hxxps://drive[.]google[.]com/file/d/1stsE-WdC8begSzZ2DIf3mKcKCLPPEuuX/view

Analysis

max time kernel
506s
max time network
510s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
12-08-2024 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1stsE-WdC8begSzZ2DIf3mKcKCLPPEuuX/view

Score

8^/10

discovery evasion persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file

Modifies Windows Firewall 2 TTPs 2 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
296	netsh.exe
4408	netsh.exe

.NET Reactor proctector 3 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/files/0x000700000001ac89-378.dat	net_reactor
behavioral1/memory/1304-379-0x000000001BAD0000-0x000000001BCE2000-memory.dmp	net_reactor
behavioral1/memory/4672-6820-0x0000000000C00000-0x0000000000F7A000-memory.dmp	net_reactor

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 47 IoCs

pid	Process
1304	BlueStacksInstaller.exe
3460	7zr.exe
1776	BlueStacksInstaller.exe
1468	7zr.exe
1600	HD-ForceGPU.exe
3376	HD-GLCheck.exe
4344	HD-GLCheck.exe
1072	HD-GLCheck.exe
1108	HD-CheckCpu.exe
2068	HD-GLCheck.exe
3888	HD-GLCheck.exe
3520	HD-GLCheck.exe
784	HD-GLCheck.exe
4116	7zr.exe
4520	HD-GLCheck.exe
2996	HD-GLCheck.exe
2592	HD-GLCheck.exe
4760	7zr.exe
3796	7zr.exe
4304	HD-ComRegistrar.exe
4904	HD-ComRegistrar.exe
3300	HD-Player.exe
1400	BstkSVC.exe
4972	HD-Agent.exe
3800	HD-LogCollector.exe
2284	HD-Quit.exe
4672	Bluestacks.exe
1964	HD-Player.exe
984	HD-Agent.exe
4828	Bluestacks.exe
96	HD-LogCollector.exe
1920	HD-Player.exe
3376	HD-Adb.exe
1756	HD-Agent.exe
3568	HD-LogCollector.exe
368	HD-Adb.exe
2952	HD-Adb.exe
3356	HD-Adb.exe
4072	HD-Adb.exe
1164	HD-Adb.exe
4996	HD-Adb.exe
1112	HD-Adb.exe
1964	HD-Adb.exe
780	HD-Adb.exe
4896	HD-Adb.exe
4784	HD-Quit.exe
1956	7zr.exe

Loads dropped DLL 64 IoCs

pid	Process
1304	BlueStacksInstaller.exe
1776	BlueStacksInstaller.exe
3376	HD-GLCheck.exe
4344	HD-GLCheck.exe
4344	HD-GLCheck.exe
4344	HD-GLCheck.exe
4344	HD-GLCheck.exe
4344	HD-GLCheck.exe
1072	HD-GLCheck.exe
1072	HD-GLCheck.exe
1072	HD-GLCheck.exe
1072	HD-GLCheck.exe
1776	BlueStacksInstaller.exe
2068	HD-GLCheck.exe
3888	HD-GLCheck.exe
3888	HD-GLCheck.exe
3888	HD-GLCheck.exe
3888	HD-GLCheck.exe
3520	HD-GLCheck.exe
3520	HD-GLCheck.exe
3520	HD-GLCheck.exe
3520	HD-GLCheck.exe
3520	HD-GLCheck.exe
784	HD-GLCheck.exe
784	HD-GLCheck.exe
784	HD-GLCheck.exe
784	HD-GLCheck.exe
784	HD-GLCheck.exe
784	HD-GLCheck.exe
784	HD-GLCheck.exe
4520	HD-GLCheck.exe
4520	HD-GLCheck.exe
4520	HD-GLCheck.exe
4520	HD-GLCheck.exe
2996	HD-GLCheck.exe
2996	HD-GLCheck.exe
2996	HD-GLCheck.exe
2996	HD-GLCheck.exe
2592	HD-GLCheck.exe
4304	HD-ComRegistrar.exe
4304	HD-ComRegistrar.exe
4304	HD-ComRegistrar.exe
4304	HD-ComRegistrar.exe
4904	HD-ComRegistrar.exe
4904	HD-ComRegistrar.exe
4904	HD-ComRegistrar.exe
4904	HD-ComRegistrar.exe
3300	HD-Player.exe
3300	HD-Player.exe
3300	HD-Player.exe
3300	HD-Player.exe
3300	HD-Player.exe
3300	HD-Player.exe
3300	HD-Player.exe
3300	HD-Player.exe
3300	HD-Player.exe
1400	BstkSVC.exe
1400	BstkSVC.exe
1400	BstkSVC.exe
1400	BstkSVC.exe
3300	HD-Player.exe
3300	HD-Player.exe
3300	HD-Player.exe
3300	HD-Player.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
4	drive.google.com
5	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\BlueStacks\DiscordRPC.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-CheckCpu.exe	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-RunApp.exe	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-XapkHandler.exe.config	7zr.exe
File created	C:\Program Files\BlueStacks\Assets\ProductLogo.png	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\BstkDD2RC.rc	7zr.exe
File created	C:\Program Files\BlueStacks\BstkDDR0.r0	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\BstkDrv_bgp.sys	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\ssleay32.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\libeay32.dll	7zr.exe
File created	C:\Program Files\BlueStacks\loadingCircles.gif	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\Vanara.Core.dll	7zr.exe
File created	C:\Program Files\BlueStacks\Xilium.CefGlue.dll	7zr.exe
File created	C:\Program Files\BlueStacks\Assets\installer_minimize.png	7zr.exe
File created	C:\Program Files\BlueStacks\BstkVMM.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-LogCollector.exe.config	7zr.exe
File created	C:\Program Files\BlueStacks\HD-Quit.exe.config	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-VMCommand.dll	7zr.exe
File created	C:\Program Files\BlueStacks\libGLES_CM_translator.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\SlimDX.dll	7zr.exe
File created	C:\Program Files\BlueStacks\Assets\exit_close_hover.png	7zr.exe
File created	C:\Program Files\BlueStacks\BstkC.dll	7zr.exe
File created	C:\Program Files\BlueStacks\HD-Imap-Native.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-Plus-Service-Native.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\Theraot.Core.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\Xilium.CefGlue.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\debug.log	Bluestacks.exe
File opened for modification	C:\Program Files\BlueStacks\Assets\installer_bg_blurred.png	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\Assets\minimize_progress_click.png	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\Assets\powered_by_bs.png	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-QuitMultiInstall.exe	7zr.exe
File created	C:\Program Files\BlueStacks\HD-Player.exe.config	7zr.exe
File created	C:\Program Files\BlueStacks\LICENSE.txt	7zr.exe
File created	C:\Program Files\BlueStacks\SlimDX.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\Assets\installer_minimize_hover.png	7zr.exe
File created	C:\Program Files\BlueStacks\Assets\setpath_click.png	7zr.exe
File created	C:\Program Files\BlueStacks\Bluestacks.exe	7zr.exe
File created	C:\Program Files\BlueStacks\DiskCompactionTool.exe.config	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\BstkRT.lib	7zr.exe
File created	C:\Program Files\BlueStacks\ssleay32.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\AdbWinApi.dll	7zr.exe
File created	C:\Program Files\BlueStacks\Assets\installer_logo.png	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\Assets\ProductLogo.ico	7zr.exe
File created	C:\Program Files\BlueStacks\BstkREM.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-PgaSocketHgcm.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\Newtonsoft.Json.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\Bluestacks.exe.config	7zr.exe
File created	C:\Program Files\BlueStacks\BstkTypeLib.dll	7zr.exe
File created	C:\Program Files\BlueStacks\HD-Agent.exe	7zr.exe
File created	C:\Program Files\BlueStacks\HD-Frontend-Native.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-Quit.exe.config	7zr.exe
File created	C:\Program Files\BlueStacks\Bluestacks.exe.config	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\BlueStacks.ico	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\fr\Vanara.Core.resources.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-GuestCommandRunner.exe.config	7zr.exe
File created	C:\Program Files\BlueStacks\Assets\checked_gray_hover.png	7zr.exe
File created	C:\Program Files\BlueStacks\HD-Audio-Native.dll	7zr.exe
File created	C:\Program Files\BlueStacks\HD-DataManager.exe.config	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\ProductLogo.png	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\Assets\exit_close_hover.png	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\BstkSharedFolders.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\HD-MultiInstanceManager.exe.lastcodeanalysissucceeded	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\libOpenglRender.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks\BstkREM.dll	7zr.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 64 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-CheckCpu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-Adb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-Adb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-Adb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-Adb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 2 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
2436	netstat.exe
1004	ipconfig.exe

