	7zr.exe
File created	C:\Program Files\BlueStacks\DiscordRPC.dll	7zr.exe
File created	C:\Program Files\BlueStacks\HD-Common.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-GpsLocator-Native.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-XapkHandler.exe.config	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\Assets\close_red_hover.png	7zr.exe
File created	C:\Program Files\BlueStacks\Assets\close_red.png	7zr.exe
File created	C:\Program Files\BlueStacks\HD-GpsLocator-Native.dll	7zr.exe
File created	C:\Program Files\BlueStacks\System.Windows.Interactivity.dll	7zr.exe
File created	C:\Program Files\BlueStacks\Theraot.Core.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\Vanara.PInvoke.Shared.dll	7zr.exe
File created	C:\Program Files\BlueStacks\Assets\powered_by_bs.png	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\CursorPrimary.png	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\ProductLogo.ico	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\WhiteFullScreen.png	7zr.exe
File created	C:\Program Files\BlueStacks\BstkDDU.dll	7zr.exe
File created	C:\Program Files\BlueStacks\Assets\unchecked_gray.png	7zr.exe
File created	C:\Program Files\BlueStacks\BstkRT.lib	7zr.exe
File created	C:\Program Files\BlueStacks\HD-Plus-Frontend-Native.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-Quit.exe	7zr.exe
File created	C:\Program Files\BlueStacks\HD-QuitMultiInstall.exe	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\msvcp100.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\Assets\checked_gray_hover.png	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-Gps-Native.dll	7zr.exe
File created	C:\Program Files\BlueStacks\Vanara.PInvoke.Gdi32.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\WhiteLogo.png	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\Assets\unchecked_gray.png	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-MultiInstanceManager.exe.lastcodeanalysissucceeded	7zr.exe
File created	C:\Program Files\BlueStacks\HD-XapkHandler.exe	7zr.exe
File created	C:\Program Files\BlueStacks\ProductLogo.png	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\Xilium.CefGlue.WPF.dll	7zr.exe
File created	C:\Program Files\BlueStacks\BstkC.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-png2ico.exe	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\debug.log	Bluestacks.exe
File created	C:\Program Files\BlueStacks\BstkSVC.exe	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-MultiInstanceManager.exe.config	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-Player.exe	7zr.exe
File created	C:\Program Files\BlueStacks\HD-Player.exe.config	7zr.exe
File created	C:\Program Files\BlueStacks\HD-QuitMultiInstall.exe.config	7zr.exe
File created	C:\Program Files\BlueStacks\Vanara.PInvoke.DwmApi.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\Bluestacks.exe.config	7zr.exe
File created	C:\Program Files\BlueStacks\BlueStacks.ico	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\BstkVMM.lib	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-Camera-Native.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-Common.dll	7zr.exe
File created	C:\Program Files\BlueStacks\Assets\checked_gray.png	7zr.exe
File created	C:\Program Files\BlueStacks\loadingCircles.gif	7zr.exe
File created	C:\Program Files\BlueStacks\WhiteFullScreen.png	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\XButton.png	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\BstkRT.dll	7zr.exe
File created	C:\Program Files\BlueStacks\d3dcompiler_47.dll	7zr.exe
File created	C:\Program Files\BlueStacks\HD-Quit.exe.config	7zr.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\2229298842\3735982735.pri	LogonUI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 64 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Gathers network information 2 TTPs 2 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
2036	netstat.exe
3416	ipconfig.exe

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
3132	SystemInfo.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "193"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C5893F0-7983-4EF0-B5EE-50885420E391}\NumMethods\ = "37"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32\ = "C:\\Windows\\system32\\oleaut32.dll"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F2C8B789-B633-4630-BEBB-A924AA55003E}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{230C0C50-49D9-441E-AE7C-11EC2E2CFBDC}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{22538E23-C872-480C-A376-A4F05D7211B1}\ProxyStubClsid32	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4F076447-7440-4C98-9E4C-8E02D9E3A81E}\ProxyStubClsid32	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B1C69A0-A1E9-445F-B534-BBD24AD994F1}\NumMethods	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{200708DA-CBF4-4C2C-B328-9F9E046E7BCD}\ProxyStubClsid32	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{CF9C8562-3666-4238-AE5B-2DDEA9116077}\1.3\ = "VirtualBox Type Library"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65612A1F-68BB-4B87-A898-88A9325E0445}\NumMethods\ = "14"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{635D8F36-E3B7-4EDB-8B78-3A983486BD69}\ProxyStubClsid32	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC87563-7BB1-4B4D-8F33-DBCFBD29826D}\ProxyStubClsid32	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FA27DEA5-2E10-44B4-AEAA-16740513ED0C}\ProxyStubClsid32\ = "{A620F37C-CC62-4102-9404-43B0E6612AF1}"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{26d9f265-34d4-4792-a705-970e62380aba}\ = "Session Class"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{26d9f265-34d4-4792-a705-970e62380aba}\ProgId\ = "VirtualBox.Session.1"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B2E04C59-5B1A-42DB-8BAC-FC3BD699E1F0}\ = "IMediumRegisteredEvent"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2B6EE9F2-09DF-4799-8794-E52FCC4056BD}\ = "IAdditionsStateChangedEvent"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EBFEFCBA-9836-4269-BDF6-B75A2C8F9F12}\ = "IBandwidthGroupChangedEvent"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49978C66-80A7-46E5-9BB6-54B2B27ADC93}\NumMethods\ = "26"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C1E71681-8CED-40F1-9E50-AEA75E9D321E}\ProxyStubClsid32\ = "{A620F37C-CC62-4102-9404-43B0E6612AF1}"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{282F2C31-7E1F-4596-80B6-2443FC755F42}\ = "IVirtualBox"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2800AA63-69DA-4438-8A20-DADBAA96815F}\ = "IUSBDevice"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A475DE1-7F26-4FCC-BDDE-A7762AE3458E}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{320BC217-5E9F-47BC-9A5C-5322608E25DE}\ProxyStubClsid32	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ACED04B8-AACF-425E-9A02-74FD278E381B}\NumMethods	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{200708DA-CBF4-4C2C-B328-9F9E046E7BCD}\ = "IMediumAttachment"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C2AD896E-D44A-45D3-8F2A-4198BC9AC850}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2B6EE9F2-09DF-4799-8794-E52FCC4056BD}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C3C50BE8-D729-4098-9481-C96FA62B0020}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8058647D-1383-4719-87A4-819DB9C4D744}	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9AF9FAE7-CDB9-4DA2-ADE3-37E8F5F663EC}\ProxyStubClsid32\ = "{A620F37C-CC62-4102-9404-43B0E6612AF1}"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{298CC987-FCAF-4D67-A052-38804E768AE6}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6C7E4FEE-8ABA-4ED7-ADA5-D0B59E0B6027}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B1C69A0-A1E9-445F-B534-BBD24AD994F1}\ProxyStubClsid32	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{912D6E9D-5330-4A01-9A4A-82389F8EC235}\ = "IAppliance"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1317A1EB-D300-4196-B06E-333BFAF5D623}\NumMethods\ = "51"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{26d9f265-34d4-4792-a705-970e62380aba}\TypeLib\ = "{cf9c8562-3666-4238-ae5b-2ddea9116077}"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05A6253C-90DA-494F-87D6-64E220DD0BB2}\ = "IToken"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2508619E-B696-43BA-8868-ABCD594CD80C}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC87563-7BB1-4B4D-8F33-DBCFBD29826D}	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{082EA2F3-9B3F-4BE1-82E8-5A134D5F2771}\ = "INATNetworkStartStopEvent"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2CCCE17-5893-495C-BEE8-65D59D1A5CF4}\NumMethods\ = "25"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{46CA82B8-51C1-4F8F-93F5-30FD0823B148}\NumMethods	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox\ = "VirtualBox Class"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2800AA63-69DA-4438-8A20-DADBAA96815F}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{058A1055-59D4-49E0-905E-12FA20409222}\ProxyStubClsid32	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{88cf5620-6c94-4704-99da-b9c4812754f4}\TypeLib	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{34CB7B95-3F83-4B21-B84E-A990B6A9A164}	HD-ComRegistrar.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Interface	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00C5625F-47B7-4460-B937-CED55D2141DF}\NumMethods\ = "13"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34CB7B95-3F83-4B21-B84E-A990B6A9A164}\ProxyStubClsid32	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0533F2CC-F314-4123-A67A-4E64F7E36284}\NumMethods	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E7C98EA-E716-4743-AAB2-DA78F8292813}\ProxyStubClsid32\ = "{A620F37C-CC62-4102-9404-43B0E6612AF1}"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05A6253C-90DA-494F-87D6-64E220DD0BB2}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3755D53C-733E-4A19-9CDA-1E65DF2066B6}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8F375908-8521-483E-9A6B-EF21D2E835F2}\NumMethods	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65612A1F-68BB-4B87-A898-88A9325E0445}\ProxyStubClsid32	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B9ECD641-571C-4779-BC91-6CB8591E6052}\ProxyStubClsid32	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9DE92255-34E5-41EF-8555-A94F1975FBF0}\ProxyStubClsid32\ = "{A620F37C-CC62-4102-9404-43B0E6612AF1}"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4598DF7-093A-46DD-B8DF-1C8A04BC6693}\NumMethods	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C6E26713-8BDB-436D-BFBC-98ACCFBD5E15}	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{320BC217-5E9F-47BC-9A5C-5322608E25DE}\ = "IUSBDeviceStateChangedEvent"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D867C897-B83A-40B6-8D56-807377E5855B}\NumMethods\ = "16"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{477297db-d260-4198-8820-f97b966d38c9}\ProgId	HD-ComRegistrar.exe

Runs net.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
872	HD-Agent.exe
2768	HD-Agent.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4240	msedge.exe
4240	msedge.exe
1452	msedge.exe
1452	msedge.exe
4456	identity_helper.exe
4456	identity_helper.exe
4836	msedge.exe
4836	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
4744	BlueStacksInstaller.exe
4744	BlueStacksInstaller.exe
3800	HD-ComRegistrar.exe
3800	HD-ComRegistrar.exe
3800	HD-ComRegistrar.exe
3800	HD-ComRegistrar.exe
3800	HD-ComRegistrar.exe
3800	HD-ComRegistrar.exe
2600	HD-ComRegistrar.exe
2600	HD-ComRegistrar.exe
2600	HD-ComRegistrar.exe
2600	HD-ComRegistrar.exe
2600	HD-ComRegistrar.exe
2600	HD-ComRegistrar.exe
3440	HD-Player.exe
3440	HD-Player.exe
3440	HD-Player.exe
3440	HD-Player.exe
3440	HD-Player.exe
3440	HD-Player.exe
872	HD-Agent.exe
3076	HD-LogCollector.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
228	HD-Quit.exe
228	HD-Quit.exe
228	HD-Quit.exe
228	HD-Quit.exe
228	HD-Quit.exe
228	HD-Quit.exe
228	HD-Quit.exe
228	HD-Quit.exe
228	HD-Quit.exe
228	HD-Quit.exe
228	HD-Quit.exe
228	HD-Quit.exe
228	HD-Quit.exe
228	HD-Quit.exe
228	HD-Quit.exe
228	HD-Quit.exe
3968	Bluestacks.exe
3968	Bluestacks.exe
3968	Bluestacks.exe
3968	Bluestacks.exe

Suspicious behavior: LoadsDriver 3 IoCs

pid	Process
660	Process not Found
660	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	1320	7zG.exe
Token: 35	1320	7zG.exe
Token: SeSecurityPrivilege	1320	7zG.exe
Token: SeSecurityPrivilege	1320	7zG.exe
Token: SeDebugPrivilege	4744	BlueStacksInstaller.exe
Token: SeRestorePrivilege	1576	7zr.exe
Token: 35	1576	7zr.exe
Token: SeSecurityPrivilege	1576	7zr.exe
Token: SeSecurityPrivilege	1576	7zr.exe
Token: SeRestorePrivilege	3352	7zr.exe
Token: 35	3352	7zr.exe
Token: SeSecurityPrivilege	3352	7zr.exe
Token: SeSecurityPrivilege	3352	7zr.exe
Token: SeRestorePrivilege	2816	7zr.exe
Token: 35	2816	7zr.exe
Token: SeSecurityPrivilege	2816	7zr.exe
Token: SeSecurityPrivilege	2816	7zr.exe
Token: SeRestorePrivilege	3720	7zr.exe
Token: 35	3720	7zr.exe
Token: SeSecurityPrivilege	3720	7zr.exe
Token: SeSecurityPrivilege	3720	7zr.exe
Token: SeDebugPrivilege	3800	HD-ComRegistrar.exe
Token: SeDebugPrivilege	2600	HD-ComRegistrar.exe
Token: SeTakeOwnershipPrivilege	2600	HD-ComRegistrar.exe
Token: SeRestorePrivilege	2600	HD-ComRegistrar.exe
Token: SeSecurityPrivilege	2600	HD-ComRegistrar.exe
Token: SeTakeOwnershipPrivilege	2600	HD-ComRegistrar.exe
Token: SeRestorePrivilege	2600	HD-ComRegistrar.exe
Token: SeSecurityPrivilege	2600	HD-ComRegistrar.exe
Token: SeTakeOwnershipPrivilege	2600	HD-ComRegistrar.exe
Token: SeRestorePrivilege	2600	HD-ComRegistrar.exe
Token: SeSecurityPrivilege	2600	HD-ComRegistrar.exe
Token: SeTakeOwnershipPrivilege	2600	HD-ComRegistrar.exe
Token: SeRestorePrivilege	2600	HD-ComRegistrar.exe
Token: SeSecurityPrivilege	2600	HD-ComRegistrar.exe
Token: SeTakeOwnershipPrivilege	2600	HD-ComRegistrar.exe
Token: SeRestorePrivilege	2600	HD-ComRegistrar.exe
Token: SeSecurityPrivilege	2600	HD-ComRegistrar.exe
Token: SeTakeOwnershipPrivilege	2600	HD-ComRegistrar.exe
Token: SeRestorePrivilege	2600	HD-ComRegistrar.exe
Token: SeSecurityPrivilege	2600	HD-ComRegistrar.exe
Token: SeDebugPrivilege	3440	HD-Player.exe
Token: SeDebugPrivilege	872	HD-Agent.exe
Token: SeDebugPrivilege	3076	HD-LogCollector.exe
Token: SeBackupPrivilege	872	HD-Agent.exe
Token: SeSecurityPrivilege	872	HD-Agent.exe
Token: SeSecurityPrivilege	872	HD-Agent.exe
Token: SeBackupPrivilege	872	HD-Agent.exe
Token: SeSecurityPrivilege	872	HD-Agent.exe
Token: SeBackupPrivilege	872	HD-Agent.exe
Token: SeSecurityPrivilege	872	HD-Agent.exe
Token: SeSecurityPrivilege	872	HD-Agent.exe
Token: SeBackupPrivilege	872	HD-Agent.exe
Token: SeSecurityPrivilege	872	HD-Agent.exe
Token: 33	872	HD-Agent.exe
Token: SeIncBasePriorityPrivilege	872	HD-Agent.exe
Token: 33	872	HD-Agent.exe
Token: SeIncBasePriorityPrivilege	872	HD-Agent.exe
Token: 33	872	HD-Agent.exe
Token: SeIncBasePriorityPrivilege	872	HD-Agent.exe
Token: 33	872	HD-Agent.exe
Token: SeIncBasePriorityPrivilege	872	HD-Agent.exe
Token: 33	872	HD-Agent.exe
Token: SeIncBasePriorityPrivilege	872	HD-Agent.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
872	HD-Agent.exe
872	HD-Agent.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
872	HD-Agent.exe
2768	HD-Agent.exe
2768	HD-Agent.exe