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
4132	SystemInfo.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133679486311568629"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{63F0474E-76E0-4FD0-8F5E-483912E18310}	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FFEF2385-7F42-4D20-90FE-803475EDC507}\ = "IVRDEServerInfoChangedEvent"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{75511A1F-3B66-482C-AC2C-CAB8F9216DB1}\NumMethods	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{635D8F36-E3B7-4EDB-8B78-3A983486BD69}\ProxyStubClsid32\ = "{A620F37C-CC62-4102-9404-43B0E6612AF1}"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDF5BE6B-6B7F-440F-A570-9969991BF5E1}\NumMethods\ = "14"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{09D1B1E8-F476-49E2-B7B0-6BAED7A86CF5}\ProxyStubClsid32\ = "{A620F37C-CC62-4102-9404-43B0E6612AF1}"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{34CB7B95-3F83-4B21-B84E-A990B6A9A164}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{04A1C743-61CF-4B6E-A1E5-6281604C7B4C}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4D1E4B26-9ECE-4222-97CE-156A9C5AAB99}\NumMethods	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6C9C616A-3654-4E9B-B428-22228F806B17}\NumMethods	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3490ABA0-2B4C-4EDE-B445-AA02F7357FAC}	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{57E84312-88E0-42F2-AF56-B5FABC4417BD}\ = "ISessionStateChangedEvent"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CA5F712-2604-4FB9-A9DD-A1312A40D6C7}\NumMethods\ = "18"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8058647D-1383-4719-87A4-819DB9C4D744}\NumMethods\ = "13"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{73250BA8-36BE-4612-B7D9-FBE329A1421A}\ProxyStubClsid32	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ACED04B8-AACF-425E-9A02-74FD278E381B}\NumMethods\ = "27"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{610F8DD9-AC9A-44B4-9998-B7A8AE18E537}\NumMethods\ = "35"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5F7FCF7-4589-44DE-97BC-48DF0C795265}\ = "IMedium"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FA27DEA5-2E10-44B4-AEAA-16740513ED0C}\ = "IKeyboard"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{635D8F36-E3B7-4EDB-8B78-3A983486BD69}\ = "IMediumChangedEvent"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{892E8B06-4FB9-4CD1-88D6-2C59F046AB1A}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EBFEFCBA-9836-4269-BDF6-B75A2C8F9F12}	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8F375908-8521-483E-9A6B-EF21D2E835F2}\NumMethods\ = "17"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BC28A9E7-D12F-4C3F-9960-E41F4D8CA986}\ = "IAdditionsFacility"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C49FDD19-A583-4C7F-BB53-AE078192598A}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9C9937AE-0381-477C-926C-6E8267FE9143}	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D1AE1BF9-D10F-40CD-A4CA-DD909AF87E3C}\ = "IMediumConfigChangedEvent"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{298CC987-FCAF-4D67-A052-38804E768AE6}\NumMethods\ = "13"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient.1\ = "VirtualBoxClient Class"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{386C77A9-CC7A-477C-ABCE-08DCB4D29F07}	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4458EFA8-87C7-476D-A828-5329FF859DE8}\ = "IMachineDebugger"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{72435155-02C8-4065-948C-32D857DA53F4}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FFEF2385-7F42-4D20-90FE-803475EDC507}\ProxyStubClsid32	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FA27DEA5-2E10-44B4-AEAA-16740513ED0C}\NumMethods	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837286CC-5A8D-4017-9086-658E053CBBB3}\NumMethods	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32\ = "C:\\Windows\\system32\\oleaut32.dll"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDC7BA22-6CDC-44D8-A63B-FB4B2DFC3434}	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AEA04668-9BCD-46C3-B0E0-83F20F95FA88}\ = "IExtPackManager"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F939F90B-8757-4B1D-AE7E-84BF7C7E482F}	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B2E04C59-5B1A-42DB-8BAC-FC3BD699E1F0}\ = "IMediumRegisteredEvent"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F2C8B789-B633-4630-BEBB-A924AA55003E}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3C602D33-8CEA-43AF-9544-F4B0075664A8}\NumMethods	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2A16679-04BB-4C50-AC78-2E01EF3DE6CA}\NumMethods\ = "30"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B01C298-0706-49EC-98E7-91A62B28C938}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksGP\DefaultIcon	BlueStacksInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C49FDD19-A583-4C7F-BB53-AE078192598A}\ = "IGuestDirectory"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{610F8DD9-AC9A-44B4-9998-B7A8AE18E537}\ = "IGuestFile"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2AD896E-D44A-45D3-8F2A-4198BC9AC850}\ = "IMouseCapabilityChangedEvent"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{600156D0-3789-4E53-BF0C-6BE31A784D43}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D304CDC1-52AD-48D0-BF7A-2BF437FC8E00}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{525EC237-D71B-47E7-AF4B-11C625E83E74}\NumMethods	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AEA04668-9BCD-46C3-B0E0-83F20F95FA88}\NumMethods\ = "17"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{189A81BE-8527-4991-A75D-47BDBC399C60}\ = "ISession"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4D1E4B26-9ECE-4222-97CE-156A9C5AAB99}\ = "IGuestProcessInputNotifyEvent"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4F076447-7440-4C98-9E4C-8E02D9E3A81E}\ProxyStubClsid32\ = "{A620F37C-CC62-4102-9404-43B0E6612AF1}"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BC28A9E7-D12F-4C3F-9960-E41F4D8CA986}\ProxyStubClsid32\ = "{A620F37C-CC62-4102-9404-43B0E6612AF1}"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{357DE5F9-D7B3-4533-94B2-C99753662EB9}\ProxyStubClsid32\ = "{A620F37C-CC62-4102-9404-43B0E6612AF1}"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{26d9f265-34d4-4792-a705-970e62380aba}\ProgId	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D1AE1BF9-D10F-40CD-A4CA-DD909AF87E3C}\ = "IMediumConfigChangedEvent"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34CB7B95-3F83-4B21-B84E-A990B6A9A164}\NumMethods\ = "36"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9C9937AE-0381-477C-926C-6E8267FE9143}\ProxyStubClsid32	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E5473E9E-AEE8-4FBA-ABC7-C5D5E92835BE}	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FFA0F30D-BF00-4E27-937D-04B0035C6B76}\ = "IClipboardModeChangedEvent"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{63F0474E-76E0-4FD0-8F5E-483912E18310}\ = "IGuestFileOffsetChangedEvent"	HD-ComRegistrar.exe

Runs net.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4972	HD-Agent.exe
984	HD-Agent.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4236	chrome.exe
4236	chrome.exe
1304	BlueStacksInstaller.exe
1776	BlueStacksInstaller.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2472	taskmgr.exe

Suspicious behavior: LoadsDriver 3 IoCs

pid	Process
620	Process not Found
620	Process not Found
620	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe
2472	taskmgr.exe

Suspicious use of SetWindowsHookEx 28 IoCs

pid	Process
3460	7zr.exe
1468	7zr.exe
3376	HD-GLCheck.exe
4344	HD-GLCheck.exe
1072	HD-GLCheck.exe
1072	HD-GLCheck.exe
2068	HD-GLCheck.exe
3888	HD-GLCheck.exe
3888	HD-GLCheck.exe
3520	HD-GLCheck.exe
784	HD-GLCheck.exe
4116	7zr.exe
4520	HD-GLCheck.exe
2996	HD-GLCheck.exe
2996	HD-GLCheck.exe
2592	HD-GLCheck.exe
4760	7zr.exe
3796	7zr.exe
3300	HD-Player.exe
3300	HD-Player.exe
3300	HD-Player.exe
1964	HD-Player.exe
1964	HD-Player.exe
1964	HD-Player.exe
4672	Bluestacks.exe
1920	HD-Player.exe
1920	HD-Player.exe
1920	HD-Player.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 3680	4836	chrome.exe	73
PID 4836 wrote to memory of 3680	4836	chrome.exe	73
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 1900	4836	chrome.exe	75
PID 4836 wrote to memory of 4004	4836	chrome.exe	76
PID 4836 wrote to memory of 4004	4836	chrome.exe	76
PID 4836 wrote to memory of 3804	4836	chrome.exe	77
PID 4836 wrote to memory of 3804	4836	chrome.exe	77
PID 4836 wrote to memory of 3804	4836	chrome.exe	77
PID 4836 wrote to memory of 3804	4836	chrome.exe	77
PID 4836 wrote to memory of 3804	4836	chrome.exe	77
PID 4836 wrote to memory of 3804	4836	chrome.exe	77
PID 4836 wrote to memory of 3804	4836	chrome.exe	77
PID 4836 wrote to memory of 3804	4836	chrome.exe	77
PID 4836 wrote to memory of 3804	4836	chrome.exe	77
PID 4836 wrote to memory of 3804	4836	chrome.exe	77
PID 4836 wrote to memory of 3804	4836	chrome.exe	77
PID 4836 wrote to memory of 3804	4836	chrome.exe	77
PID 4836 wrote to memory of 3804	4836	chrome.exe	77
PID 4836 wrote to memory of 3804	4836	chrome.exe	77
PID 4836 wrote to memory of 3804	4836	chrome.exe	77
PID 4836 wrote to memory of 3804	4836	chrome.exe	77
PID 4836 wrote to memory of 3804	4836	chrome.exe	77
PID 4836 wrote to memory of 3804	4836	chrome.exe	77
PID 4836 wrote to memory of 3804	4836	chrome.exe	77
PID 4836 wrote to memory of 3804	4836	chrome.exe	77
PID 4836 wrote to memory of 3804	4836	chrome.exe	77
PID 4836 wrote to memory of 3804	4836	chrome.exe	77