Suspicious use of SetWindowsHookEx 26 IoCs

pid	Process
1576	7zr.exe
1324	HD-GLCheck.exe
3388	HD-GLCheck.exe
764	HD-GLCheck.exe
764	HD-GLCheck.exe
3656	HD-GLCheck.exe
2132	HD-GLCheck.exe
2132	HD-GLCheck.exe
2816	HD-GLCheck.exe
5020	HD-GLCheck.exe
3352	7zr.exe
4292	HD-GLCheck.exe
876	HD-GLCheck.exe
876	HD-GLCheck.exe
1968	HD-GLCheck.exe
2816	7zr.exe
3720	7zr.exe
3440	HD-Player.exe
3440	HD-Player.exe
3440	HD-Player.exe
3944	HD-Player.exe
3944	HD-Player.exe
3944	HD-Player.exe
3968	Bluestacks.exe
3676	LogonUI.exe
3676	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 1468	1452	msedge.exe	83
PID 1452 wrote to memory of 1468	1452	msedge.exe	83
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4844	1452	msedge.exe	84
PID 1452 wrote to memory of 4240	1452	msedge.exe	85
PID 1452 wrote to memory of 4240	1452	msedge.exe	85
PID 1452 wrote to memory of 4192	1452	msedge.exe	86
PID 1452 wrote to memory of 4192	1452	msedge.exe	86
PID 1452 wrote to memory of 4192	1452	msedge.exe	86
PID 1452 wrote to memory of 4192	1452	msedge.exe	86
PID 1452 wrote to memory of 4192	1452	msedge.exe	86
PID 1452 wrote to memory of 4192	1452	msedge.exe	86
PID 1452 wrote to memory of 4192	1452	msedge.exe	86
PID 1452 wrote to memory of 4192	1452	msedge.exe	86
PID 1452 wrote to memory of 4192	1452	msedge.exe	86
PID 1452 wrote to memory of 4192	1452	msedge.exe	86
PID 1452 wrote to memory of 4192	1452	msedge.exe	86
PID 1452 wrote to memory of 4192	1452	msedge.exe	86
PID 1452 wrote to memory of 4192	1452	msedge.exe	86
PID 1452 wrote to memory of 4192	1452	msedge.exe	86
PID 1452 wrote to memory of 4192	1452	msedge.exe	86
PID 1452 wrote to memory of 4192	1452	msedge.exe	86
PID 1452 wrote to memory of 4192	1452	msedge.exe	86
PID 1452 wrote to memory of 4192	1452	msedge.exe	86
PID 1452 wrote to memory of 4192	1452	msedge.exe	86
PID 1452 wrote to memory of 4192	1452	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/183Iog3X1r_uNXwX6wVinN9W29KAwMx77/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa77246f8,0x7fffa7724708,0x7fffa7724718
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,5128955946745405962,10569134733384894939,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,5128955946745405962,10569134733384894939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,5128955946745405962,10569134733384894939,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5128955946745405962,10569134733384894939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5128955946745405962,10569134733384894939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5128955946745405962,10569134733384894939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,5128955946745405962,10569134733384894939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,5128955946745405962,10569134733384894939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5128955946745405962,10569134733384894939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5128955946745405962,10569134733384894939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5128955946745405962,10569134733384894939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5128955946745405962,10569134733384894939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5128955946745405962,10569134733384894939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2720 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,5128955946745405962,10569134733384894939,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2124 /prefetch:8
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5128955946745405962,10569134733384894939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5128955946745405962,10569134733384894939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,5128955946745405962,10569134733384894939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,5128955946745405962,10569134733384894939,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1956

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3388

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap18145:88:7zEvent31373
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1320

C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\BlueStacksInstaller.exe
"C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\BlueStacksInstaller.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4744
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c dir "C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\" /s
  2⤵
  PID:1240
- C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\7zr.exe
  "C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\7zr.exe" x "C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\CommonInstallUtils.zip" -o"C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\" -aoa
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:1576
- C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-ForceGPU.exe
  "C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-ForceGPU.exe" 1
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-GLCheck.exe
  "C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-GLCheck.exe" 1 1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1324
- C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-GLCheck.exe
  "C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-GLCheck.exe" 1 2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:3388
- C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-GLCheck.exe
  "C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-GLCheck.exe" 4 1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:764
- C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-CheckCpu.exe
  "C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-CheckCpu.exe"
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-GLCheck.exe
  "C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-GLCheck.exe" 1 1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:3656
- C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-GLCheck.exe
  "C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-GLCheck.exe" 4 1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2132
- C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-GLCheck.exe
  "C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-GLCheck.exe" 1 2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2816
- C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-GLCheck.exe
  "C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-GLCheck.exe" 4 2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:5020
- C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\7zr.exe
  "C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\7zr.exe" x "C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\PF.zip" -o"C:\Program Files\BlueStacks" -aoa
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:3352
- C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-GLCheck.exe
  "C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\\HD-GLCheck.exe" 2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:4292
- C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-GLCheck.exe
  "C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\\HD-GLCheck.exe" 3
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:876
- C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-GLCheck.exe
  "C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\\HD-GLCheck.exe" 1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1968
- C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\7zr.exe
  "C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\7zr.exe" x "C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\PD.zip" -o"C:\ProgramData\BlueStacks" -aoa
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2816
- C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\7zr.exe
  "C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\7zr.exe" x "C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\CefData.zip" -o"C:\ProgramData\BlueStacks\CefData" -aoa
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:3720
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:2784
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks\HD-Player.exe" enable=yes
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:768
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2861/ User=\"Everyone"
  2⤵
  PID:432
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2862/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1616
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2863/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4608
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2864/ User=\"Everyone"
  2⤵
  PID:4488
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2865/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3436
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2866/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1968
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2867/ User=\"Everyone"
  2⤵
  PID:3384
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2868/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4548
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2869/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3748
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2870/ User=\"Everyone"
  2⤵
  PID:3988
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2871/ User=\"Everyone"
  2⤵
  PID:1200
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2872/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3356
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2873/ User=\"Everyone"
  2⤵
  PID:2172
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2874/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4636
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2875/ User=\"Everyone"
  2⤵
  PID:4368
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2876/ User=\"Everyone"
  2⤵
  PID:5016
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2877/ User=\"Everyone"
  2⤵
  PID:2308
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2878/ User=\"Everyone"
  2⤵
  PID:3488
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2879/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1592
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2880/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4932
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2881/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1724
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2882/ User=\"Everyone"
  2⤵
  PID:4528
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2883/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4592
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2884/ User=\"Everyone"
  2⤵
  PID:3452
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2885/ User=\"Everyone"
  2⤵
  PID:1376
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2886/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:432
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2887/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4844
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2888/ User=\"Everyone"
  2⤵
  PID:3620
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2889/ User=\"Everyone"
  2⤵
  PID:868
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2890/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3544
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2891/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3896
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2892/ User=\"Everyone"
  2⤵
  PID:2820
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2893/ User=\"Everyone"
  2⤵
  PID:2456
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2894/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3600
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2895/ User=\"Everyone"
  2⤵
  PID:400
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2896/ User=\"Everyone"
  2⤵
  PID:2804
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2897/ User=\"Everyone"
  2⤵
  PID:4920
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2898/ User=\"Everyone"
  2⤵
  PID:2404
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2899/ User=\"Everyone"
  2⤵
  PID:1340
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2900/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1220
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2901/ User=\"Everyone"
  2⤵
  PID:4080
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2902/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1252
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2903/ User=\"Everyone"
  2⤵
  PID:4308
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2904/ User=\"Everyone"
  2⤵
  PID:3652
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2905/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3272
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2906/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4136
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2907/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4528
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2908/ User=\"Everyone"
  2⤵
  PID:4120
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2909/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:744
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2910/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1376
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2911/ User=\"Everyone"
  2⤵
  PID:2688
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2912/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:5032
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2913/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3920
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2914/ User=\"Everyone"
  2⤵
  PID:868
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2915/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:740
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2916/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1732
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2917/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4508
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2918/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3056
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2919/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2232
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2920/ User=\"Everyone"
  2⤵
  PID:2064
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2921/ User=\"Everyone"
  2⤵
  PID:3440
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2922/ User=\"Everyone"
  2⤵
  PID:1780
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2923/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1748
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2924/ User=\"Everyone"
  2⤵
  PID:4904
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2925/ User=\"Everyone"
  2⤵
  PID:1368
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2926/ User=\"Everyone"
  2⤵
  PID:1252
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2927/ User=\"Everyone"
  2⤵
  PID:3128
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2928/ User=\"Everyone"
  2⤵
  PID:1624
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2929/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1064
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2930/ User=\"Everyone"
  2⤵
  PID:2396
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2931/ User=\"Everyone"
  2⤵
  PID:3976
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2932/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4420
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2933/ User=\"Everyone"
  2⤵
  PID:2672
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2934/ User=\"Everyone"
  2⤵
  PID:4884
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2935/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2368
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2936/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1888
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2937/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2476
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2938/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2020
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2939/ User=\"Everyone"
  2⤵
  PID:3920
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2940/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4384
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2941/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3428
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2942/ User=\"Everyone"
  2⤵
  PID:4000
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2943/ User=\"Everyone"
  2⤵
  PID:2016
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2944/ User=\"Everyone"
  2⤵
  PID:3960
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2945/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2364
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2946/ User=\"Everyone"
  2⤵
  PID:1984
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2947/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2632
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2948/ User=\"Everyone"
  2⤵
  PID:4920
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2949/ User=\"Everyone"
  2⤵
  PID:3644
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2950/ User=\"Everyone"
  2⤵
  PID:3280
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2951/ User=\"Everyone"
  2⤵
  PID:1744
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2952/ User=\"Everyone"
  2⤵
  PID:2568
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2953/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4288
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2954/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2248
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2955/ User=\"Everyone"
  2⤵
  PID:1820
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2956/ User=\"Everyone"
  2⤵
  PID:4780
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2957/ User=\"Everyone"
  2⤵
  PID:4476
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2958/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4136
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2959/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2280
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2960/ User=\"Everyone"
  2⤵
  PID:368
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2961/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2832
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2962/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1136
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2963/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2256
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2964/ User=\"Everyone"
  2⤵
  PID:2812
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2965/ User=\"Everyone"
  2⤵
  PID:4804
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2966/ User=\"Everyone"
  2⤵
  PID:1888
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2967/ User=\"Everyone"
  2⤵
  PID:2864
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2968/ User=\"Everyone"
  2⤵
  PID:1548
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2969/ User=\"Everyone"
  2⤵
  PID:3540
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2970/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3408
- C:\Program Files\BlueStacks\HD-ComRegistrar.exe
  "C:\Program Files\BlueStacks\HD-ComRegistrar.exe" -unreg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3800
- C:\Program Files\BlueStacks\HD-ComRegistrar.exe
  "C:\Program Files\BlueStacks\HD-ComRegistrar.exe" -reg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2600
- C:\Program Files\BlueStacks\HD-Quit.exe
  "C:\Program Files\BlueStacks\HD-Quit.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:228

C:\Program Files\BlueStacks\HD-Player.exe
"C:\Program Files\BlueStacks\HD-Player.exe" Android -h -sysPrep
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3440
- C:\Program Files\BlueStacks\HD-Agent.exe
  "C:\Program Files\BlueStacks\HD-Agent.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SendNotifyMessage
  PID:872
- C:\Program Files\BlueStacks\HD-LogCollector.exe
  "C:\Program Files\BlueStacks\HD-LogCollector.exe" -boot
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3076

C:\Program Files\BlueStacks\BstkSVC.exe
"C:\Program Files\BlueStacks\BstkSVC.exe" -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3488

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:3688

C:\Program Files\BlueStacks\Bluestacks.exe
"C:\Program Files\BlueStacks\Bluestacks.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3968
- C:\Program Files\BlueStacks\HD-Player.exe
  "C:\Program Files\BlueStacks\HD-Player.exe" Android -h
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3944
- - C:\Program Files\BlueStacks\HD-Agent.exe
    "C:\Program Files\BlueStacks\HD-Agent.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of SendNotifyMessage
    PID:2768
- - C:\Program Files\BlueStacks\HD-LogCollector.exe
    "C:\Program Files\BlueStacks\HD-LogCollector.exe" -boot
    3⤵
    - Executes dropped EXE
    PID:2600
  - - C:\Windows\SYSTEM32\SystemInfo.exe
      "SystemInfo"
      4⤵
      Gathers system information
      PID:3132
  - - C:\Windows\SYSTEM32\reg.exe
      "reg.exe" EXPORT HKLM\System\CurrentControlSet\services\BlueStacksDrv "C:\Users\Admin\AppData\Local\Temp\Bst_Logs_zxs1gczg.gsu\RegBstkDrv.txt"
      4⤵
      PID:4588
  - - C:\Windows\SYSTEM32\nslookup.exe
      "nslookup" www.google.com
      4⤵
      PID:1964
  - - C:\Windows\SYSTEM32\netstat.exe
      "netstat" -aon
      4⤵
      Gathers network information
      PID:2036
  - - C:\Windows\SYSTEM32\net.exe
      "net" statistics workstation
      4⤵
      PID:4572
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 statistics workstation
        5⤵
        
        PID:3964
  - - C:\Windows\SYSTEM32\ipconfig.exe
      "ipconfig" /all
      4⤵
      Gathers network information
      PID:3416
  - - C:\Program Files\BlueStacks\HD-Player.exe
      "C:\Program Files\BlueStacks\HD-Player.exe" Android -h
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:4072
    - - C:\Program Files\BlueStacks\HD-LogCollector.exe
        
        "C:\Program Files\BlueStacks\HD-LogCollector.exe" -boot
        5⤵
        Executes dropped EXE
        
        PID:2760
  - - C:\Program Files\BlueStacks\HD-Adb.exe
      "C:\Program Files\BlueStacks\HD-Adb.exe" "connect" "127.0.0.1:5555"
      4⤵
      Executes dropped EXE
      PID:4412
    - - C:\Program Files\BlueStacks\HD-Adb.exe
        
        adb -P 5037 fork-server server --reply-fd 588
        5⤵
        Executes dropped EXE
        
        PID:3924
  - - C:\Program Files\BlueStacks\HD-Adb.exe
      "C:\Program Files\BlueStacks\HD-Adb.exe" "-s" "127.0.0.1:5555" "shell" "bugreport"
      4⤵
      Executes dropped EXE
      PID:2248
  - - C:\Program Files\BlueStacks\HD-Adb.exe
      "C:\Program Files\BlueStacks\HD-Adb.exe" kill-server
      4⤵
      Executes dropped EXE
      PID:3644
  - - C:\Program Files\BlueStacks\HD-Adb.exe
      "C:\Program Files\BlueStacks\HD-Adb.exe" start-server
      4⤵
      Executes dropped EXE
      PID:1516
    - - C:\Program Files\BlueStacks\HD-Adb.exe
        
        adb -P 5037 fork-server server --reply-fd 588
        5⤵
        Executes dropped EXE
        
        PID:2528
  - - C:\Program Files\BlueStacks\HD-Adb.exe
      "C:\Program Files\BlueStacks\HD-Adb.exe" "connect" "127.0.0.1:5555"
      4⤵
      Executes dropped EXE
      PID:3840
  - - C:\Program Files\BlueStacks\HD-Adb.exe
      "C:\Program Files\BlueStacks\HD-Adb.exe" "-s" "127.0.0.1:5555" "shell" "dumpstate"
      4⤵
      Executes dropped EXE
      PID:4428
  - - C:\Program Files\BlueStacks\HD-Adb.exe
      "C:\Program Files\BlueStacks\HD-Adb.exe" "-s" "127.0.0.1:5555" "pull" "/data/downloads/.config_user.db" "C:\Users\Admin\AppData\Local\Temp\Bst_Logs_zxs1gczg.gsu\.config_user.db"
      4⤵
      Executes dropped EXE
      PID:4332
  - - C:\Program Files\BlueStacks\HD-Adb.exe
      "C:\Program Files\BlueStacks\HD-Adb.exe" "-s" "127.0.0.1:5555" "pull" "/data/downloads/.config.db" "C:\Users\Admin\AppData\Local\Temp\Bst_Logs_zxs1gczg.gsu\.config.db"
      4⤵
      Executes dropped EXE
      PID:1456
  - - C:\Program Files\BlueStacks\HD-Adb.exe
      "C:\Program Files\BlueStacks\HD-Adb.exe" "-s" "127.0.0.1:5555" "pull" "/data/downloads/config.db" "C:\Users\Admin\AppData\Local\Temp\Bst_Logs_zxs1gczg.gsu\config.db"
      4⤵
      Executes dropped EXE
      PID:1868
  - - C:\Windows\SYSTEM32\reg.exe
      "reg.exe" EXPORT HKLM\Software\BlueStacks "C:\Users\Admin\AppData\Local\Temp\Bst_Logs_zxs1gczg.gsu\RegHKLM.txt"
      4⤵
      PID:220
  - - C:\Windows\SYSTEM32\cmd.exe
      "cmd" /c dir "C:\Program Files\BlueStacks\" /s
      4⤵
      PID:1192
  - - C:\Windows\SYSTEM32\cmd.exe
      "cmd" /c dir "C:\ProgramData\BlueStacks\Engine\" /s
      4⤵
      PID:1968
  - - C:\Program Files\BlueStacks\7zr.exe
      "C:\Program Files\BlueStacks\7zr.exe" a archive.zip -m0=LZMA:a=2 *
      4⤵
      Executes dropped EXE
      PID:4264
- C:\Program Files\BlueStacks\Bluestacks.exe
  "C:\Program Files\BlueStacks\Bluestacks.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --disable-smooth-scrolling --no-sandbox --service-pipe-token=3306641366ED8032BD8363E455E4EBE9 --lang=en-US --lang=en-US --log-file="C:\Program Files\BlueStacks\debug.log" --log-severity=verbose --user-agent="Mozilla/5.0(Windows NT 6.2; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36Bluestacks/4.240.20.1016" --enable-system-flash --ppapi-flash-path="C:\ProgramData\BlueStacks\CefData\pepflashplayer.dll" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --service-request-channel-token=3306641366ED8032BD8363E455E4EBE9 --renderer-client-id=2 --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:1656
- C:\Program Files\BlueStacks\HD-Quit.exe
  "C:\Program Files\BlueStacks\HD-Quit.exe" -isFromClient
  2⤵
  - Executes dropped EXE
  PID:2680