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1stsE-WdC8begSzZ2DIf3mKcKCLPPEuuX/view
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb6e5a9758,0x7ffb6e5a9768,0x7ffb6e5a9778
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1844,i,15862744578487700011,18309036815747499426,131072 /prefetch:2
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1844,i,15862744578487700011,18309036815747499426,131072 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1844,i,15862744578487700011,18309036815747499426,131072 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1844,i,15862744578487700011,18309036815747499426,131072 /prefetch:1
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1844,i,15862744578487700011,18309036815747499426,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4548 --field-trial-handle=1844,i,15862744578487700011,18309036815747499426,131072 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5064 --field-trial-handle=1844,i,15862744578487700011,18309036815747499426,131072 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 --field-trial-handle=1844,i,15862744578487700011,18309036815747499426,131072 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 --field-trial-handle=1844,i,15862744578487700011,18309036815747499426,131072 /prefetch:8
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3360 --field-trial-handle=1844,i,15862744578487700011,18309036815747499426,131072 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3036 --field-trial-handle=1844,i,15862744578487700011,18309036815747499426,131072 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 --field-trial-handle=1844,i,15862744578487700011,18309036815747499426,131072 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1844,i,15862744578487700011,18309036815747499426,131072 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5908 --field-trial-handle=1844,i,15862744578487700011,18309036815747499426,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3156 --field-trial-handle=1844,i,15862744578487700011,18309036815747499426,131072 /prefetch:8
  2⤵
  PID:3612

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4844

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4780

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Music\" -an -ai#7zMap19643:86:7zEvent18900
1⤵
PID:4424

C:\Users\Admin\Music\4.240.30.1002_e4v\BlueStacksInstaller.exe
"C:\Users\Admin\Music\4.240.30.1002_e4v\BlueStacksInstaller.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1304
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c dir "C:\Users\Admin\Music\4.240.30.1002_e4v\" /s
  2⤵
  PID:4216
- C:\Users\Admin\Music\4.240.30.1002_e4v\7zr.exe
  "C:\Users\Admin\Music\4.240.30.1002_e4v\7zr.exe" x "C:\Users\Admin\Music\4.240.30.1002_e4v\CommonInstallUtils.zip" -o"C:\Users\Admin\Music\4.240.30.1002_e4v\" -aoa
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3460