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:3392

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3860055 /state1:0x41c64e6d
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\BlueStacks\Assets\BlueStacks.ico

Filesize
344KB

MD5
63251c717d9bc1e5fc6370671f38eedc

SHA1
887b3e52ee48f304bc8626a7b296e4b163379c64

SHA256
5947201ed9206281d8e6e8b46bf562c78d3c9ee1dd74c0792df18eacad04eae6

SHA512
2ce0f02da6fe4f921755c8090c6df216515d2de97723b5b62555beffa9b1e0f0298bb03bcbf68b775953b0f3f716f33915773237bd099daeedadefc32060a64b

Download Submit
C:\ProgramData\BlueStacks\CefData\Cache\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\ProgramData\BlueStacks\CefData\Cache\Service Worker\CacheStorage\a7424657c282808a935654175d0054512e29e086\1f5cb840-b482-451b-b1e3-c292ede6cc2b\index-dir\temp-index

Filesize
576B

MD5
a721f79c689768e5b361fbd673073726

SHA1
24dddd24b38ae7655df9e92dcbf21242f5f4453b

SHA256
4447234b4a70684e5c53ba5b9364604bfe4957b553aea9d32f5f347e8d35c7ab

SHA512
95c690c7c8c077c306eb6d9848943d2d6b87f573a7a22a13e8bc437128f3abb1620cd27f346f386850e1a69470d1bf05adec662454227817e030773b90b25483

Download Submit
C:\ProgramData\BlueStacks\CefData\Cache\Service Worker\CacheStorage\a7424657c282808a935654175d0054512e29e086\1f5cb840-b482-451b-b1e3-c292ede6cc2b\index-dir\the-real-index~RFe60d575.TMP

Filesize
48B

MD5
30ed85b3959754ad1b9fa0cff00796bb

SHA1
290230eaa3ed391f8fa5df2a0c25a53e692d29a6

SHA256
d190da5ac2099fc9e4725d3258569215b9ef4146cdb7ea0dcc5ebca0c22ca575

SHA512
78f42faa2960a9e0adcf9ec1bcb5a0aceff6f88e9ca653c77b7fb698555bd1a9657187c72e2f75b94d6ffbaa59308b3a1037099508fb09c31fddb6dbdf79807e

Download Submit
C:\ProgramData\BlueStacks\CefData\Cache\Service Worker\CacheStorage\a7424657c282808a935654175d0054512e29e086\index.txt

Filesize
137B

MD5
7827fe14b01347335da901977e739e33

SHA1
6529009a79f83fa0a09e91bd91f3481f2c098a56

SHA256
bccd47a213bcaa6b621d06d7f4dc5e9a1a952fb491cea8d25280223d670a8a01

SHA512
30e417957b5450031474016411444684b29d8d62b6e385450ba7d8f2d1169d7d1a45fad232349bac8a40c70bee41a5bc8c6a7bb6c31e14295dd00c6791345fe5

Download Submit
C:\ProgramData\BlueStacks\CefData\Cache\Service Worker\CacheStorage\a7424657c282808a935654175d0054512e29e086\index.txt.tmp

Filesize
132B

MD5
88c6769921e04cddd63d9fda0d5096b5

SHA1
f6e48de1b94e0bd61aba5fa9e0c4e0fb7fdae85f

SHA256
c7a8bb475d4b606e85d54b66bd37d8d262723cc07de92a6d4a43fcf28ed68a46

SHA512
563b64b1255aca852d3af6a91ce95192665bf1ae477ae0c03b6923a1d8ce5e613762f736ec53038dd87336a9043529aa10c9b657f441d782ff422428f449024e

Download Submit
C:\ProgramData\BlueStacks\CefData\Cache\Service Worker\ScriptCache\index-dir\temp-index

Filesize
264B

MD5
8770cafe24cebb699c9087b72b839a4f

SHA1
12bf266bbabdc55582b7fff599201dad44a9acdd

SHA256
8a7c4c39f1c9751fd24b82248e4bf465d5706dd3994914d27f407d4b0bcd1cdc

SHA512
0d9f477295e9a6b69e2778d4d5052d1e552dc78ba92c745fd2cec6adc183204ea225a9a183fcda91ae71fc89a6f3bc7323a9533d9dfd5e4d3dab1b39595a3ff8

Download Submit
C:\ProgramData\BlueStacks\CefData\Cache\Service Worker\ScriptCache\index-dir\the-real-index~RFe60d100.TMP

Filesize
48B

MD5
a720c9d05ec4b617c6defda2d1096c43

SHA1
6aed99ad741a3ea5f157358527cd5e6a047c7603

SHA256
030447be5a5844e29ed2df254ff7d0edbcdcfe45aff1d9a5dbadcb2f60d6ee05

SHA512
de8719ce87f355e781f7f6ef84a9780e4f52ab50c15b12297f4e49ffcaf16aca5a830eb5041045f3cb12c2e179a7bc95d69867f023fd1f5a03b4c5c52e9ab81c

Download Submit
C:\ProgramData\BlueStacks\CefData\locales\bg.pak.info

Filesize
378KB

MD5
86abbe39a0ffe4e221c459d98a409765

SHA1
7ffa8bea41bb8c7b8f958681ec097556320d5482

SHA256
81aca701fd815152b02b60d814f5df72db4a70f43475b8bc97aa1af5851f4652

SHA512
66b6a6f8e7f7d857a353244d372b684886830e902cf81678dfd2b8977f1007af0596e94d27e27c930309cf12b14cf1f1af0f292e7da305c58a44f9dde0e5aab0

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\Bluestacks.exe.config

Filesize
750B

MD5
a55b666468e73a4467a9e149f91e89bb

SHA1
bd04b2e601eec3c81a25e9aaf576c68110c6d4b9

SHA256
61e4b6729aedfabbdb1f1a9167160863c530d68c9360b57a0174d37d68f55a4a

SHA512
5d0e168d723677d26bc4efd5c929143444a0382725d596d2537f87cfb1bd8ab44aa595373e4a6fc1471afb4c580ed4f8fc20f5ffa3112b0c324bdcb6582fa5f3

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\CursorPrimary.png

Filesize
801B

MD5
e5310b5eb06a100f88dc66a7ae42157a

SHA1
d005109ee520d9091b0e5e843598fd8b9972189c

SHA256
ecc26dc1260337c1acce80eed86ffc3257ec933ac9a2402fd33ba965e5745d47

SHA512
9f4d81c7d3bfb2ac9ba0e437b69cbd628d934f5df8168c1e536eaea3bd753fd9ff66daacedb75bdb4bf494681fa569ccb6b53a5fb94547172d7174e60bdb9efd

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\CursorSecondary.png

Filesize
805B

MD5
221493ee4c526b403886e81663215116

SHA1
277feb16b1b70de4ee4907d2115292bffdde0ec2

SHA256
8364a527d6f317dfee65338e19b093f3ec6cb6f142b182e30c3b06059cdde33e

SHA512
da139c835b4add28075cc5445fad6292adc57f0c6203c95d0c64a08fb61775db14ec32257efd46985075e8fc3f5726f3c5d78891dc4c6594373228b4e3fe1ea2

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\ImagePicker_canvas.png

Filesize
4KB

MD5
9f2695740ca9fe5e5a6a8a41ed9b4301

SHA1
039c6a06a856744188caf1e43e7ca0b2f93bef99

SHA256
86c37e351ad2652ee2d480363db6541c089afb539045ae3cf2adf8572aa246d3

SHA512
975e296115489de2d409c373b477a8dcaafc04a81aa36567758331c0d2316fdaec949d0cc3bf5f41542f6c56e5e03c1ecc5dd7bd658b2d94ae4cca73aa4c0a9e

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\ImagePicker_sidebar.png

Filesize
1KB

MD5
877ad6842b6ef2b12b57146bfaf8e941

SHA1
35117f57c9a51b043d9408a0d9066ba61f4d4208

SHA256
8f136c9b106869d4ec9e0db8b3e7594f5b2f6af1642c635d3cd847dacd48a08a

SHA512
a6334c7d09d8b3b2c4e32dee6cb1f468578a6197c8d38ae9c5ee037d02186458073c6d18c625e8c78a95d14a9e42c093eca57b120a68223f36ed5e219b96c6af

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\Imap_Down.png

Filesize
2KB

MD5
252b7ff6114562ca54ae3cf7468d50c0

SHA1
b0a4ace1c39396ecdad8d9778dc696c7baaf8f95

SHA256
c7c4f0ddd792b6ad394c28e4a5ad2f17a4aac1a2c518d5c5f70b405584c7ef55

SHA512
2016084b480aadba175ec559c7710c29be0ce5a3c5a447c186fa56aa72f91677faed4da17d39721167c667a5df875d64ec0ae87648332b0e4102a5e1103c7277

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\Imap_GamepadDpadLeft.png

Filesize
2KB

MD5
ef477ff45d73102792fac8950c450dcc

SHA1
326ed67dd6619a93c2e77ad960b85bafd4462487

SHA256
a37ce16e6814508d4e1be6b84b05f6bcd47a69ed0b5b36f2696f79e845f3e079

SHA512
f44e7b9973652a07377a806a02c72f20d55a0782769ffd098a63590b09606535578c5f3e353a2e0f6bdf30c530fb598173f45e8c67389570c0cc53020897a41f

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\Imap_GamepadDpadRight.png

Filesize
2KB

MD5
0d00719869b67c4c169a92be4dae84dd

SHA1
51a9be07263d03ffc4ca82049e0fd316573c7f14

SHA256
c20881ebff3b780f96c19a93c21313edc2ab09fd261ccbe8c3f05af0978a4174

SHA512
af4eca5bdbfea6278a7ac0feaa759059a6cc81cb64aa3beccb01062cbd75c02262670970accfff4a57af70e5abb098d56e4a80bb90a013c411dcc8231bb7455e

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\Imap_GamepadDpadUp.png

Filesize
2KB

MD5
0b8b3eb813faddf4dfdf8f92b5793a70

SHA1
9762b243e8c13fbfb2b531952af52b0cc375be2b

SHA256
11c5f0e8853c43787e343f5eb43524c745c7e36bcce4b10ad18f7ab76aa799d3

SHA512
9c25ee4f8fbedd75cb817b569c548fef1461bfe7f3a475f84f4058a67872db656435a9a627dac9ade6d379c4ff231ad1e6ca5f817284bd4ce35484c5c072a34d

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\MIMClose.png

Filesize
391B

MD5
4e3584fb49694641e36b8ffe7417ef69

SHA1
95260a1d42872d25054160334b774812194e4c9b

SHA256
b311be97745de95d37cfa95b3754407caea772ea2f4abfb15bd84d6c5bdfed83

SHA512
c4c56c8823e53d9d5fb545ad3a16b99f54dcf18121e98edc755804266cf95d98a302acc640c5b3bbf8e380295c4a2fb9eb8d19b44712e950dd3ee26949a66532

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\MOBASkill_canvas_2.png

Filesize
5KB

MD5
523323b3ed3e1179b96218da3a664370

SHA1
91bc9665a0d44fe839c6c53a046f0811302e09a0

SHA256
4213cab2c081d380d53f8f01bd31639897d9fb0e9b16f02aab1f6d8767ed2bd7

SHA512
7d6beb545864d8f505a94b64365417d39b832c84bc53497203481c09aea7a90d5538881e9ec6e725ff1e97721b0be88b4bc67d1c54993e5472e3ce02db7a00cf

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\MultiInstanceManagerLogo.ico

Filesize
116KB

MD5
3d94824f99bce2e77025e549603632bd

SHA1
acd93294edd8f76204552c4af2c3e2e572ddfb26

SHA256
d50ab73c820930bf80a5c57e58355393627f56f82c0db0c41f8ee43c95832cb9

SHA512
d2c8a508af2f11cbadbca12fec10572280216d17a0eb668258a06389a867f09b6c6f19d7a2d232a58d0f0146bf71e4850d230a1fe142f634f41e20bcc66a6927

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\WhiteFullScreen.png

Filesize
241B

MD5
171f8060414f22b9c7c97ebc0494701c

SHA1
3118f40c93460f1a359e4d38a5256623b43b62ee

SHA256
76bd2e583b0b9fa700b7f28cfb73e67938999b0b909757b9d550bf824af1bd23

SHA512
3aaf040c477c6ae4bd8b73d13c16d8611410264a9c4b33c02cae7f68a6c9b14f345aea1ba1a88ad49914bf19fc324811027a3f9e192fc8bd14cc63b6503ad1ae

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\WhiteLogo.png

Filesize
18KB

MD5
2f1f2d20be70d5014ae87298aedf6165

SHA1
b39864b421b1d87a11dee21ccc73092b99729a10

SHA256
cecc945cc67fb3c53f0cb7b1a909fb05fc3f945aadb7f364053e9b131d622e7c

SHA512
00a681f4fb27a4895b1cfb8b8e60c1b0be4862619d2884e3493613574bc406177bc9a02aa5f565342de162c2c3d96b6e0ebdc153bd11272e7d89cbb361ac3a19

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\XButton.png

Filesize
1KB

MD5
119e61f61e38e95429ccbdfcf0da65c1

SHA1
3a427ee6288cee4c9e4f649b53c055ef1f929597

SHA256
4a31c9f79b34d12544e39cc358de7d6707c45821754b7fe91d1bde2433eae6ff

SHA512
45528b5eefd42f24b2a30903c43d406eb7424fe5c04e826a6b963757a9db5261f945f50674a4770171551e8167c89b676d698bce7c2aa6ce096942c9acfb42ce

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\additem.png

Filesize
425B

MD5
b16104488d0e1b9411c313031bdd2942

SHA1
2a9753f03bf452392bccdb605e4a03edabbd9948

SHA256
c0b8758ae97e90a738afd2b08bd316da8e9f844ed1337fb9f7f850fd81d1ccc1

SHA512
ad92a0fe4268d386d2d8a020291df6c83d5b4a029abcc73d7e306988c284ff2355ed07c378c2d9f9695e478c1bc7e95d5876fe79b203fcf452e7ec8e08ac3580

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\app_settings.png

Filesize
165B

MD5
583beecb9699cb67c8ddb4cf384ead01

SHA1
1aeb02d9391d60d7b6597e6050a2906d29db5949

SHA256
12b20cb971a1237e88bc200478a7987783a76c486adf00915a928a47b5ee136c

SHA512
d20cb233c66d0eecf876e0df494d0f42edab7833f0694d3741b0758903158232ecea5608d92aa0a16fec93e74ac3fce02a5c2fc6900f9f6681815aa5936f02b2

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\arrange.png

Filesize
242B

MD5
aa1ac56df9d29ef9618042ec79ca5d3b

SHA1
e8f9d04f009535e10b8a139adea0c442d0f043d7

SHA256
2812bc8c022da1e68431b0dfa0ec357f1db89bd40c7b7a77075e5d3f5e01b10f

SHA512
18a0506f2f64a2bda52d0debd5d0536f0c9fe088ca40a7116c2cc09b2874e671cf00e14e4743f70eda0fbda49749ad1ff67aa4547da4681c2780657cd6613042

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\back.png

Filesize
465B

MD5
bc19bbcdc0df8c345e594559c79ac19e

SHA1
1e25088c4c36cf3af8ebd091c54828595cde7065

SHA256
c33ae893834cb85194a592f03336d61aa15b81300d8a2f105ec4974e0a2a1390

SHA512
6d07b57f313e1bcd5643a4a54a64d2cc6b9a602285b8a851f8a43ec7ec2a1ddd9e4a1c4a934f348d67035ab6c4d394320d468705b4af2ef35ee0db1330874578

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\bluestackslogo.png

Filesize
9KB

MD5
baa04f9b32b648769a2d3aae2f5667f1

SHA1
606ceac28f9f8e24a447e3678a02630d1acee79a

SHA256
eb8ef7e13b5e505f58ff6afa8a6e4cdb317d0dfaa409c23bda8f823a0840b002

SHA512
fc34d8d6b1674283c851f24e404a6b2e7af50d3d934106b49eeb4d58148493d6e06107831afeebca12679243b9c5d340e8b680ab01862ca0f9f9927d304f1846

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\bookmark.png

Filesize
607B

MD5
6ad0327cc32b67510bf8c8b7303a8751

SHA1
7310d425650f4e199f9a486ff2cc15ca3cd3716e

SHA256
285c3353775a578ade4f553b0a3ea2bc66b564f9ac40ecc8ba1bcc853a028acc

SHA512
3bfb35afc29b2947f83ef5d96b1351902ee4a35cc1e3d7f7eca83a240062ae5d43d2172cd1b1c89f5e663528b563e427fbcbed0e8bf879aac6796e36b75c510f

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\bookmarked.png

Filesize
482B

MD5
25d256c58b210e50965f33a4108d8c6e

SHA1
b3151294de9245af5b736e1fd3cb205d60f3690b

SHA256
c7dbe859e8c9eab539f9a69c4620f06b27fafcb358c7dba67fe8c03c717bed2b

SHA512
513f8c9168657eab5afa258768a021389d00f469c7d5d4816e21a4a88afd7c3d984c4e1719abb84f3cdb884bb5b1391f9eff35a3d8c2974d7b50a4c43d1adc01

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\bs symbol.png

Filesize
17KB

MD5
b9a3ba5afc67bd2d06c90afad3c49649

SHA1
e7ba9d288138eed554359564c827316ab028cfa6

SHA256
81db0b14386c2d6a141b89108899e492d93466116eccc1483b69b1dc7c56c278

SHA512
ec01236c4709dd557cfa9a0553930c8f25ea1b7ca38c3e6400c26b9d77b1a27af3805ec71465730f3ec025b6d90885d29885c59eb399c567b7df5a5756b1cdae

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\checked_gray_hover.png

Filesize
412B

MD5
ea22933e94c7ab813b639627f2b38286

SHA1
c5358c5cb7fb1a0744c775f8148c2376928fb509

SHA256
d7c79677d2ef897fa0ad1efc90e916c46da29f571208f78f24505603b7165c20

SHA512
ba447a1aedec49419e2b4a8de85c6047886f1a5ebb94f1c45e205a3780c6826f412a3892e97115b35e43839f43e346f3c72ffbf0c57d57f6d26b360ae61b3964

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\clearall.png

Filesize
260B

MD5
b307a7007ee638abbfed3d0758f8bb31

SHA1
d009fe0980d6b8a3cdf87ed802045ed09aa0d6b2

SHA256
ed2f3dbbdd8376a4bff319a6e81528071ac9dd898e5a4fc2835670471329cf37

SHA512
289c582b76a815725f5992f9f0e127989614f554634928a28983dd86b8a42d0eee99be37d422b009c77ccdfc808d2daa61ad22dec9f3b1e400e9ab23bf9041a0

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\close_button.png

Filesize
1KB

MD5
1d5c1eadf74e6c3043bf010373d08b72

SHA1
a93f798272318c5bf6c6195914228e6a6699edd3

SHA256
713e22ccc9dd0b42096ecfadb9b43cdb1cc71694da2c4d69c18d6c5ecd2defc3

SHA512
03477132cf26c2eb7ad86e9244c01eb492aeb5aa14ec23d84112a31eec6251e07373ff5d7bca339f2b53b04dfa1b0dc9403e5754c50a712deebe1a1a832a3b5e

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\close_button_click.png

Filesize
1KB

MD5
7fa6c033651034b4cf3281917900c581

SHA1
58c8d707b27e3da4ac2d67048039be808d9d2c0a

SHA256
1d3534f89de59741993b3a8b840c8d4cb0d1184093deacae8924eb6049d5f15f

SHA512
32d847996207cd7227a3500c160067ecd19db8fa1f208f538af30cd3c636259c25d4e39e015a23bde54be4736137ca1577811c614b7350fd83503da2ed0e7b16

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\close_button_hover.png

Filesize
1KB

MD5
9ff025e3214b099ee687e111349a1383

SHA1
23cdf4b73b55ac91c27a28ae2d9b18d2b1382449

SHA256
ea92cd390048a54020ee42f433415d13f9a827f0f03a2d71b84abb94a7b46638

SHA512
a2f1e27f7677ed9ff91522dc955ccaebf8b1980f38a6457389f39b16a75825a94e2c09146040b20ccbf35e21e74e2fb742c366aefd324120e8aa745a2874dba3

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\close_cc.png

Filesize
744B

MD5
38269616c034c2e9e5953ea128067067

SHA1
f1d034a001266c3acce239b6fdeca3f337ff2dad

SHA256
7071d18ed4cdf2e2e476ad5d2b654f8ca2456e12811f5e9a95003ed124d4dba9

SHA512
f708e468acdfe417fe34729953d524c7071e5079e71778f4040f15b33b80fbcc1760ec3c3a4ee610b0d762f5e4a5e25f2587069e878af2993291265d43c0bd9e

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\close_icon.png

Filesize
306B

MD5
28823c8e35bf75ee727a66ad12546545

SHA1
0041e6c0595202a7561308f3f8ca13091fb46f38

SHA256
ff1d745dcc896b3a0ed998598acd14e894e3cbeada25c73ce13e0bbb696f5dd7

SHA512
3d8359aa6222b980da4e545c23b6d11e5e147a2b9509e0e99a76a029dcc7ce5a9b8d16f6230420e41c8d7dbfbd0697d2f942d3e8ec159a96757673f2aa70caf3

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\close_notification.png

Filesize
288B

MD5
46c8bd1d7d9e25b5498c0d6f9cebdf0d

SHA1
9466084af733d0662a0ad039ebbfab10fb3c5746

SHA256
1689e1fe55e7f34d3b19910d68c8aca3d8853a0b912d886503e69509507dd99a

SHA512
a54388aec9192fdd6ce62e00bf74e8d4e911cc9bdf0632dfc8b4cf2a781ed22ffac902493cacd7667155905ed1c3a501394f8f9d5158f176b83f5f0bac775514

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\close_red_click.png

Filesize
15KB

MD5
6db7460b73a6641c7621d0a6203a0a90

SHA1
d39b488b96f3e5b5fe93ee3eecb6d28bb5b03cf3

SHA256
d5a7e6fc5e92e0b29a4f65625030447f3379b4e3ac4bed051a0646a7932ce0cd

SHA512
a0e6911853f51d73605e8f1a61442391fad25ff7b50a3f84d140d510fd98e262c971f130fb8a237a63704b8162c24b8440a5f235f51a5c343389f64e67c1c852

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\close_red_hover.png

Filesize
15KB

MD5
5ceab43aa527bc146f9453a1586ddf03

SHA1
88ffb3cadccb54d4be3aabf31cf4d64210b5f553

SHA256
7c625ae4668cc03e37e4ffc478b87eace06b49b77e71e3209f431c23d98acdd0

SHA512
8a5c81c048fb7d02b246ed23a098ae5f95cdf6f4ca58fd3d30e4fe3001c933444310ca6391096cfaeed86b13f568236f84df4ea9a3d205c0677e31025616f19e

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\disk_cleanup_click.png

Filesize
447B

MD5
82e09c0037797efeab59d7de278120a8

SHA1
d785a6eda820255fbdff1a37935a5ee39fcb7188

SHA256
b4853669cb1194a7f58687ff39d2d4059ea0c7840f83c2bf738c0f818b091721

SHA512
204d81bc2571d12766ed2edae4decfcedc4fcb46a11ec553295ffc0450cdcca84a54cfa764d50c457410755b367fa50e237752c51a2718a648037c2277e46333

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\duplicate.png

Filesize
222B

MD5
13a01eb488543f720b7a4d420226574b

SHA1
57609b4434414c981210614a7f38dce929e229e6

SHA256
06725850cfbeff625e6c2c13554a2f5109be20790f06e688619ce6a24e609114

SHA512
81469e4a6056d5602fe77575bac3c0760750a9e1a0bae9d61768b3b7040aa1be24fd92490c0705f4783ede0b4a49f24e22c2eab91c03a9aff278acebf59dad61

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\edit_icon.png

Filesize
449B

MD5
92f45e5aa3d4abe16b2be528c69cd8ad

SHA1
8896d093be9e92d03bdeebf7fb54466404e0a812

SHA256
1fa3dd395e094974484915d7c25e7f5ae8610dc4348cd16cc2cab128d38035cf

SHA512
fed789a84a79dbdc4c7f7df35e6aa3a9d88f4ff56b9fb87387744c474a15d23cf347ee08ab8c3528b7004b7ae63922278c6609beccc8552699051f315ad8f065

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\edit_keys.png

Filesize
768B

MD5
0c0961ca11d8aa80de48937fd318d516

SHA1
e23d513acc6613ae0bf3bbc38f2a4d8e1de5650f

SHA256
9cdb0131fb4d057e95726fcc9ba617e5535d7c70a47efc7f9f48a2a468ab51c6

SHA512
1c7e979e6eb83b35e03b1d8fb1f058e042cfa611bbd2064dfc95cf74b64076e71d2d9fa8d025ae6d38e9decb2a79e547f4ee80be01b83832806d509ceec83c57

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\endstream_button_dis_click.png

Filesize
16KB

MD5
3d9e56f972bd80309e84b1a155241ea5

SHA1
f93528a5f2f9599104194527242837dfb0d43ade

SHA256
5450b69be9524ef45839caa6dbb0c93f82a301cf28047c201497016135de48e3

SHA512
0cf181379225e8330fac806e6580719de247e2fbed07a883bc3cdd67304e16a5517bad760847fd5252371158a6107436064d2a8deb1f59cbb686198206648c66

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\external_link.png

Filesize
446B

MD5
28b0e093ae08d104fa498f8f38bcc88b

SHA1
82acc5d231e97c53f48781241ed2cfe8301a060b

SHA256
2842e8963ca5deaecc1258943510b8a3992087c58c3a0dd90365a4e3cd42a077

SHA512
ad3817de40325d5b5b46f7bab1572d1fa8dc01cb72dab705c760ddf3ee1a0bc5b1ed565037a1067a5540f7437e06e5c407d5a260abcdb61d0756f8257adff3bf

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\freelook_mouse_canvas.png

Filesize
10KB

MD5
bbf3f2a2fedeb9f0ada134a1f8601c77

SHA1
a9bd65af961298763a19d05022113bfc519e2c9d

SHA256
d4fa3fa0eb9164f742b9481147209438b85da2deb2612187a7a58f8a3045907a

SHA512
e6680181c458f65e7a24850ff16e01bc7ecf2cfb2c951b2c3ab8c2a646da5bb7081f37bc3253783a0fe309ea6716afed7155dbf8e67045f86bb861b376d94b01

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\freelook_mouse_canvas_active.png

Filesize
9KB

MD5
752d61a0bebe9eb804327a1e9f1cb731

SHA1
76d1c7eb069600a228798b2f49e19eefbe1f737e

SHA256
98a3e65d4974f525da91733c39804ee625b1cd15542f0c2669855ecda6a2f098

SHA512
45d02421336c2d174f7b26deeaa5cbb246a31b4d5b3a73a8f496b3541eb8bcfbb51247e7c8fae830df5ce2e6197f3b26cbe40385f8fe3dd87eb0d2d89b88238f

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\groupicon.png

Filesize
470B

MD5
fabe7437f1682ec11a2fd14987c4af41

SHA1
ff551a95b63962a5d789b3931e9a66e52bb58000

SHA256
2aca3d3869537ddb97acf5e288bd98f9dfe26cbcce477ec0791b3d3570d15fc8

SHA512
a73d1ca2ee72f1ba12962ac289cc07c0bedc1684a3036bba9c391cf6ffd92df589d613004282e9057e0ad95fcd3ec76d1b83f4ce1cca5e49d891694a79a53213

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\guidance_controls.png

Filesize
308B

MD5
e1ac7546e92d2482639d1b6672a6b132

SHA1
b9161a025c3e055c5d548ce539ef0573dca5f4c5

SHA256
8e7fbdcafdbe6e19530783d7a7902b3cd5a15fdfb32f1c1d1ca43230c91c12ba

SHA512
2c07af28c23bba0a2cde80130651644cf0e975b5860afef5bcb76d5ab6ffe1023f9fd1d7c000314ab907c377047f31b70c878f05e6a29250176da2bba358abc9

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\guidance_controls_disabled.png

Filesize
222B

MD5
cb62367f180f9bae1ef88ddfb3f584b4

SHA1
8b666841417c24d87dd1b3149a18f6841cd94087

SHA256
ac1edcd98e042584fe6fd5a49ff53c655870a0f5e93b788b50902219c88ee94d

SHA512
8fe4854645c3d0626b48fb1ee2fba9778c54e1b46b847798ab7dfb2e6bb79d4535d4b8a7087adec1c1eed222f1bdd5231fd8191000236a7d8e41c85e7d1bb53b

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\guidance_controls_icon.png

Filesize
229B

MD5
658811ba1f428288af0a53a9731322ac

SHA1
4d01d03a32c5d42930f0b89b9437a6efecd1578a

SHA256
96ab398d75747c86b2b65a1ba33102f91cfdba17dec53b43c5425530cf9f3ef8

SHA512
ccb31c564cfef236ec58c18dfa7dc219d086ca76b5ef0d0ad7f4dd4fc2b30fac737eb7b7f2818f07f9dc7e22c843eded4a6e997e4d864023bb1b7d85476390be

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\guidance_gamepad.png

Filesize
416B

MD5
b4920dbfe069354c44c1b181e3e2532b

SHA1
d2623a63a3f3d9560f4fdc712395c59be0cb115c

SHA256
df42b2067d58699704e63de1def5461d9b925f8d55c308c74fc428ccad8b33d4

SHA512
7b66d1f0d2b86f959f04cd2e96d5afea6f4fd2dd3c57341e29c24af949dc22d374382425fbacfc56ca7ff94d709244d3ed3d79f12693c47c849bb246e14869d7

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\import.png

Filesize
425B

MD5
09aedb66e4473dea2b1d47fc274473b2

SHA1
33131ec9391928e8fe29205776b48841a5eddf2e

SHA256
4cef2ef83fef14f935cdb957fbec6db58ab4a1cd31680376ffa59820b725edda

SHA512
9b5dc8a6b99da5e83365a55a9d707ada834f6005170a717341b1d7760a5cc28c71a97d32578b90a9367723c184dc8c3f59a5a766b8bb18363709d8bd3367b85f

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\keymapswitch_off.png

Filesize
1KB

MD5
5e0e02d4b4b4c83a5bc518a7685058f1

SHA1
c1a5a4c9d7783a141f9ef40f29f4742a84f3fbee

SHA256
4df6521a09889402105318949fc01e4b94c075c1c2dab8806f1b4994de251f4b

SHA512
047a325c128487f3b268763be84f6cdb727ef797746a912bacbe719b2e8f14f987ce4dfa2b4114ac21331d1c06a3976b1196db29f6f8049912246ff7cfeb47e1

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\loadingCircles.gif

Filesize
160KB

MD5
56357aae59af803bcb8cbc3af1c16229

SHA1
7949774b24d4184d5cd3ca78787820330e9e4273

SHA256
fcba6fc1c0f7dcb5a13e4ddf697ed990c2984b0c9c00b3beba1c74db4a170e6a

SHA512
d18e7f4c058aeb2011f0bfa88a3ffc17f9bd40a3c67d67080ea55d0a6f3184cd524758c44c9ac27243311055d299597cadd426bc0b4f139ceb5020dde90c526b

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\macro_name_save.png

Filesize
423B

MD5
cd785a6e03b68b39bb5578b5c0891c07

SHA1
88d5aac2734a33e6979f101f8e4d5954ce6153a6

SHA256
780226b5b77378551f8b94f90d063f587f9e30aa000a68b80167ab1bd552454f

SHA512
e70efead5c4628abeda23fdac4982f7b2633b762b219179d206435fcb5bfdd04fb2189343c7a574fc4d38ef865ee551fc0bdc12d4dad433c4836baae4ffb9a10

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\macro_settings.png

Filesize
534B

MD5
ea40871faf9552d5bdc21cb637b06380

SHA1
b88d91c1acee224376f3214c7c20bfbbc17a92df

SHA256
be2034eb06cd111e98443bd2d1884d9f703834b736bbfa68235186060701baa8

SHA512
cac20166b8170f09b371059f7a334ad82eafaf8dddc035b0045db38746b4a175f00694644e653bb0b0e186d9452f50775294e2119d885343db7e60494442bd14

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\macro_stop_recording.png

Filesize
378B

MD5
867612221a76c4f61d0fe7d1f27a10c6

SHA1
9c9582ba9f41ba4a7edfb79a35eb8bc87123dd93

SHA256
b143b98fb6cd9c4bfe80275c2e46b6c940783feb04f1fcaac64f2158e2c8e01e

SHA512
4a2da5f2db865344c6aad2daa263b9615b90ea7100f7f01b0a7843d116e3940d12267a8c4e3cbb33e88f5338867eeb0570e337205e9e93028cbc3cdfb57c00ae

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\merge_macro.png

Filesize
303B

MD5
1e454c596b741d8a4a133ec56888e831

SHA1
8b3709b1d4bccc0c89121899116ccc7188dabad6

SHA256
d6a920131df25be1b148f42d9065f0d6a32cc4683ceae3bf53a805149624d973

SHA512
87ebad5095e5d6dab5f40c727a1927ef547df6909fcb98da3e0510b83d3b12d88be72811df1a3082f4259dc543b960d07fef9f541ad5756d204b50ac4d859f2b

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\mergesettings.png

Filesize
664B

MD5
1059f7b8c11254b5c2d7209e679b0279

SHA1
21f4b9d8d91994af84a2d26bc43c6594f1838868

SHA256
b4d88c4161b2a664160049f0437122eca90462231b4ada9c847619626eb9091d

SHA512
ba8f49bff293848121db57d176ae7f27ed3a696776f7f26fa7f17d556059d865af37b336170620f37020e493c71f4e6c231723cee66ce61cc8dd5f1e6a22180f

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\mousezoom_canvas_active.png