C:\Users\Admin\Music\4.240.30.1002_e4v\BlueStacksInstaller.exe
"C:\Users\Admin\Music\4.240.30.1002_e4v\BlueStacksInstaller.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1776
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c dir "C:\Users\Admin\Music\4.240.30.1002_e4v\" /s
  2⤵
  PID:2884
- C:\Users\Admin\Music\4.240.30.1002_e4v\7zr.exe
  "C:\Users\Admin\Music\4.240.30.1002_e4v\7zr.exe" x "C:\Users\Admin\Music\4.240.30.1002_e4v\CommonInstallUtils.zip" -o"C:\Users\Admin\Music\4.240.30.1002_e4v\" -aoa
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1468
- C:\Users\Admin\Music\4.240.30.1002_e4v\HD-ForceGPU.exe
  "C:\Users\Admin\Music\4.240.30.1002_e4v\HD-ForceGPU.exe" 1
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Users\Admin\Music\4.240.30.1002_e4v\HD-GLCheck.exe
  "C:\Users\Admin\Music\4.240.30.1002_e4v\HD-GLCheck.exe" 1 1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:3376
- C:\Users\Admin\Music\4.240.30.1002_e4v\HD-GLCheck.exe
  "C:\Users\Admin\Music\4.240.30.1002_e4v\HD-GLCheck.exe" 1 2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:4344
- C:\Users\Admin\Music\4.240.30.1002_e4v\HD-GLCheck.exe
  "C:\Users\Admin\Music\4.240.30.1002_e4v\HD-GLCheck.exe" 4 1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1072
- C:\Users\Admin\Music\4.240.30.1002_e4v\HD-CheckCpu.exe
  "C:\Users\Admin\Music\4.240.30.1002_e4v\HD-CheckCpu.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1108
- C:\Users\Admin\Music\4.240.30.1002_e4v\HD-GLCheck.exe
  "C:\Users\Admin\Music\4.240.30.1002_e4v\HD-GLCheck.exe" 1 1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2068
- C:\Users\Admin\Music\4.240.30.1002_e4v\HD-GLCheck.exe
  "C:\Users\Admin\Music\4.240.30.1002_e4v\HD-GLCheck.exe" 4 1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:3888
- C:\Users\Admin\Music\4.240.30.1002_e4v\HD-GLCheck.exe
  "C:\Users\Admin\Music\4.240.30.1002_e4v\HD-GLCheck.exe" 1 2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:3520
- C:\Users\Admin\Music\4.240.30.1002_e4v\HD-GLCheck.exe
  "C:\Users\Admin\Music\4.240.30.1002_e4v\HD-GLCheck.exe" 4 2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:784
- C:\Users\Admin\Music\4.240.30.1002_e4v\7zr.exe
  "C:\Users\Admin\Music\4.240.30.1002_e4v\7zr.exe" x "C:\Users\Admin\Music\4.240.30.1002_e4v\PF.zip" -o"C:\Program Files\BlueStacks" -aoa
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4116
- C:\Users\Admin\Music\4.240.30.1002_e4v\HD-GLCheck.exe
  "C:\Users\Admin\Music\4.240.30.1002_e4v\\HD-GLCheck.exe" 2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:4520
- C:\Users\Admin\Music\4.240.30.1002_e4v\HD-GLCheck.exe
  "C:\Users\Admin\Music\4.240.30.1002_e4v\\HD-GLCheck.exe" 3
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2996
- C:\Users\Admin\Music\4.240.30.1002_e4v\HD-GLCheck.exe
  "C:\Users\Admin\Music\4.240.30.1002_e4v\\HD-GLCheck.exe" 1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2592
- C:\Users\Admin\Music\4.240.30.1002_e4v\7zr.exe
  "C:\Users\Admin\Music\4.240.30.1002_e4v\7zr.exe" x "C:\Users\Admin\Music\4.240.30.1002_e4v\PD.zip" -o"C:\ProgramData\BlueStacks" -aoa
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4760
- C:\Users\Admin\Music\4.240.30.1002_e4v\7zr.exe
  "C:\Users\Admin\Music\4.240.30.1002_e4v\7zr.exe" x "C:\Users\Admin\Music\4.240.30.1002_e4v\CefData.zip" -o"C:\ProgramData\BlueStacks\CefData" -aoa
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3796
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"
  2⤵
  - Modifies Windows Firewall
  PID:296
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks\HD-Player.exe" enable=yes
  2⤵
  - Modifies Windows Firewall
  PID:4408
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2861/ User=\"Everyone"
  2⤵
  PID:492
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2862/ User=\"Everyone"
  2⤵
  PID:3624
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2863/ User=\"Everyone"
  2⤵
  PID:4080
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2864/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4228
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2865/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4652
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2866/ User=\"Everyone"
  2⤵
  PID:3492
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2867/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4240
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2868/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4600
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2869/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2920
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2870/ User=\"Everyone"
  2⤵
  PID:2924
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2871/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1500
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2872/ User=\"Everyone"
  2⤵
  PID:2252
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2873/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3520
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2874/ User=\"Everyone"
  2⤵
  PID:424
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2875/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2172
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2876/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3436
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2877/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4196
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2878/ User=\"Everyone"
  2⤵
  PID:3244
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2879/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4248
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2880/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4276
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2881/ User=\"Everyone"
  2⤵
  PID:4280
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2882/ User=\"Everyone"
  2⤵
  PID:2556
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2883/ User=\"Everyone"
  2⤵
  PID:784
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2884/ User=\"Everyone"
  2⤵
  PID:1264
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2885/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3376
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2886/ User=\"Everyone"
  2⤵
  PID:4912
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2887/ User=\"Everyone"
  2⤵
  PID:3632
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2888/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1072
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2889/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4860
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2890/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4732
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2891/ User=\"Everyone"
  2⤵
  PID:3636
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2892/ User=\"Everyone"
  2⤵
  PID:3504
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2893/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:812
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2894/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1428
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2895/ User=\"Everyone"
  2⤵
  PID:780
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2896/ User=\"Everyone"
  2⤵
  PID:384
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2897/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2040
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2898/ User=\"Everyone"
  2⤵
  PID:1524
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2899/ User=\"Everyone"
  2⤵
  PID:192
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2900/ User=\"Everyone"
  2⤵
  PID:3360
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2901/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3896
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2902/ User=\"Everyone"
  2⤵
  PID:1112
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2903/ User=\"Everyone"
  2⤵
  PID:3876
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2904/ User=\"Everyone"
  2⤵
  PID:672
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2905/ User=\"Everyone"
  2⤵
  PID:2168
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2906/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1840
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2907/ User=\"Everyone"
  2⤵
  PID:2980
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2908/ User=\"Everyone"
  2⤵
  PID:3068
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2909/ User=\"Everyone"
  2⤵
  PID:4720
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2910/ User=\"Everyone"
  2⤵
  PID:2996
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2911/ User=\"Everyone"
  2⤵
  PID:3140
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2912/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4672
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2913/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1656
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2914/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4916
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2915/ User=\"Everyone"
  2⤵
  PID:1380
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2916/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:5000
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2917/ User=\"Everyone"
  2⤵
  PID:3624
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2918/ User=\"Everyone"
  2⤵
  PID:2936
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2919/ User=\"Everyone"
  2⤵
  PID:2328
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2920/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4484
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2921/ User=\"Everyone"
  2⤵
  PID:1284
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2922/ User=\"Everyone"
  2⤵
  PID:3828
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2923/ User=\"Everyone"
  2⤵
  PID:1020
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2924/ User=\"Everyone"
  2⤵
  PID:1880
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2925/ User=\"Everyone"
  2⤵
  PID:1432
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2926/ User=\"Everyone"
  2⤵
  PID:3780
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2927/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2280
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2928/ User=\"Everyone"
  2⤵
  PID:2588
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2929/ User=\"Everyone"
  2⤵
  PID:3572
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2930/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2956
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2931/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4044
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2932/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2596
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2933/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4928
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2934/ User=\"Everyone"
  2⤵
  PID:3372
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2935/ User=\"Everyone"
  2⤵
  PID:1756
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2936/ User=\"Everyone"
  2⤵
  PID:1840
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2937/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2212
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2938/ User=\"Everyone"
  2⤵
  PID:1068
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2939/ User=\"Everyone"
  2⤵
  PID:3140
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2940/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1016
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2941/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4400
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2942/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4916
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2943/ User=\"Everyone"
  2⤵
  PID:612
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2944/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4988
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2945/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4264
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2946/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:500
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2947/ User=\"Everyone"
  2⤵
  PID:4732
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2948/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4288
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2949/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4004
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2950/ User=\"Everyone"
  2⤵
  PID:4568
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2951/ User=\"Everyone"
  2⤵
  PID:1464
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2952/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4308
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2953/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:760
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2954/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3844
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2955/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4720
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2956/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2252
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2957/ User=\"Everyone"
  2⤵
  PID:4656
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2958/ User=\"Everyone"
  2⤵
  PID:2956
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2959/ User=\"Everyone"
  2⤵
  PID:1472
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2960/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:672
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2961/ User=\"Everyone"
  2⤵
  PID:3536
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2962/ User=\"Everyone"
  2⤵
  PID:684
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2963/ User=\"Everyone"
  2⤵
  PID:3980
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2964/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4116
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2965/ User=\"Everyone"
  2⤵
  PID:332
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2966/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1264
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2967/ User=\"Everyone"
  2⤵
  PID:2500
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2968/ User=\"Everyone"
  2⤵
  PID:2044
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2969/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2176
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2970/ User=\"Everyone"
  2⤵
  PID:4984
- C:\Program Files\BlueStacks\HD-ComRegistrar.exe
  "C:\Program Files\BlueStacks\HD-ComRegistrar.exe" -unreg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4304
- C:\Program Files\BlueStacks\HD-ComRegistrar.exe
  "C:\Program Files\BlueStacks\HD-ComRegistrar.exe" -reg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:4904
- C:\Program Files\BlueStacks\HD-Quit.exe
  "C:\Program Files\BlueStacks\HD-Quit.exe"
  2⤵
  - Executes dropped EXE
  PID:2284

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:2472

C:\Program Files\BlueStacks\HD-Player.exe
"C:\Program Files\BlueStacks\HD-Player.exe" Android -h -sysPrep
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3300
- C:\Program Files\BlueStacks\HD-Agent.exe
  "C:\Program Files\BlueStacks\HD-Agent.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: AddClipboardFormatListener
  PID:4972
- C:\Program Files\BlueStacks\HD-LogCollector.exe
  "C:\Program Files\BlueStacks\HD-LogCollector.exe" -boot
  2⤵
  - Executes dropped EXE
  PID:3800

C:\Program Files\BlueStacks\BstkSVC.exe
"C:\Program Files\BlueStacks\BstkSVC.exe" -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1400

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
PID:2936

C:\Program Files\BlueStacks\Bluestacks.exe
"C:\Program Files\BlueStacks\Bluestacks.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:4672
- C:\Program Files\BlueStacks\HD-Player.exe
  "C:\Program Files\BlueStacks\HD-Player.exe" Android -h
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1964
- - C:\Program Files\BlueStacks\HD-Agent.exe
    "C:\Program Files\BlueStacks\HD-Agent.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: AddClipboardFormatListener
    PID:984
- - C:\Program Files\BlueStacks\HD-LogCollector.exe
    "C:\Program Files\BlueStacks\HD-LogCollector.exe" -boot
    3⤵
    - Executes dropped EXE
    PID:96
  - - C:\Windows\SYSTEM32\SystemInfo.exe
      "SystemInfo"
      4⤵
      Gathers system information
      PID:4132
  - - C:\Windows\SYSTEM32\reg.exe
      "reg.exe" EXPORT HKLM\System\CurrentControlSet\services\BlueStacksDrv "C:\Users\Admin\AppData\Local\Temp\Bst_Logs_j2lq4yhz.fae\RegBstkDrv.txt"
      4⤵
      PID:4148
  - - C:\Windows\SYSTEM32\nslookup.exe
      "nslookup" www.google.com
      4⤵
      PID:4896
  - - C:\Windows\SYSTEM32\netstat.exe
      "netstat" -aon
      4⤵
      Gathers network information
      PID:2436
  - - C:\Windows\SYSTEM32\net.exe
      "net" statistics workstation
      4⤵
      PID:4000
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 statistics workstation
        5⤵
        
        PID:3040
  - - C:\Windows\SYSTEM32\ipconfig.exe
      "ipconfig" /all
      4⤵
      Gathers network information
      PID:1004
  - - C:\Program Files\BlueStacks\HD-Player.exe
      "C:\Program Files\BlueStacks\HD-Player.exe" Android -h
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1920
    - - C:\Program Files\BlueStacks\HD-Agent.exe
        
        "C:\Program Files\BlueStacks\HD-Agent.exe"
        5⤵
        Executes dropped EXE
        
        PID:1756
    - - C:\Program Files\BlueStacks\HD-LogCollector.exe
        
        "C:\Program Files\BlueStacks\HD-LogCollector.exe" -boot
        5⤵
        Executes dropped EXE
        
        PID:3568
  - - C:\Program Files\BlueStacks\HD-Adb.exe
      "C:\Program Files\BlueStacks\HD-Adb.exe" "connect" "127.0.0.1:5555"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:3376
    - - C:\Program Files\BlueStacks\HD-Adb.exe
        
        adb -P 5037 fork-server server --reply-fd 596
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:368
  - - C:\Program Files\BlueStacks\HD-Adb.exe
      "C:\Program Files\BlueStacks\HD-Adb.exe" "-s" "127.0.0.1:5555" "shell" "bugreport"
      4⤵
      Executes dropped EXE
      PID:2952
  - - C:\Program Files\BlueStacks\HD-Adb.exe
      "C:\Program Files\BlueStacks\HD-Adb.exe" kill-server
      4⤵
      Executes dropped EXE
      PID:3356
  - - C:\Program Files\BlueStacks\HD-Adb.exe
      "C:\Program Files\BlueStacks\HD-Adb.exe" start-server
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:4072
    - - C:\Program Files\BlueStacks\HD-Adb.exe
        
        adb -P 5037 fork-server server --reply-fd 576
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1164
  - - C:\Program Files\BlueStacks\HD-Adb.exe
      "C:\Program Files\BlueStacks\HD-Adb.exe" "connect" "127.0.0.1:5555"
      4⤵
      Executes dropped EXE
      PID:4996
  - - C:\Program Files\BlueStacks\HD-Adb.exe
      "C:\Program Files\BlueStacks\HD-Adb.exe" "-s" "127.0.0.1:5555" "shell" "dumpstate"
      4⤵
      Executes dropped EXE
      PID:1112
  - - C:\Program Files\BlueStacks\HD-Adb.exe
      "C:\Program Files\BlueStacks\HD-Adb.exe" "-s" "127.0.0.1:5555" "pull" "/data/downloads/.config_user.db" "C:\Users\Admin\AppData\Local\Temp\Bst_Logs_j2lq4yhz.fae\.config_user.db"
      4⤵
      Executes dropped EXE
      PID:1964
  - - C:\Program Files\BlueStacks\HD-Adb.exe
      "C:\Program Files\BlueStacks\HD-Adb.exe" "-s" "127.0.0.1:5555" "pull" "/data/downloads/.config.db" "C:\Users\Admin\AppData\Local\Temp\Bst_Logs_j2lq4yhz.fae\.config.db"
      4⤵
      Executes dropped EXE
      PID:780
  - - C:\Program Files\BlueStacks\HD-Adb.exe
      "C:\Program Files\BlueStacks\HD-Adb.exe" "-s" "127.0.0.1:5555" "pull" "/data/downloads/config.db" "C:\Users\Admin\AppData\Local\Temp\Bst_Logs_j2lq4yhz.fae\config.db"
      4⤵
      Executes dropped EXE
      PID:4896
  - - C:\Windows\SYSTEM32\reg.exe
      "reg.exe" EXPORT HKLM\Software\BlueStacks "C:\Users\Admin\AppData\Local\Temp\Bst_Logs_j2lq4yhz.fae\RegHKLM.txt"
      4⤵
      PID:4928
  - - C:\Windows\SYSTEM32\cmd.exe
      "cmd" /c dir "C:\Program Files\BlueStacks\" /s
      4⤵
      PID:3284
  - - C:\Windows\SYSTEM32\cmd.exe
      "cmd" /c dir "C:\ProgramData\BlueStacks\Engine\" /s
      4⤵
      PID:4468
  - - C:\Program Files\BlueStacks\7zr.exe
      "C:\Program Files\BlueStacks\7zr.exe" a archive.zip -m0=LZMA:a=2 *
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1956
- C:\Program Files\BlueStacks\Bluestacks.exe
  "C:\Program Files\BlueStacks\Bluestacks.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --disable-smooth-scrolling --no-sandbox --service-pipe-token=786D576ECDEC956773F924DDC2B3DF4A --lang=en-US --lang=en-US --log-file="C:\Program Files\BlueStacks\debug.log" --log-severity=verbose --user-agent="Mozilla/5.0(Windows NT 6.2; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36Bluestacks/4.240.30.1002" --enable-system-flash --ppapi-flash-path="C:\ProgramData\BlueStacks\CefData\pepflashplayer.dll" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --service-request-channel-token=786D576ECDEC956773F924DDC2B3DF4A --renderer-client-id=2 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Program Files\BlueStacks\HD-Quit.exe
  "C:\Program Files\BlueStacks\HD-Quit.exe" -isFromClient
  2⤵
  - Executes dropped EXE
  PID:4784