Filesize
23KB

MD5
5e4889f08048018cb53a1ea620982b34

SHA1
6e5f08965c66547b63f1876e7e7d57091f23ddc1

SHA256
dae814e4c43daf46244225f2cca65cba1b2f60062af0b5db6bbe910ee0051ffe

SHA512
60e956d9d424fdedce72e1372c869c871bcd6a05cf370917838440562469893069016d7c80fcd377bcf6db20fb420cf39e9a464af88facd8dcfc9f5c8c59df30

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\mousezoom_sidebar.png

Filesize
2KB

MD5
20158bc3a62c4aa5ac3df5a279db7681

SHA1
4340a20d22edd3f7a16c7199d3dece6776051d26

SHA256
5fa6e2fe976147dcb64c66a1e20dab05a5aea0910cfc48c581cc70aab1262187

SHA512
c24ecc876befacc9750ed097762145918a643046c3219ab8d5dd5c1432d5cf9e30fe49d80a13d73756bbf125855b912424ae580c17679258f3b7fd6d88552157

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\move_icon.png

Filesize
1KB

MD5
8be2912e7821a766513c0055a4102fa7

SHA1
18a4ef7a46ac2cacc3d5a4bd3fd9575896f8e80c

SHA256
b651f4038faef05a91176f52b2122d8bd5552f4ffa91e4feca32e4521f2a0f53

SHA512
329516ca920de1bce4359cad56235a30696c9ad49b520c1596f58c29c2333b0cc21e6bf828d4f67bb301e5ab3813cc790259db506e52c8729b49fc8abec0a986

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\notification_settings.png

Filesize
528B

MD5
57e7304ba035442c4ac203d63cb9cf71

SHA1
a316a22bfb54ba1b23b318e9431bee6f3cd73b3c

SHA256
27d5df84bf13c83fee5fce20c1ace6d2ec972d1b08e070e177d6b6a9b856b996

SHA512
8985d7ea80c7d0fb0e523718d9eb35c4c5c151864db1fdfc401bc80ccced9b0b9a77ab5ff871e7cb0fed4ab2828a313d6ef126621728a1ddf66622f05d5a244e

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\openfile.png

Filesize
266B

MD5
6f5b2cdf0f58018059edf54638272e70

SHA1
5bf7fce6cb4dfaad7c84aa86fdc9b41bad84c714

SHA256
fd5874b2d462cdbc9189bc1b772549a1d3a05349c0a69801b9515b7c71207eee

SHA512
9898fd20d7a16f19c77824732bdb521cdbc84a67df5b49ef90b31182dab917d343dfc063176cda230f5f9820d1438e091d04aaa9df44673801dfe00c9bc2cd46

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\outline_settings_collapse.png

Filesize
491B

MD5
489e3162f16f2a0442be8290dd448ac8

SHA1
028a754f470bd18107a113fd019c724d01e7d9d4

SHA256
84df1fe2e6a39d1eb004963f8cd3a060f9836df9d3eef93e779247d516617e9c

SHA512
e50e64d9d4beaf1befbb9e477aefd4bc7c2076081008973480fa14d70b2d54ab265e8bf0516678113fd098b5274d38bc7708602295b4d67bb191fce5a90d02a3

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\outline_settings_expand.png

Filesize
507B

MD5
4ac5492fd475a43d4d8ec32f7b57007f

SHA1
e438d8ffd0abdf7ebcc75cf9aaf47799d5ca6a26

SHA256
19955e743c8fb548070a3d99d54c07c5b63e8b874a32913c48777e59a432d53c

SHA512
4c496dc6380b023448c50324c841a7a8573152eb33026f8aae10c9144678fa9f104af16477eea7950f220b1f39599d0a638800d9c348837f70b3b94801a6181b

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\pause_title_bar.png

Filesize
317B

MD5
b69b581731fbf9a2995815ed5e760f67

SHA1
a8f1543333932a54464687d6aada7a1b1a4c4455

SHA256
bcb4e4151288bdbae1ea4641526cf4df8300b4b4066a48566c2f85dfc48c6502

SHA512
c3d98a684fb5ca3648e30777a3e36cb4cdfb757c809fff8fadb6ac8afdb5b349f8dc90e874dbc75a82a961d5e2fa44c909dd78828230e1534c587285f8854f6a

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\play_click.png

Filesize
428B

MD5
14338dca476cc36571fe9d1760f89af7

SHA1
584c261c45827c23fab26e6552c88e62e9ee405f

SHA256
fab5b6eddd2edc0fb9d5a3b4f1e815754fcbd51702815fd554f8661bbedc3deb

SHA512
b4a625fe97855117d077e663357284aa9c3c784cc5beb2c0a426cae634ccac29e3b3da7c9b707425cbedf29f95c66bbc251f3124706b15e592af742284748dea

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\playvideo.png

Filesize
1KB

MD5
fc6e9f054f2571140b209e5510fc63f7

SHA1
561fef35e8caf00b2fa20b894bc4894a2edf6aa6

SHA256
83c2758947dbf7d52367b377175a59f8e394559db5c71a526269c44d60bcbbec

SHA512
dc8a1cd0c84c7d1df1e675a189dfe945e6f1e605608219e374601d89d5b7a09e270ec090e228df2bcb97a0b42b9d5b15062d06c7af0efac1b99e2c4faeda2dd9

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\recording_macro.png

Filesize
407B

MD5
7eb9ab6cc6eeddf01f5ab4fbb2876995

SHA1
24c504025f67f40e539350c23c1dbeb986750b10

SHA256
9039cbed4fd1d08a96f6b1764afb17f4033ed8cf8f00af4167ae2dc465e838a6

SHA512
3b1e65cb5f99228a0c2323afd9239454ac773f686baecb090c32e7f81162b45cc1a80759b0696118e65e5264f354b7fca3bbbcda0d1a9d6cd5be69a61535dcc1

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\recording_macro_active.png

Filesize
530B

MD5
d0e7e12ba46b1e16e833383a10f7fee6

SHA1
1669444115062f1c712de6f6f8ec36583f2199d9

SHA256
f94d404e91afafbf4f97513f2285fe78148d7f354d9bfb787c6d9caa889f258a

SHA512
d76d11ff01438ee43944e29e4fb5aa4d7bbd8430e74b559d5b991b06854b1545ff6c2bda007e5da85b3f3f05f0e55957873f27008d43f5d345359c778fe0a03b

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\refresh.png

Filesize
739B

MD5
a2dee34881507c1ef6399c0da304cd05

SHA1
86953019c53f8ced7aeaa27d16beb9258788bfea

SHA256
11799a1ddd331b02eaa609e25a1214ad0256ebe8606630838c4478c2e7715fd8

SHA512
6e12e66c5bdc857ae342cd4b93ecdc70168e799f05f44eb1b07602d9971fff606bee104463ddab0065211c08db11cce8f9a721431d49fa679172f9af28ff8fbc

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\refresh_from_cloud.png

Filesize
1KB

MD5
3c46f08248dcd280b2587f5586e8185b

SHA1
8270e9dd7e0be7cf452d0c705286c76c883f4349

SHA256
3c4bb204fa0a786c3c80cc2acc57f591c60b62788ccd4b301ca83a93cfcb4019

SHA512
9141eb2799eb54d99a5c57693e194bf4d977fbcafd30fc70ae3cf216dd460747ee1dacddfa130c4fecea8773615d2bd9802cc91654100416f17232da37f2cfb7

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\removeitem.png

Filesize
587B

MD5
558ee24f79d049b20545d3498899f685

SHA1
3722fb8b4f3a68c4cdef6377d77b2a21e3d713bb

SHA256
37ee01768fa943c8ab564ae8093acb0002e0f7cf97e8786a0b6d47dc1ddd0380

SHA512
b5fc560f43508bc43d6b95206ebaa0d30897941412afd7e75571673a1387834fc14d2446f7f132b5e8c34e5078c25e7ff645829313831ea804c6f031b8edd37a

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\resize_icon.png

Filesize
722B

MD5
0091e5b37906d47da76945ac14bdbcbb

SHA1
657ee0e1346cfebd39ce2c85c7c12731fc1873af

SHA256
9dda96937f725624567908c1fe1059ab03a4b0b3e5f9fd3697883ded3a0e851b

SHA512
bf61611c4cf30d6521a09ab108a7bb3120d7eea75c0eed840dae846f69957958b8c8ab85d956c36ef16be5ea99613d98afdfb098551e1197f235ceb0a6a6e1d6

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\save.png

Filesize
759B

MD5
a3e3dddf9d7227b6ec8b4ad2d23a2b15

SHA1
70a7f9ae44acadb4a07c91f73ab6e5717d709dde

SHA256
5a75a2b4b17074f5b4db3e3bc971dd1943022f8874251828abc80d6cc91a9aa5

SHA512
cb6f10e6747bb955aac5185ac6b510bd4d264936a53336771b9cbc3e630f15e7772b4dcc2397d736f3f8806d9eea6dcd15ccf186159c3ab9793c18547475a456

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\screen recording.png

Filesize
412B

MD5
c8eb8f00c79e6bd3ed223d3859fdf9f5

SHA1
86a694169e2eeb7069323c24c81aa61919f2b222

SHA256
b28496f10b300629de0ad40a80d339de6b406664a5718414f03cf6d02a83d251

SHA512
eae725da8790471d83ba0a1851bf5581968adb22e32f60cca0e34c1255b9bdb2442451ce857ce6af09cff925091f538fe1a942648c21c5b701b4a65fc1cc6cee

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\screen recordingRunning.png

Filesize
677B

MD5
0bc737f54c32670f8a8fa427b944ddce

SHA1
b530733279ab8843528fd8fc82c2ac6ef5c97312

SHA256
0cdc6e84cc27484bf5823ce5e6ad02feb1658dbc21446f97f38ad76dd992245c

SHA512
85c8911e70849308955c830c5db0fa931e162207353866c82115ed083e03c64d8d0895770230e78aea17f79ba7cf46098a363205b672b1b8b3564f79049b60d8

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\snooze.png

Filesize
582B

MD5
e07ff0b9523f4bea89ee67f64b214338

SHA1
d4406bba9667668026ff2ffb6375aa625df6916b

SHA256
4df98ffd0f12a0ce1621d2e28a0fcbad70326fc2dfb66008b6de8892d5e3c15d

SHA512
d58ba9cc11d98d8f91f4ff82076f8c6133b47b3eec1a46117a4c86469b9551ac3ef1afaf60e4c1212899f4b0cf4d0cf740dadbefda4ac5a9a51a1af674128823

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\snooze_notification.png

Filesize
485B

MD5
6d7ad35bf5165d8ad2b90508f0528153

SHA1
b2f9f33aef35ff90a86835ddc9e5928eb0a38359

SHA256
1add31c3e4c677af5a392982340add8367df8cb0ac44da72ec1717c09bc8ee7b

SHA512
a4125211d53124ee9cc549fc362ad3473eafdf9d6fa4e320de745188d36693bdc9a65d6771a9e39623ffe922e66ad8bf3bca0424b38c3f063087abbae6bd86f1

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\tap_setting_icon.png

Filesize
1KB

MD5
19299a51585219e4ab137708d9e5d4ed

SHA1
14e4509c74e8875318bef1d75d9530692fee50c5

SHA256
ef2b993f053dbc9560f5337503494da07305ef23aaf2118c2443b72a2bd1851e

SHA512
c3239989b4721cf19ed8b754fa77feb8458eec5f607ee417b691df855f9f842a1009e74b41a52522cc427ae1db0f377acc8743d2686d092491d0b79277db209b

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\unchecked_gray_hover.png

Filesize
176B

MD5
62d7f14c26608f8392537d68f43dece1

SHA1
add4f30e7c3af4f7622e6bc55d960db612f3bb0a

SHA256
a631e26bd5b6ea19c8c65b766a056c92ba8a47e1483768dcf12b05293c9a7a0d

SHA512
e41210a78e6076954f75a2f73c0f7628e8604a09ecbb1d2ee0972741d4ef1d814b366828977c02944736b03ed116bc559a2ae47ddb7cbc6f4e54578c8263edf4

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\ungroupicon.png

Filesize
456B

MD5
1d8a58bdb708d0258d5b8dd81c30d218

SHA1
6ca8499285a755de06aa277734b96a3cd83bf3fb

SHA256
735203ec7a7ae42ab4cc86407b20c4414ef1e7ace0b8bb29eca628f07cbbd464

SHA512
fe13a85e943967f3ea528f8f2d4c3b3a10c20815799ed3ed162143ba907ccbaeef664a84088fd63f3725442300be7630913b247e52467ee389f9572121ec72c5

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\utc_converter_close.png

Filesize
531B

MD5
96f467f7a079d2a3db9309887ea81bd2

SHA1
69179189f7db35c7cc75239b38df4fd52ff62078

SHA256
d3b87160b0c45de55665b0f4632cc1fdf0ba2dfc17c9db4e1575d90818705c29

SHA512
e1b8371820732c69807770fd966608571d67bf590c3ed717457deef23651561f551a5824ca29328dfc5fe9ad2c18b64d24d5725c91bb99521da0cd4c924a2186

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\volume_switch_off.png

Filesize
1KB

MD5
a872b83cab9c58dabb9d14b010fc0b0d

SHA1
a98bde1ceb88d8171f68b49f9abe46892a044f83

SHA256
b38ebb3da01288bec24dc8d0086842e4b89d000b69f741af0c3d388b0d128700

SHA512
b92c54ed200c44c831367321b388ccb7042ae8f206d95ca5882859ca830a655d8cda84ff6f386c4ef321862d6a36966b161033ac2810de4d90e7374772de5da2

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\warning_hover.png

Filesize
853B

MD5
fde74217a0c64e5d30cb33de16e7ca23

SHA1
3c23517b3ab4b0ee12964161dcc5144ea4144cf2

SHA256
d6d431d75e1f66eac63d2b97123a09823af24f1384733e4ddd0c8b94a8d798a9

SHA512
32d65d811b8c252fe75b94939c3b2eacef57c545792cafd04d5ae44471b60aa710313c47b0ab1bb12bc51b688c2332c0be6f742ccc01453747ac51b6705c5b7a

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\Announcements\1223234919_ScheduledPing.Exe

Filesize
2.0MB

MD5
7ee5d5f4c8c16cbc3b850941106d9633

SHA1
9cb356cac3f4658fa6df9895f2a113e3dc5803e6

SHA256
4c067a4fd783d289f7bd529e0d417945fac6d0ab01f1c145b369aa726d40624f

SHA512
a69cf7e8764603e362a3fdec8939c4aeb3aa414a7c2f5847bcadc76bc1841480969244978b85d5d19d8a17d02c34500ae7d7ee23ae2e43008c1b7e08e4b7b6a7

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\Gadget\help_center.png

Filesize
26KB

MD5
f43be024db811e2a70962beb3495b77a

SHA1
6b10b34a4b6b391aa68acb32100dafddf4af6a38

SHA256
e576177adf47d0d25a7d20bd53040917e49e9726823dd3f058284326963ac592

SHA512
362d5f9d785444f9b667d257f48a45ff260a2bfcef731618746324d8b5bb245f26043fd0ab576bba32ae2df66753a9ca67aa22aebcad62a2b4268a64d5435857

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\Gadget\req_trans.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\Gadget\requirements.json

Filesize
4B

MD5
fdaf133263369980df600fd06ce738ec

SHA1
a0b6262ba8cbcec6ff4deaf819c552474b6f8f2f

SHA256
5cada29124805d8e0454dc5b67225bbf87075cffd53418e9c56f674708220e2c

SHA512
890f0df02a824ef9c2cb3c7f9e63ce74846524d8a6c6ad0c6e17237fae087548fc40cde6c54dcd1e4b780c0f05930a6c0ef042b8036f076a0983bf5259fb6056

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.activision.callofduty.shooter_mac17.cfg

Filesize
149KB

MD5
8e1cd90f17d34ceffe4b0b4941237bfd

SHA1
71f69bc6e738cd4bc6ec41e87cc3ffd62da07be8

SHA256
6bb105757981bbacfa4531cd6b90c2900179b62c97efb454b542a8e056e9de04

SHA512
266942a4798d5fea8c3d0205526b6cd82ba65c7e7debe86fd10708709b8dbaf375c052a9cc8c684c132992c08bb2b613a91748510fe6cf81b64e25dff885220e

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.diandian.legendofhonourkr.cfg

Filesize
10KB

MD5
d5f51f3556e6592bf4419a7c0aa2da0f

SHA1
c54b69931b886598f1a16b433b885b00e8b8af23

SHA256
a6e96edbae293953272a98c1ed9a9dbf7da42a94d99e511e9f5ab93dda2d068d

SHA512
6c790ef6543cb08fc1d27a1302058d2c4f8385cbca653227fe0f4d77e2a64d3f8a320010cf128e8f0a7ca32de83ad9c387d7d426adc26af1fb911d467b8266a5

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.dts.freefireth_bgp23000.cfg

Filesize
124KB

MD5
3293896d5615577e632959e3ca6f4dad

SHA1
24dd1ec260f28941370993d228a2e2d7a146d809

SHA256
de6a4701a31b810ad88f263a3b5840aa08d322464d1780e37f5b8aa895c82059

SHA512
dcec9ebe867f232082a422a98092be12dbb08f34b763cc81eb183c1da2125ae8ece0d7888b12ae27326c876539b8080adeb05f6e4887533c3392c3bacef88319

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.dts.freefireth_mac23010.cfg

Filesize
124KB

MD5
7e7ae38ad25ebccb5c4a12f6158c843d

SHA1
bc6fea064da876100f60fc6082b8e13ca7a7a4e3

SHA256
3e851988022075601f8b3a1fc255c7ff1505987de159f73e53824151ef2bc1a3

SHA512
780dfb87a6850c56d019b5e75a7ece61ab484e939380666004689afeee82fb592cf7666ab6722560e9f8fa41cea393fe551013b1a86e1a51c61fad5c1d1d55ae

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.ea.gp.simsmobile.cfg

Filesize
2KB

MD5
390c619d4e0d624360c253556d9b10a9

SHA1
da0d73147fe03f7618785115520318663f25ef93

SHA256
6aad8ed62ca50c98bd95f67dbe20f1797f9a3a6f70e2c3c85d01723cd1a10da4

SHA512
5c84dd8610a901a2c45e026ebc3457368ce279d647123f8cb986090f168306958e2e56f51fa6f1e89678c9b6e07c52a4f2113a101eb578e288d73d099a69e3fc

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.garena.game.kgtw.cfg

Filesize
32KB

MD5
91f47bf05da9e03f616e7164988019bb

SHA1
81ccbb739123f4a0984d8968989036efe27e1739

SHA256
7a8bd825781732091842b27685ae6b68f954535ed9732c8c8624b1245edc24e3

SHA512
2a9894d90c5a13bf58d0189c0f0b5470a9ebc6d2108e0fbc5adcf1b79fda557f40f23ff43ea0bf4380a6dcc538018082cf5fd05fc2e62c64eeefdd813dbe81c3

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.gotgl.kr.cfg

Filesize
13KB

MD5
f654f7ffae08df01df13ca5a4414eda1

SHA1
f547a0d7c38c20304dc49f56972d042f86b0cfb4

SHA256
369f05b655da2ec8996a1556952b7b2ae0a5fbea8b8d47918a421dffc38a899e

SHA512
1f2e2d17b4857d0475b3d46c7d8cc57cbd84134eb86b1df07bcdd4e327dfef2d7643b833aadc5d4693fdb68e9373b3b9feac1e4b5b7c7d951a9f2e81239550a2

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.heroesofchaos.ggplay.koramgame.ru.cfg

Filesize
5KB

MD5
9be971cd126fc550b8d7b38364ea534d

SHA1
7acd277f59621cf84ff63097974d9c6a512b010e

SHA256
95083501e00735ee46c9b064637d3580bc72847bc23784bf1132c4a919756ec0

SHA512
411a1fef513a06b7c087496d1cb41b6f1a91760bc01d5527bcbe73676afe74fda370bdc24934893166ce8a38ef8caa88ef955b45492f9abd6c230a9ad7d7cd0c

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.igg.castleclash_fr.cfg

Filesize
2KB

MD5
9346c5858c1e1ce56cd918e9cc2831aa

SHA1
ecaa89358e7f8a8f21ab7bbe2cfeaffff564346b

SHA256
d417b9c7b8f304665c97f89a6a87f7a4624c9a3068ccc64065fdbeb7598d2ab8

SHA512
3e83f64522c5ea2ffde8de5a93fc9b0083bf69c99d39fee6020edf7b0939647566903ceb82fb33a665e25f7d40b1434b100cf876a3248baa82d55e2b8aba8d13

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.igg.castleclash_pt.cfg

Filesize
2KB

MD5
55597330ce6c2225b7cc1294158dc3ce

SHA1
f308a5ada00e3d62e713e1b872663842fa97e6f6

SHA256
a024e38ee01bd842a02a26b515c0f7f0a0495ffeddb8eba5b150a2e9e28f5917

SHA512
f903ad3d6b26536aba872397b554960913bc71432c46fd1814dd4c9f8d1a4602e50f02f096ef00b49fde0487a6cad6370e97f842adfa055f12d626e26723db2d

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.kingsgroup.ss.tw.cfg

Filesize
19KB

MD5
8843d743cb7930382f3403538c1b0050

SHA1
c16104598d93fe0c6a2e87b8d79912e64c1a0979

SHA256
51488378946fc8a5e624c52640d8ae85967f4c404239add50c4db77ea209ac3d

SHA512
8d7055a57e0179c426b014fa2e578c3fcdd4ec406f606044336c67c637320f478819df2e0e648f2e96ac00064087e00f7b01d0c984ace238d80bd9d397752f3d

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.lilithgame.hgame.gp.kr.cfg

Filesize
13KB

MD5
3933efda00c6f527523c1af1ef898bc6

SHA1
f3091bc3304832fcc66ef57aa2378c0449fad87f

SHA256
866116a61f91b3043b4269220d9691bad14172be402370d99851f1c92f25917b

SHA512
b7abb84ddfacd8d5ae78dede2f297ca7f824b59d9a8f1b0127c4398af5c6171a002eeb5b55fe4a2476c7260e54bbab2cb47016a9771d2b380bf1397ca3dcbf7a

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.lilithgames.rok.gp.jp.cfg

Filesize
17KB

MD5
defdd1db24cf07646e2683679da30a73

SHA1
e13525247adea8979ae0b97d74415b1a2a12fdbd

SHA256
4d38875de42daaaf9f42719a2cce7116a448843954a36d665834b26fc07103c8

SHA512
7629236618faa614969f5adc87c30217fb26e8d463b377c75d3c06dd9c4a836df3b22e632d2fdd1a857a5b8273b841b8507535785a15b968828eef261d53f66c

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.lilithgames.rok.gp.jp_220.cfg

Filesize
17KB

MD5
0793614a8407633c07c1198b3129359a

SHA1
42c3fc8c9220dbb19f161b1299c59a351ab68875

SHA256
8717aa2be993a67fee174d6247aeb9b56344f82ea868e2fdd5c98036d7334203

SHA512
00f93582a5eca280a24d615f8326faf54281b4fcd950028dd99291b470b16cba4608746a1fcf3e2274183bac049e1a908de5d1473a862a639af2c9fcf455d356

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.lilithgames.rok.gpkr_230.cfg

Filesize
17KB

MD5
5673f49b223fcea9ac40f2ed8435dfe5

SHA1
584e8bbc013c26227fb9d72436a55c14d1dcd668

SHA256
46172f6acba1ace855c1b959335827ba043a376db3dacbb75cd90d0755805c73

SHA512
71fc348dc5d0415f90400c0bbe0833cb74d884201ad851cb73e9ebee57082ac678bf6bdd3a2bad6e40512ee8511a1b45712bac4c23bbb6e441ce01456fc8608b

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.miHoYo.bh3tw.cfg

Filesize
8KB

MD5
80464c1dc6cdbbd96b434fc98c6b3f79

SHA1
3180e61de5b6a4c0441d1a44f8e47625096165e7

SHA256
38b3e985ced7021182d65ea8b0f027924fe5cf1f1fa0fa648fdcaf1fee29b929

SHA512
612e8c11ea515dfa3ee5dd6eef7bd9fdbd29b082d23cbf9e5b2bf200f5b9cc21ae416e2d46091d1ace6e5cb4b29ea6ab99b1523a020255253127ae8342c18a1b

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.nexon.v4krteen.cfg

Filesize
17KB

MD5
97fad2699aab9a2f2c26bce53d6cbbfb

SHA1
4448e1c12df1a4dc905bac09f6b440df8f6e9efb

SHA256
a86f403ff56b8ff3f3593be3504090b18b475b6a33eedb9c8d117c40a0d8710f

SHA512
8a57bc6490bb269ecfb5e89cac6d95086dd5e69fd1eeef0a828c67af26c9a61f6cec17219526612c089f3169be94573b681988b725531ab6a94ab767f91b1b71

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.pwrd.pwmru.cfg

Filesize
16KB

MD5
1920200604b372fd4fd594f94a7ae849

SHA1
0ea4fc70c3ccc88a17ec1415daf9bd7637d5eedd

SHA256
586d48fdce171aa9ca55aa3b261d4bf4bc6b6d66a22d6d3e06dbca363c2d47f6

SHA512
457e925b961d4fb9b124c7aefeaf5e1d5243ae55e548524a9351ab42581351936aa9c45c90c7ac8572b70274a122fa2c72fff40861092815d70cd9d6745afae2

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.tencent.ig_205.cfg

Filesize
85KB

MD5
f64430d4fd2f24c8b80f7efe859a5894

SHA1
398111dd06e4041e17d3cb5d107a66a91b988619

SHA256
e7082e356b5e29488ee19b0718a0a424ef4bf426aea7a5e00cd81774b2fc1863

SHA512
9321a87cb2f72cf1f38dd9daffddeb016a2cfdce660966b74936f3fe59a6571cbd74356641b6aca3cbc8cbd41d00fcf1046eaab5d5a4d49b8d59e7eaea38fa7c

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.tencent.tmgp.kr.codm_240.cfg

Filesize
179KB

MD5
9fc1e6272d596e13a5f8c38bb3386756

SHA1
cef8a8d3a49aa68aa8045e43ae6390c7c344e969

SHA256
c08ab9122c421f1dbe54bcb9a2750ebbc3f430e6c3dcd7f79862c2fd8df3cfcf

SHA512
02436e600098efc1439a77bbf752639bb234d858e6af3126ad5a33697dd33057988957bb7f25273e175ad907abc74853563a2e9a3d83b2533a45f6ffc44f992b

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.tencent.tmgp.ssksea.cfg

Filesize
11KB

MD5
6b158d56f8714987a8fcacc66f184d75

SHA1
4f9f0fadd1590978edd81b71748d62dc0745e253

SHA256
a0497961c46426106d8f027c7576029b018c6efc58effbc40866e56952a56be4

SHA512
e0f73a1481d19ab0c104a3408ef766ce66786d77c84eede4eb0d6b512fec3989156d2c5ccba2585a5f9228251e32f2f1e7892e29d8e10cc41da7bd9653357460

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.tinyco.familyguy.cfg

Filesize
2KB

MD5
4d35806934f0d246822e3efdb2cbb49d

SHA1
580b93f0c59fed4c166793d0f9166b26c9e31e12

SHA256
9e07436abb891b22fe6b05bed5f072eb540603111a29fa548df40ee40378fb5c

SHA512
7054d8729cb340de6bb212e573c13f12531fbe9f6e776841af3d7b36b7fb7c342fe953ef815918c9aa9b07bac614b688bd1d9e87a937026e0e56f60d44df8007

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.vng.pubgmobile.cfg

Filesize
68KB

MD5
5f991cd4e3e10f300a705ae3dfeaea3d

SHA1
02b39cdd57b7e984fda4b5e81e32c4542219abd8

SHA256
12f20a6d9fd993e332f776fbad981681799c8120d2b2f84c1aabfa7b0b520bd8

SHA512
a8d964c0643b6606b7867144bac71e3f2f8dae7bb98eafda81f5bc35d19c80b2b53606fa4c01a0294f14b5b1075e89d64a5354e645914a90bee38837b5a1559f

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.vng.snkallstarTH.cfg

Filesize
13KB

MD5
098616c87ae5ea3e240d7a4cfda1f99e

SHA1
eca8515180917c65906b7c8b3c4915b9cb0fd60f

SHA256
b0f2f07a118d3602bdb91fa5df065afd850429e6b2c4e5443da71d61544dd2ad

SHA512
a5bb13c9ba510f29115d7e9a0fc4f77fd4599fd257b6120ac9785afd896933dc48ac9399a5a1c8f664db24d664dc28c43831832a9dce8b3125a3010b5496bc3f

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.xlegend.aurakingdom2.jp.cfg

Filesize
10KB

MD5
8bc4f726298c29f4486ea829f5360bd9

SHA1
829ed57dac229c64287a42fc9720ebccb76a8672

SHA256
90600a509b9e128784a35b20f2fec1e40b934e849e8798a4ec528b89016eb6df

SHA512
be471dc31916d1842acdedbc47689786d3e4ea85ce50d3588b22563bb415468bb58d0f6dd2d5c56f5e1d6a5efcaa3f9afacfe496fc76e704a6099292b3054921

Download Submit
C:\ProgramData\BlueStacks\Locales\ProblemCategories\ReportProblemCategories.Json

Filesize
4KB

MD5
9e1141a44519e9359739464310857bf8

SHA1
abb797ee7b512c77741978330292287d9c0d92e4

SHA256
42d8b6964164aa0e53cd0d5b7c59541bfca32b04f54b3a3cb07d9080eb60bf0f

SHA512
caced755aee6096103a067648ab069d517769bf4e89634cb0c96f00d264af786dc1e236f09652cb161c62c48df5fc30504025d0dddde709a05c87497dbc0daa2

Download Submit
C:\ProgramData\BlueStacks\Locales\i18n.ar-IL.txt

Filesize
165KB

MD5
cd2467d6bfb059e33e43a7509ffd5a1d

SHA1
e0a48a170d49c9e0753064e7b1339da5fef40a6e

SHA256
7bc24e1c55a528a7bfcf65f1a9a596446e5d01d2c7aea44bcd24acedcf56473d

SHA512
d3df4b3074ef4ad5c90c48c503d8292987ef44a85626523b179c8c0ff0fa548bfa0b580efc145993943d2f2e16ee886afcd9095ebd8d22e4e87dabe59a864272

Download Submit
C:\Users\Admin\AppData\Local\Bluestacks\BlueStacks-Installer_2024-7-15_15-46-26.log

Filesize
199KB

MD5
166443328450fc5d22d4e608e1783c14

SHA1
8edc00cd3dfe5546c29fd2cbc3aa7c23cbbdea3e

SHA256
654e7701e0ad6b04737d0c3b93a889b963773322762eca34af930cdba78639a4

SHA512
4f194b25ef60883fc1f91a49cc9a7d3598c25f117cda7a36027c5930d53bcda7e75b2ffed203fe90f8259c3abbe4b231543679d2a708b9235e82ad2ba403214c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d406f3135e11b0a0829109c1090a41dc

SHA1
810f00e803c17274f9af074fc6c47849ad6e873e

SHA256
91f57909a10174b06c862089a9c1f3b3aeafea74a70ee1942ce11bb80d9eace4

SHA512
2b9f0f94b1e8a1b62ab38af8df2add0ec9e4c6dfa94d9c84cc24fe86d2d57d4fc0d9ec8a9775cf42a859ddfd130260128185a0e2588992bca8fd4ebf5ee6d409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7f37f119665df6beaa925337bbff0e84

SHA1
c2601d11f8aa77e12ab3508479cbf20c27cbd865

SHA256
1073dbff3ec315ac85361c35c8ba791cc4198149b097c7b287dda1d791925027

SHA512
8e180e41dd27c51e81788564b19b8ff411028890da506fbf767d394b1e73ec53e046c8d07235b2ec7c1c593c976bbf74ed9b7d442d68b526a0a77a9b5b0ab817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
1dcf7a3e340f94ef57449b9d777f1cfb

SHA1
1872ce52d59bc179e52464c5d3b78907cb45bb5b

SHA256
8dfdc3cd508181aef5cd59c733c8321421af7b3007fa59dee64d88b4d85b3d6d

SHA512
55a28105284d6212c9a39d3a2bde2249be6db12b47d0113347a6c7900b0177369dc26599fa7a69016612f5497e59f41e4769af631ab8833cdf4546b64c5e169a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
16a7459ab9a82807236f099cc4ce1b03

SHA1
8273da718e145ba83ba442379ae203ca861938bd

SHA256
9e650910c430d4aa10edda75a8d92e2540afdadddcf24521faf32cb7879c2bf7

SHA512
db98aada8caac965422b0bd22dacfa0f6ba9f130205741cceb11c23250a8c8c030594a20138b3c4d6ca639184983add0dc9d25535a949e05be9c43114f57df65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1a11c05a3a7e24e1a434d5b64eeef7d9

SHA1
81e38ea74797aa79999ca33674cd9150e6376d1f

SHA256
e5db12d0a051c4ad74dfa066999bb9ab664b0d4478ed17a27cd39817e2a96cc4

SHA512
11798db448eeea1ed3b0dbed720b380c5619eeea7cab17f3d862949ce649a9a948bd24c399e4798a227c7c14017f9904dfe6cb18df1c32940d37ceb21f1a7771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7c5497071018f1e61ad1da36917e6a79

SHA1
04c3fcaac640085a80853a4565833089cec49a1c

SHA256
774b5c5150278f371059e84bb190f59a6c39665cb06068020ec16945bd3f132d

SHA512
a2f43e1956c114e1f713e1a567db747df471bd76b51d86aeafb58d808488661aa8829340358dff167724f175b458d45fec735d07478cf8528a2081fb7801e7ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2bfd8b8617e11ff591d95e029d297e1b

SHA1
917b313ddec7557e4affd0030e917a789006a934

SHA256
cc54c356c4f5065b56156d04bd5ed69a5b762c12dee7eabc8c8de2fa410bda2a

SHA512
2acfbaf3ec3d7bf5938b59771b1f16e37782c3707fe0ca5660261f7e702fa8217b8c89227c75367618a712115f70ef9b6759ed9151cdda374ff715fa9449d41d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
33c1efc8b766097533bb2a9d4a1d885d