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\BlueStacks\Assets\BlueStacks.ico

Filesize
15KB

MD5
8b35cb14c1e6e9701c464052a3b2fcb5

SHA1
b23de84603ca87b982127d22d7fc16828dfc4450

SHA256
037cc8300867561d0ea9a63389840217792699a76decc87f8b2d5d7ffa262ab5

SHA512
ca9992e4eee8a3a37686fcfef265a50f6ce2207ce271cea37ea275552d807f8606b6ccba351bf8c0f697b70b69315118022a9fcb407cd7ce70150f8c268cb652

Download Submit
C:\Program Files\BlueStacks\ProductLogo.png

Filesize
22KB

MD5
543b1e65a170d0b688bb197f8118bc5c

SHA1
3c9be7c2c277eeb359e35ad235fd4467c6e703b7

SHA256
f0a44f6b76febe27f3c5f86af3aad066453330f3bb203122e964730d5427b179

SHA512
6708861f601ed4810328a1d1c3f3c033683fa35b16d4b71e95553979a2825967a50b41491a8f535c2e150c9817ea431ecf1c28c8cf24fa78d1ea63043258fd63

Download Submit
C:\ProgramData\BlueStacks\CefData\Cache\Service Worker\CacheStorage\a7424657c282808a935654175d0054512e29e086\index.txt

Filesize
137B

MD5
57b0eaf847980becffab836fae2fe966

SHA1
90f8aaa17d7208a851bde19a3b3421d55749c6a5

SHA256
b0d525c6426eb112895b8e0b719f18007f073b51c2fabd5e883821a29d036438

SHA512
3d7a5c9dd687d6be2079b40ab22eade6cb1f61c92b0d92130296d5162005a4a6fb6f8b4e9936ffd8f39012edee6a9bfca50026f613ef9f87707263b3a01560dc

Download Submit
C:\ProgramData\BlueStacks\CefData\Cache\Service Worker\CacheStorage\a7424657c282808a935654175d0054512e29e086\index.txt.tmp

Filesize
132B

MD5
877c25c9c7433c831a66f0e8f7eeae20

SHA1
af992cbe3e29d1010a8d97e676626466d8c6d8c7

SHA256
3d9804f03b3b4242bff2d1683a6795c51a6439b66bb7ffa1da6c7dc65da0f608

SHA512
2f1d865de58f13a63b5e482bb36a783a98c8dd980909eb4a810eca931c65c684680be698116854004812a34886fee2c4cf140bc547958056466051086e37891c

Download Submit
C:\ProgramData\BlueStacks\CefData\Cache\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\ProgramData\BlueStacks\CefData\Cache\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\ProgramData\BlueStacks\CefData\locales\bg.pak.info

Filesize
378KB

MD5
86abbe39a0ffe4e221c459d98a409765

SHA1
7ffa8bea41bb8c7b8f958681ec097556320d5482

SHA256
81aca701fd815152b02b60d814f5df72db4a70f43475b8bc97aa1af5851f4652

SHA512
66b6a6f8e7f7d857a353244d372b684886830e902cf81678dfd2b8977f1007af0596e94d27e27c930309cf12b14cf1f1af0f292e7da305c58a44f9dde0e5aab0

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\State_canvas_active.png

Filesize
4KB

MD5
f2737f2d7642219398a511e00f2823a8

SHA1
890feadb31915381fe8c959011a4fad8842e0bbf

SHA256
d9e4c1b2d4d0fda42ca2eca37351a84ad5dc4e22e405644c5e8865b96db43ad0

SHA512
6710261ad2b704de2fe9fcd0a2a569639b180dbd90a7838c40d5d9f1b94adf114f98ccadcc80841a16dcd3b3412bef7e353111c5a1ca20df38c8a03ed87c52ef

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\bgpcheckbox_hover.png

Filesize
176B

MD5
86852b8d52fcab9b23e5ecd2345cb28b

SHA1
902805a9080bf9a2dff8ea69d228ca8216853407

SHA256
c0f7f6b9b95a5463258916afd1337e2ca49a8c69a20e843c629db8065a00e68b

SHA512
476a90a0714701702ccc59ac0b1555d7a75f7665e6067422fcf389195f625ca5b308627059c0dbb786565a773ce643737923456b176a5e77f210173248d19585

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\checked_gray_hover.png

Filesize
412B

MD5
ea22933e94c7ab813b639627f2b38286

SHA1
c5358c5cb7fb1a0744c775f8148c2376928fb509

SHA256
d7c79677d2ef897fa0ad1efc90e916c46da29f571208f78f24505603b7165c20

SHA512
ba447a1aedec49419e2b4a8de85c6047886f1a5ebb94f1c45e205a3780c6826f412a3892e97115b35e43839f43e346f3c72ffbf0c57d57f6d26b360ae61b3964

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\close_red_click.png

Filesize
15KB

MD5
6db7460b73a6641c7621d0a6203a0a90

SHA1
d39b488b96f3e5b5fe93ee3eecb6d28bb5b03cf3

SHA256
d5a7e6fc5e92e0b29a4f65625030447f3379b4e3ac4bed051a0646a7932ce0cd

SHA512
a0e6911853f51d73605e8f1a61442391fad25ff7b50a3f84d140d510fd98e262c971f130fb8a237a63704b8162c24b8440a5f235f51a5c343389f64e67c1c852

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\close_red_hover.png

Filesize
15KB

MD5
5ceab43aa527bc146f9453a1586ddf03

SHA1
88ffb3cadccb54d4be3aabf31cf4d64210b5f553

SHA256
7c625ae4668cc03e37e4ffc478b87eace06b49b77e71e3209f431c23d98acdd0

SHA512
8a5c81c048fb7d02b246ed23a098ae5f95cdf6f4ca58fd3d30e4fe3001c933444310ca6391096cfaeed86b13f568236f84df4ea9a3d205c0677e31025616f19e

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\close_themedisabled.png

Filesize
447B

MD5
b09525b48c0023f893d6b64d06add4b1

SHA1
10ecd439ea04e02eefe17f6c110d0c0a78a1db21

SHA256
caa2a8fe9b282939a21b86f8f61fb0c9452222cc3409f06cbb0dcc45613aca8e

SHA512
c6f5a7014c24133eb576708ca17d15becf2b45ec278b3f94e5275e47c78cf0f2eb8bb1a17d277d1a665039f38f2e25faf830e275f426b0a94c6a3da096b6204f

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\collapse_hover.png

Filesize
362B

MD5
68c072e8aabe82847a71e16e67f385c7

SHA1
807cbda180a12fe8bca35121f0de5caa0f3478c5

SHA256
b03e51a5c7efd136df2abb5d3951cbd6b23d94fffc49c6b874d26d92b33bda3f

SHA512
c28b324636524b2759b60224cd47f8048cc0d34b5b0419154e13c328121209d2ff249b2f5f9a5c3a8259a90f814758a2e6923ad3a5382af91b2c993b2f46e71d

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\community_macro_hover.png

Filesize
878B

MD5
dd0e78fe679c83de3615d528e94c8349

SHA1
cba3ea57dff18be49b4e7a06877bbe7df4f9b526

SHA256
10251657ccbf320a64f1459df0958dde2b795d074dfdf56e163559691440267b

SHA512
e4fe351eacd447070eb6457f945aa330c56e7a04ded5b5ce2562827ef15d7cce6b566d0d64759c457089868e5a66ab0b68e18859d63d574efbe58a9de4979bec

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\delete_icon.png

Filesize
327B

MD5
401e09c16308cec53665b47cfec88d04

SHA1
9f74de57ba786221cbcd9219199c769754103ff2

SHA256
428007be308e2ede2e18d5533fd1e7dcef22956972c5a6a2061a816c3a9f24ea

SHA512
51a81aeb8f2a906ccb8a15cc6341d790d2dacf08ce078f14de2c30e931c1463a6b05bfe0fb86e1401188923f15c64cc5cac9b4c43b5fe382ef4f625ab5bec9f4

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\exit_close_hover.png

Filesize
447B

MD5
811b8372e36c83b5afa8881cfefe1693

SHA1
dd30b446490a9db7e9089816ba92560c4a76b12f

SHA256
5674b440c16fd138d6a5b9bee0adf1399bdea98e15c3fec32cb90b6be3487748

SHA512
f7d5cc6b97ddd98035ee023a2736b45e3de5e77f42f97132f9d4585d03203338c2f625f6016294a747ba3f98e6e2c2b79711b9b2c8851be0bb7db8479e6734a5

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\expand_hover.png

Filesize
408B

MD5
9a792a44d59738e73eb43cb8090da07a

SHA1
8e52d33293856d25ef412cd151b646f8dd4c3adb

SHA256
13c1f6191a0dc09ae3d664d6db525ad2b5c2fbe908b9ac6893fd4ec8a6d47ce7

SHA512
85bd62ba7044e438f678cb1a2d81e1d622c27e89a16a1c5bb90a5c51884b524bf1004245d6398178e375ea9d4db946f7de158b1ebcf6811a8d9989121bfb11c7

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\installer_bg_blurred.png

Filesize
470KB

MD5
a34ccd55fd7a97df85d6c623f9ef5946

SHA1
92f90b6a8a7c0f1fb9bd2d22750794b1ebfd6583

SHA256
0216a36a8570739072875aa7eb5eb18b025a331f80413b2f18198def86869ef3

SHA512
3584846c5ed14e5211072b72f7773bd5a43bbc1879d2df253373751de72caa474a0d699d884c24cff7abff9496b8dfb5f1c955fe6272d0a57f441ae364f64c07

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\installer_minimize_click.png

Filesize
112B

MD5
08fc39a69fa17e0f529915919cea1633

SHA1
2966a3f739698e2ce368585fb7f6ac4eae4497b1

SHA256
2599d6a55a8e12b1f05a6e8982d55559151a25ae3690e6637510b6283622dd95

SHA512
f5eae902f9b631410b03b6d4f9be1b4cf6547a94f1a2eee6bf70b0f3036499c01a42c9d58cf98ffbe10edbe79577a01e64faf0e527a70bc9470a1c3d9263b805

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\installer_minimize_hover.png

Filesize
112B

MD5
18fb6465b029206477d0222e8da6fdf9

SHA1
b7f91e5e3002a5d3c84a30ca6cebe1a89a65ba7b

SHA256
57aae4bf49dcbb0ad6cff6263200015c89d7752dc75c2ad918bf846e1ce9646d

SHA512
f045dfed35ea9ff31336cd354a0dd2e9a7ac2582cea1d25a444fffa3bd01e03d73611f786873a81a27a370e5ddb3a6043713e29f064d274088df1c925eb6785f

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\macro_delete_hover.png

Filesize
332B

MD5
c6baed75b85d538498c0c5b6a8b6ccb3

SHA1