SHA1
c9fd3ed1d420bed345f66444bbfbb02ebd5ba178

SHA256
6455bc84104047a40dc2dc432809c2fc658dc5d89761d91dc75ce0b01ae8a444

SHA512
1ea9a4298f884ad849518fd866f77ea2a4fa0bf972c31d8fe5bce9af3e0e31732e89b66c692eadbec1beea7706335413bdc19f6e596742fdb18bfd2df4df96fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
65ce8f65d58255a82c7080e69e84db4c

SHA1
6f68bc151940ea84a70a6d76157489ac7dac6785

SHA256
e811d2ec25038bf743b90df837bed1ddaadc250346d3b62f5cdff8b0d6488da8

SHA512
5b5e40397f5e6b3890e828fe7ecf0a7e11e6630eea9fa1219a057021a7203accd3291e7b7246796b63db1f4d98c106699257ef0dcd4bd4296220f8c07251daf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b9d91e4ce8d9747c39bd1c999e0307d7

SHA1
209c0282caab5412f9b4a0eb15ab9ca625b1c057

SHA256
22e76c694f40124b378a53006ca0e2fabbed3941aa6f257c7d74985f1363c973

SHA512
3125120c1787f1c4a9bf19c7fc72813a08f15f23066a8d94ba7a0e067a7b4f221fcc122da145ed96d4150857f55a4b7cb8e6b372855f2bd1b83d0e24a4ebb96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
143038c4aeb15b5282148d951e1414b5

SHA1
5f82766bc718ee3d22c32a6cec4b54246f5f86de

SHA256
005b31c879f663313565e418da4936b853043222ab924ad886fb341590fdb34d

SHA512
4997988ad03c2e9b443d6ce99dc772f848f874f5f8d724e1cc8a762d448022688df744a8daa14d0d87ffdcc9d5c1788403eebbb2da26af0ade1640ede4876f50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1f14fd52527548dd9e9d86a985093197

SHA1
06976e083414ffd4860599f7fbc3b436ab1b531d

SHA256
97a58138c2c4a03cfeeca77a9d23d771dcc1052fc4cf41de2152d767dbaec372

SHA512
e895258b598d113462e3a240dc2b0a046ad409eb9190aa96dbcdc501e49e8384fed76e1a97b86cfc650a2e12d05684d0fcc0c280c5919889845b66419e1f4404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
66c9db169ad1bb1296f3b862edb01a56

SHA1
8ee65e195772f7561ad877a8c871f2da4a440ab5

SHA256
3ac9931011178208228226fda2df895c5ea6981518a04e3e88bb513adc7f7e96

SHA512
6652dad4852a6b1088d72fb758db5765bd408d064b2fce151d8e3c4d81012ee1f66d677877cda93c2d0e0ac17f77d2f064b93a0e24ab1f5dc85c99f94c426ef9

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG903E.tmp

Filesize
2KB

MD5
c82c8e2e7edc2c2559c4b4947d6b2958

SHA1
c6babc0306ac15f5662839d9977235deee10be78

SHA256
1968c31518807c8077114cdcd9ca440a7b51984fb9d1381dbd602daa31f4f917

SHA512
6f5eeedcffcb259113f455078bdfa2353203efa681cef2d8d37f2eaf1c1fb46ea66085f7d5eba4839c66bc10cae56cd95228ebe9e54bfbd9aa0b38554577941a

Download Submit
C:\Users\Admin\AppData\Local\Temp\REGF021.tmp

Filesize
31KB

MD5
ae8957dfb15f743eb657d44effbdb4d3

SHA1
4d315831442445b7329964bc304dbfb28b7a44ec

SHA256
805e423b175d5e81d5f78441dd9cb9d36cf9d203a208a2573a42a6c98d3252ab

SHA512
0979e3ba34e4507a7cb7f291960f491601205f719ba994ac7b1baa66a482be8599d78874cb81a71effd1edff6929d9d7704930bc704d338781eeac65d70e89f2

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\7zr.exe

Filesize
722KB

MD5
43141e85e7c36e31b52b22ab94d5e574

SHA1
cfd7079a9b268d84b856dc668edbb9ab9ef35312

SHA256
ea308c76a2f927b160a143d94072b0dce232e04b751f0c6432a94e05164e716d

SHA512
9119ae7500aa5cccf26a0f18fd8454245347e3c01dabba56a93dbaaab86535e62b1357170758f3b3445b8359e7dd5d37737318a5d8a6047c499d32d5b64126fc

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\Mouse_cursor.png

Filesize
4KB

MD5
e2c6fdc85367cb70763857037314bf6a

SHA1
b4bd4805bcf028ddedb7245d1d5023a98b5aa315

SHA256
0ada5e19ac44f28b67c53a9e1ee238463f733a489bb0d043859c82e965614af4

SHA512
07bcc7a9319d23f351ea9061a15373da011ec12220af78660188a9e9c386c518860ecb43dc51127218901b0b4dd09dd5b502c1c8f984ad4dd239eeefe1efacc1

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\State_canvas_active.png

Filesize
4KB

MD5
f2737f2d7642219398a511e00f2823a8

SHA1
890feadb31915381fe8c959011a4fad8842e0bbf

SHA256
d9e4c1b2d4d0fda42ca2eca37351a84ad5dc4e22e405644c5e8865b96db43ad0

SHA512
6710261ad2b704de2fe9fcd0a2a569639b180dbd90a7838c40d5d9f1b94adf114f98ccadcc80841a16dcd3b3412bef7e353111c5a1ca20df38c8a03ed87c52ef

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\backicon.png

Filesize
2KB

MD5
fe2c44d8eee03c4b8fd6ae0bf750145e

SHA1
4572f4407700ae75d634ade2855eac1081c07550

SHA256
b2123fce1b446e29509c04879ea7e9387efe676492b2308946313d349d5e652a

SHA512
08bef4d893b68c329430b901c42efb1cbe76a079213869a1a99dedc32ed96adb737bffb83f3bd2c0b77c0ffa4feb45a3b3d531cef0e55e2345666f1967af4b60

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\bgpcheckbox_click.png

Filesize
176B

MD5
86852b8d52fcab9b23e5ecd2345cb28b

SHA1
902805a9080bf9a2dff8ea69d228ca8216853407

SHA256
c0f7f6b9b95a5463258916afd1337e2ca49a8c69a20e843c629db8065a00e68b

SHA512
476a90a0714701702ccc59ac0b1555d7a75f7665e6067422fcf389195f625ca5b308627059c0dbb786565a773ce643737923456b176a5e77f210173248d19585

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\checked_gray.png

Filesize
2KB

MD5
9f074b5eed5e579cd2f8da23ce1a0390

SHA1
10a15003a85ea94e729c58b7d17a230daf069344

SHA256
098c6fc2f5fae6098299215e33f86654a211ccdd89bc697ff989691b84c7bb91

SHA512
a963d08104d981136d2c3ca11ee8f4343d4b26decd58a5f25d4da19d4690b283783ed63e2a409ed3d57d78383016b59a6785a34c5a789ba5db05a4b6697700e4

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\close_red.png

Filesize
15KB

MD5
93216b2f9d66d423b3e1311c0573332d

SHA1
5efaebec5f20f91f164f80d1e36f98c9ddaff805

SHA256
d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb

SHA512
922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\close_themedisabled.png

Filesize
447B

MD5
b09525b48c0023f893d6b64d06add4b1

SHA1
10ecd439ea04e02eefe17f6c110d0c0a78a1db21

SHA256
caa2a8fe9b282939a21b86f8f61fb0c9452222cc3409f06cbb0dcc45613aca8e

SHA512
c6f5a7014c24133eb576708ca17d15becf2b45ec278b3f94e5275e47c78cf0f2eb8bb1a17d277d1a665039f38f2e25faf830e275f426b0a94c6a3da096b6204f

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\collapse_hover.png

Filesize
362B

MD5
68c072e8aabe82847a71e16e67f385c7

SHA1
807cbda180a12fe8bca35121f0de5caa0f3478c5

SHA256
b03e51a5c7efd136df2abb5d3951cbd6b23d94fffc49c6b874d26d92b33bda3f

SHA512
c28b324636524b2759b60224cd47f8048cc0d34b5b0419154e13c328121209d2ff249b2f5f9a5c3a8259a90f814758a2e6923ad3a5382af91b2c993b2f46e71d

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\community_macro_hover.png

Filesize
878B

MD5
dd0e78fe679c83de3615d528e94c8349

SHA1
cba3ea57dff18be49b4e7a06877bbe7df4f9b526

SHA256
10251657ccbf320a64f1459df0958dde2b795d074dfdf56e163559691440267b

SHA512
e4fe351eacd447070eb6457f945aa330c56e7a04ded5b5ce2562827ef15d7cce6b566d0d64759c457089868e5a66ab0b68e18859d63d574efbe58a9de4979bec

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\custom.png

Filesize
2KB

MD5
90e44c76898901d97ef4e1e977703db8

SHA1
ee4033ab335b591b3e348513439ace26df79491e

SHA256
9cf42314009a3c6f921906a687c2fc0e188148596589eda6aff55d2e2fa4b8a4

SHA512
1b5160696a139f22d68c379f44747003e290efdfafe3b46284ce23ab8ff0087952a4226ba500765dfcfd152a209d017130485f8d7ed07903b04cc892f2797ccc

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\delete_icon.png

Filesize
327B

MD5
401e09c16308cec53665b47cfec88d04

SHA1
9f74de57ba786221cbcd9219199c769754103ff2

SHA256
428007be308e2ede2e18d5533fd1e7dcef22956972c5a6a2061a816c3a9f24ea

SHA512
51a81aeb8f2a906ccb8a15cc6341d790d2dacf08ce078f14de2c30e931c1463a6b05bfe0fb86e1401188923f15c64cc5cac9b4c43b5fe382ef4f625ab5bec9f4

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\error_icon.png

Filesize
1KB

MD5
dab2c4538a83422b5deae0e0de9b7a30

SHA1
78c2ab2271aa4020df1e0289bc3c1ba9a43fd424

SHA256
666ad4fe456216ddc06618967846ed31f81d8db5be97da6531842c0667352b89

SHA512
24cb30a68ce117ba16edd1e94c7d066343eb265c874cd55467db2f913c01b9d776b2ad846e3414cd820c0ba10d93f132aea27739d16165b6e9dd5fbc8890bfdc

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\exit_close_hover.png

Filesize
447B

MD5
811b8372e36c83b5afa8881cfefe1693

SHA1
dd30b446490a9db7e9089816ba92560c4a76b12f

SHA256
5674b440c16fd138d6a5b9bee0adf1399bdea98e15c3fec32cb90b6be3487748

SHA512
f7d5cc6b97ddd98035ee023a2736b45e3de5e77f42f97132f9d4585d03203338c2f625f6016294a747ba3f98e6e2c2b79711b9b2c8851be0bb7db8479e6734a5

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\expand_hover.png

Filesize
408B

MD5
9a792a44d59738e73eb43cb8090da07a

SHA1
8e52d33293856d25ef412cd151b646f8dd4c3adb

SHA256
13c1f6191a0dc09ae3d664d6db525ad2b5c2fbe908b9ac6893fd4ec8a6d47ce7

SHA512
85bd62ba7044e438f678cb1a2d81e1d622c27e89a16a1c5bb90a5c51884b524bf1004245d6398178e375ea9d4db946f7de158b1ebcf6811a8d9989121bfb11c7

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\installer_bg.png

Filesize
1007KB

MD5
064a1abdbf6c2aa9352620bc16cf2bc9

SHA1
338cbc0c011b0d3cc53745cb7d6da7cf209ce3a7

SHA256
cba3403a2c24529d2da717d0b3f31f5bfa5932f2c81e58377239dcfc326023ec

SHA512
6d8da564e0bb574b1ede3d937bcc1305e7eb9cb7a3fa25ee4a6c257bf72b8ff1ca1d77d1a304bf234ee4da5539b03c101706a57f8192efab8dcccefcc780ade7

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\installer_logo.png

Filesize
5KB

MD5
da9d74ff48f1af973fc5ab46fca8a7c9

SHA1
6a5caa94a8f4876896b8426c2a6456fea148c930

SHA256
9f46c6598f0d72b22cbc3ea16d9157113af3ec66feef8fe32a700e129622556e

SHA512
15f153d6b55eb6941605812c053c7d886a15257281250fb9fddab1ec8fe932fc9325e6e651f2ea01602ecfd901dfa91516d9f05056bbf399e7c0fd408b4e7a39

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\installer_minimize.png

Filesize
113B

MD5
38b539a1e4229738e5c196eedb4eb225

SHA1
f027b08dce77c47aaed75a28a2fce218ff8c936c

SHA256
a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2

SHA512
2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\macro_delete_hover.png

Filesize
332B

MD5
c6baed75b85d538498c0c5b6a8b6ccb3

SHA1
a8bda4785bd9bfe0f19fe3123af93b0ebebbfe97

SHA256
f1e184b859ed98e24bc88afc22dd34056f227b5e4bb89d020243f4d0b89c0f1c

SHA512
7cc2685903e1366201771c46a0459a4f041be6a986928f7147ec351541d53d4881da2ebc81459095f9412e2ce7abbd2c39259d7894c448396ad6d86fab735593

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\new_hover.png

Filesize
231B

MD5
b6a41a0a4749aa39a636799b4ef6fd80

SHA1
5a12435c76d064dabed61c8e637f794f1ff7e3e9

SHA256
9810a9b84034e55ce699fd199bbd5ac7577f6f00c6d31e75587827f6d4ef1f3a

SHA512
d7679841679488c4e9fbd2bf19f5b221eed876f8af3dda5b4dec2cd380a6fc06f9b4327287dde536002d1cf0e8edfff1137c382b6dd0ea1f75989bd0b3902a72

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\play_title_bar.png

Filesize
426B

MD5
8e5aa751addb481df985d4f825a7aa51

SHA1
56e0c64dc343c8d2c345be4db3eaadafbf90c5ac

SHA256
629f979db00cffa4db1e09b2e75ec28b493c534218759a6be0c0777239887540

SHA512
bb6b2609b3fd689e466e834a39675f77f248b3a67c011eaed58c28ff8d929c3e36bf264d728255fe0c01c735ec0d3707a99212d40a11b573558104a3d434f9e6

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\radio_unselected_hover.png

Filesize
480B

MD5
22efccf38e15df945962ac85ac3aa3b7

SHA1
b94a8615dc92982e1637680446896080f97c2564

SHA256
0ec39ed4bf89a341f1b5aea56d0e99ff5c923b9c3a6a81adeb9ff21764136f92

SHA512
41a4dbb57abed1a16aa84c72c202da461ca45cbaf68f69a10cb3e5529e8dff659e89f7f4459d1e2e8f3549c6fd51f23fc8422f86667577ebed5ab5df149c79ee

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\setpath.png

Filesize
1KB

MD5
792030dca3b0909ffee43aac725bcdb4

SHA1
23a9313a71cca8cf8700067c63eb34add96539f2

SHA256
a3976ea8aae85ae9c1857b539f4a4bd12b8d2b0c54b7a1efad985e9525134d6e

SHA512
861cf7438dcd08f4a39e6d1fc4eac0c6d1b2a4bfd724aca4dbbc66f42f5a1f998ef86d12813ba0bae4537fdb62c02d5dd10f24da71498d89867d7512bd929927

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\stop_recording.png

Filesize
255B

MD5
b04a33e0f839e242a8f19ff8c8b4739c

SHA1
b8eeec5ecaed1e0277df0f7c3cc20553fbeb50c0

SHA256
57a4ffdeaa6823c3d8f16faa5ec4730c28e3d9ff9c210f17acd23a6e8fd66198

SHA512
b4354506ad42583e49d57caaa75014f47e1ef25ec0c51ec6bd6f0a6cee3404f0f3ac9d850a1e123d8361df7417d9feb31bcb14a9dedfe84b4a97a81c8bca1e60

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\stop_title_bar_hover.png

Filesize
243B

MD5
358e8660f22df5d09f1e95783ed954fa

SHA1
bf648ef342afef644d0e1853f41765ce1a440ca8

SHA256
d2166287318755817648cf3bdbef4036034a7ffe6ae3233a59a39eb238ae0245

SHA512
e78905af44a5a418d11101d69df6a3602d261130f8b6b89c046fbeb52f3d1e2c3fc9140a4b8862708523cd48fa6c266e0bf3552ea1163b68dc08fd56750d5faf

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\suggested_icon_border_hover.png

Filesize
2KB

MD5
c0220fe8de167d5ed194508305051aa3

SHA1
e0da276affd90c1c8ada0ab3a77ee7510f41b9a8

SHA256
30672ccefed0369381ef3044e9e509515e95e336a1eddbcd8df41e6df1e75c1c

SHA512
504fcba3172b59217ba72d436c2a9acc280f9f983b3c6025d02fb7d6822e14f7b4f51968450eac8a55c7ae7aba4cca32d328883f3a40278d54b9227b41d4ff40

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\sync_titlebar_icon.png

Filesize
858B

MD5
489a3e37a23b36c1342a0225820295a3

SHA1
c0df77a0cfb9591ff73e126abba422f1279434ad

SHA256
102058b5560d0b1d3d7628ad89b5fbfa07905b8e1cbda142ca674482ff44eaa9

SHA512
479dc1b7f48c263708d33c31b068ae6f78cb7a15cf98a03f936b23a4efabb7e2c21a26c538bf7b4253c936b6e265c0c0381d8ae8a9348a800c34ce1224a95a92

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\unchecked_gray.png

Filesize
1KB

MD5
05817ab545de25e5afb10585e42342f5

SHA1
f852d8b3076942c41d0596f009babc7c9ebd1369

SHA256
26e0c21c7c26254e989e34af8a3e773ffa746a01142fadda6a5f634afea8dc23

SHA512
de1bc2a60840aca502b9d741cc7f382b283f40d65dadb375522200d4e6b6aceebd807d336f544a2385aac99de715ae239aa623ddf60e8fb43514ec7d65cc6bdf

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\volume_switch_on_max.png

Filesize
1KB

MD5
7079ce677003a2609651623ffc395a3a

SHA1
a8c172ec2d96eab53f6375839d14ee9a6b9c5d13

SHA256
ca51bda8932f92a18e16fb8034f1caa5b45c8170f44cc221fccb4d53a93263c7

SHA512
95d52c1050a201f103b1d57d6a6f01b6d7fe70042d9d07cd38b5241c841e17ea883feffa5ae166331aafd14f9ff42ae4bc610edebd152aa2eeffa2480450e8fc

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Assets\zoom_canvas.png

Filesize
25KB

MD5
422ea917894608edd7e04e4b1c48e1cc

SHA1
8b11143856348fde0b0944083040881463e8b1e9

SHA256
a3de7fc3bb3120c169ce97258a5e1088e169b6d039e5de69f1dfae1a278987a5

SHA512
bd5fd40315b321f2ae2fe4782b1155e75d7ae38d2497e72798a1a18873dcc00c6e6741e74ade787bbce967aaf7b0e8a42821cb124980dfc2fdba99eb08aa39b3

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\BlueStacksInstaller.exe

Filesize
526KB

MD5
1656e6260495b9cefbfc9fedbe9e7a5b

SHA1
ea721a4747238f43ebf38c31c3465fa9035f5c23

SHA256
950823f14be657d36f272f49707f376276ce75d69adbc5f3214fa51806a7d682

SHA512
f0a56130e82dfaef6f213c50534b22186866bdc15bbdac73eac20393a523f1310f06096f4188dd510dcdb216d6716cff2df0cf7a936a7f11c4dd036d35a590ab

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\BlueStacksInstaller.exe.config

Filesize
392B

MD5
ca0a329097316832e4a6ea5d870c9268

SHA1
4a36b93361d3dc9df9b00313f2c2b394be9e1e72

SHA256
4b7df915d706af6459c38d75b09c5e14f951842ae0678078400f204ad1c7a7c2

SHA512
51f9a874e84f130be4fa29fcc4bc934105318234b5dd9ceedaf569e3f0e6b38e29f3bec056044724476ae24295a510b16d8a737b994fd6f1268609defa315271

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\CommonInstallUtils.zip

Filesize
6.3MB

MD5
31aa37d3943b39c88e36435a40c610ad

SHA1
4ba410c242e52bc585204ced218f2d7e5704d0ed

SHA256
aeb93de2ba447446285f17499092962bc822db07a55b7d0c3ffaaa0c87e046fe

SHA512
d00d3a538332ae586f1380dda312acea7f85c23d3a774e54b72a9a80af890e1210c86e284b022b071bec029999e7f1291a314dec4bd167434405f6662fed30cd

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-CheckCpu.exe

Filesize
133KB

MD5
fe2bd5b8dacbb0e6509ab71640979a12

SHA1
1ca2c7713c0dc75e0fb071d068e7f898a5c90085

SHA256
746aef1025c7cdf9eae0d9e55362d0230a8e877f0d6749ae39c53d730287eb36

SHA512
0cd4300a71af6489fa85ee4701d583cb73f1ffc41a850b4245b0c73a892000a754548c91e84c2cde01808c1913f4bfa0e7b2263da7af297163d11e7409d2a832

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-Common.dll

Filesize
2.0MB

MD5
dd8524f83c4d68d573bae2f7eb00371a

SHA1
8cfd70dc1f900899c633c0a72dcdeb029aafb197

SHA256
6c978566e20ac50f90c3d8b663a62dac56738feda2aae9a745797f2acd30b713

SHA512
0c7b8c6e5ca35bee23cc2162484c6e1ba01357819c0a61b41186bbf1fffafe344f00bf04d8be6e430ff9f1aa1e97c5e6ee26ca0077a69019251d33d579562953

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-ForceGPU.exe

Filesize
152KB

MD5
9adcad57be2aaf64ec94b836a80ee655

SHA1
056c0206cef3fc209d5431bb5a7e8adfaa4b49da

SHA256
4f163c738aedf878804c04fce6b52d7881453a6519486eb6d97f4c2c89e815b7

SHA512
d8515e7b17a80f2c1e22835c06ca7d73b371faa2b9c222a66ef7c3b705a755ff425e6b4e39d563d129acb1694990231d7c9ff9fde2b0d65823dcfba22c54abd3

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-GLCheck.exe

Filesize
562KB

MD5
f8e8672b9b770e9baadde184f8a63291

SHA1
0404cce1bf8021fc50203870247154308ef53254

SHA256
39f6ea4e6e76fa3dc3a1ba3bcabb21e742a281d44f63e71837d01670c5a3764c

SHA512
5805f2d1d91826e5ceea85b9dc22caa222d22fc2321fda664b9187a315ffeff18c4793c5a3e6d0a434ccdcd0c6927c8bc77fedd9dff3441847fbef15d0070d58

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-Handle.exe

Filesize
407KB

MD5
b2347b57ae73d52ee509d2037bf10f83

SHA1
7d3d45d2995e1520d7c93ebf5aef7c799e2800ca

SHA256
5d9c352b0544df6502da7d24d704765e63251adc9c19c0d293edd4450d5f6204

SHA512
adda7b69ba17bf85f06fb1cc665f2bb4aea0b6144875a505f07304d99f8cfd88549c152b60d8f81cf5e418651f1e8fb28af5638a4316da110fc6c6037d5cf53e

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\HD-Opengl-Native.dll

Filesize
2.3MB

MD5
5946f4e55878114c480786820b59388f

SHA1
bee6bf87c9d28c3856b4ca046fa133e3b6395b18

SHA256
42d1eb056c4b10a524b5fa8a8ee88760d4353a7688689b7058ed5bd65d42621a

SHA512
e802c4344b72d567f6dc259a1f8789f33149b0aa54d3ddfd5a1eb425285a91b44405fcb5242ef1dbb0fe1b7d51b3965df426c72f1b5f0c7a0f3d95e4199b5586

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Locales\i18n.en-US.txt

Filesize
165KB

MD5
4bc491031f8f06e3afb1cc50001529f7

SHA1
506214f1fe6714b514b52b11fe3099e7796a4fdc

SHA256
28438df22bdbf9041cd0f5f5bf799413e20c1fe984121c067aad9196a04987d6

SHA512
48618daae5104c56675d48db5a77eae98a3a6b3b00f334ea99fe2c2ae0cae4d4c4385c5051882598562caebb70cf28f11a741d0f935f430d0c4f009367acd0ca

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Newtonsoft.Json.dll

Filesize
493KB

MD5
2c9eb13d796a6b6de091c3e6a9652171

SHA1
411821701c1ad743fc29bda68adbb356b1888128

SHA256
bc832d11cc768586335e225aa5360ee629dcdfdc5f04ab28c06a82aa56dd29f2

SHA512
c4eb94191efec2085d18ac7b6d5135199ddb9c5114010ab3f6847fc94e28dfdb63ed8c2e2ea056c27c0b2375c4d9d57c29eb09213822f3b395d7b4108ea51414

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\Oem.cfg

Filesize
816B

MD5
e28c53401ec95bc9b75f43ae0dcddf96

SHA1
cf11b03a25c5ce082f24f8832beca3994a501720

SHA256
8d5d794dcc24bf8535fded17a82b8dad7396c327fae176387b5f43a4db1d5988

SHA512
cd314ab721e57411ffcfdf0bf3678818a8590694a1be55e6dd7d0b5f6ec19908c7a034dc82f9a802d3e44a12af34ef8f8cbae68cc8b293d95a588bb92be7df31

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\ThemeFile

Filesize
82KB

MD5
9f02f36f10385fa28bdd5c4ffd533037

SHA1
be95879342af41dfa9f448ee8de561faaa613904

SHA256
2850e552e68c8288e5485aa5316f99535c61b4b94f40cac22d7a2e068502a25e

SHA512
94f9143268050664573d968fceba911ca48e255b25245f99cc6cab911b5a67084de275a6965b4e82153d419757bdc68158bb8603a4b437ebec85f15dada412c2

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\d3dcompiler_47.dll

Filesize
4.0MB

MD5
898b3b792574a266c0f60a87244deac5

SHA1
af5f4d815d21f2272ce64a7b414086a6e7eb599a

SHA256
6bf1b5cd6cf5316493a2419ea7ecff44de39c71f226cb1b0dbe18e940f3bc988

SHA512
e1ae86e56a1e6f7d0b00d33667e01afea6b1a65013f9247a2a48ed118a31ed01ab1c51881c246378bcd58e6584143d7b81806783cef96c6251a23ca4049cecfb

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\libEGL.dll

Filesize
402KB

MD5
948eb249b23a9487d15fab236e4a2805

SHA1
ab7db3e961f007b5b242ce01f8183e197c78a571

SHA256
78dbd96e1b2b105030fb50457c1d720d1373558428c980960b4e3b88105ed2af

SHA512
1510001a8c4e3875dff0b16a77028b35d9c3491c7b52046c0094253165266246d7531c538023a99d57999b41f228175423220acaed9fab1c1857b067c1577782

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\libEGL_translator.dll

Filesize
2.4MB

MD5
4187381a6cac6dd742c7274ef82e8413

SHA1
78b598b944e0e5e2efd5adda7be02df9014b317e

SHA256
f2735ea384df120efd4cdea355f524afb6e813fcb12a14899cd5c06ea6ea4ee4

SHA512
976ca93dcec3bfaa3ae7b2dc7f876a0b0a6a7a07ff2085e504a251bd68f55f0872fa164b6364dd145a6a4fd58090237f0ce191c9db9d567b37690ae5aa8069e3

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\libGLES_CM_translator.dll

Filesize
2.4MB

MD5
b9f3e997d6412579de03306baa532002

SHA1
6c5725525a1f0ee7d77e5cfe51dbd204a64c1325

SHA256
f270f06adcb917e427278d76dd6d8dd2c50eb0c91be2069dfc0ea819a1308ec6

SHA512
5371beef90749ba6d3daa9a95bde0591472e93717556e35b523e58e278ff6b4af16d75c6be71a50c94e2e43cdb32ddeb89dce3cdb4aa0736cbb609ab4f6a810a

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\libGLES_V2_translator.dll

Filesize
4.0MB

MD5
61bdf3e76040b268f3e8da0910934084

SHA1
9d9c0b15531ce8bcaad4c88bd66cca26ad296d83

SHA256
0e0425c98d9ac8e08f9d138db9f2a1bd6e4a5f9bbb456ef3cb029a9ea92ebaf2

SHA512
61a854407f43dbfb7b7ecd0378e9bbceb01c4958db8503228920d07c0a5ae0d26fe28d002e9cfb0566ec8661d807cce85ba7c91094f69ff9b0aa223f4c37bb40

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\libGLESv2.dll

Filesize
4.0MB

MD5
c9c69793844aeb22784321c3458b33dd

SHA1
8d900d6238c61b129db9288a71464c54295bff77

SHA256
7fe01a2b5c197c4604f37dcaef9cb5136b3a2e05cdec60ba06e3d664c58bf1c8

SHA512
35a3cf14c7c4942073b12e903709410fbb12cb65a160dabd1a14e1641b78c3ed144e5b2d159e2f73a9ef6820f16ba476540bc6689d16cd381f4c0b665d2c5e92

Download Submit
C:\Users\Admin\Downloads\E4VX EMULATOR\бс 4.240\libOpenglRender.dll

Filesize
2.7MB

MD5
fb49f63299c83d40aa06e1741e71bd36

SHA1
4248d0a40087d4667bf050b5cfa313f294be37b9

SHA256
7179b0b83a19b195d89b5131ce64640818a47d1eeddb35a87ab8ddfd9d109d39

SHA512
be1bc4f7f69f8608f6e1fc2964357c094490d94c4bc3da4921ec7240d9e7dbcab621d14420795730e845b417e40ee59443d0dae470ebefdf2f36c916b86d4ec2

Download Submit
memory/228-8751-0x0000000000F30000-0x0000000000F8E000-memory.dmp

Filesize
376KB

Download
memory/872-8717-0x0000000000820000-0x00000000008A2000-memory.dmp

Filesize
520KB

Download
memory/1456-9119-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/1516-9114-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/1868-9120-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/2248-9088-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/2528-9144-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/3076-8718-0x0000000000420000-0x0000000000496000-memory.dmp

Filesize
472KB

Download
memory/3440-8713-0x000000001C520000-0x000000001C56C000-memory.dmp

Filesize
304KB

Download
memory/3440-8711-0x0000000000A30000-0x0000000000AD6000-memory.dmp

Filesize
664KB

Download
memory/3440-8712-0x000000001BC50000-0x000000001BC6C000-memory.dmp

Filesize
112KB

Download
memory/3440-8716-0x000000001E500000-0x000000001E580000-memory.dmp

Filesize
512KB

Download
memory/3440-8725-0x0000000067D80000-0x0000000067E8A000-memory.dmp

Filesize
1.0MB

Download
memory/3644-9090-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/3688-8731-0x00000252273B0000-0x00000252273B1000-memory.dmp

Filesize
4KB

Download
memory/3688-8735-0x00000252273B0000-0x00000252273B1000-memory.dmp

Filesize
4KB

Download
memory/3688-8741-0x00000252273B0000-0x00000252273B1000-memory.dmp

Filesize
4KB

Download
memory/3688-8737-0x00000252273B0000-0x00000252273B1000-memory.dmp

Filesize
4KB

Download
memory/3688-8740-0x00000252273B0000-0x00000252273B1000-memory.dmp

Filesize
4KB

Download
memory/3688-8736-0x00000252273B0000-0x00000252273B1000-memory.dmp

Filesize
4KB

Download
memory/3688-8730-0x00000252273B0000-0x00000252273B1000-memory.dmp

Filesize
4KB

Download
memory/3688-8729-0x00000252273B0000-0x00000252273B1000-memory.dmp

Filesize
4KB

Download
memory/3688-8738-0x00000252273B0000-0x00000252273B1000-memory.dmp

Filesize
4KB

Download
memory/3688-8739-0x00000252273B0000-0x00000252273B1000-memory.dmp

Filesize
4KB

Download
memory/3800-8702-0x00000000007E0000-0x00000000007EA000-memory.dmp

Filesize
40KB

Download
memory/3840-9115-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/3924-9091-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/3968-8765-0x00000000226B0000-0x00000000226C2000-memory.dmp

Filesize
72KB

Download
memory/3968-8759-0x0000000000FE0000-0x0000000001584000-memory.dmp

Filesize
5.6MB

Download
memory/3968-8764-0x00000000222A0000-0x00000000222B6000-memory.dmp

Filesize
88KB

Download
memory/3968-8760-0x000000001D0C0000-0x000000001D176000-memory.dmp

Filesize
728KB

Download
memory/4072-9079-0x0000000067D80000-0x0000000067E8A000-memory.dmp

Filesize
1.0MB

Download
memory/4332-9118-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/4412-9087-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/4428-9116-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/4744-2616-0x00000000203B0000-0x00000000203B8000-memory.dmp

Filesize
32KB

Download
memory/4744-2617-0x00000000207A0000-0x00000000207C2000-memory.dmp

Filesize
136KB

Download
memory/4744-2478-0x000000001BC00000-0x000000001BE04000-memory.dmp

Filesize
2.0MB

Download
memory/4744-2476-0x0000000000D90000-0x0000000000E18000-memory.dmp

Filesize
544KB

Download
memory/4744-2492-0x000000001ED70000-0x000000001ED78000-memory.dmp

Filesize
32KB

Download
memory/4744-2506-0x00000000212C0000-0x00000000217E8000-memory.dmp

Filesize
5.2MB

Download
memory/4744-2496-0x0000000020250000-0x00000000202D0000-memory.dmp

Filesize
512KB

Download
memory/4744-2494-0x000000001EDC0000-0x000000001EDCE000-memory.dmp

Filesize
56KB

Download
memory/4744-2493-0x0000000020190000-0x00000000201C8000-memory.dmp

Filesize
224KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads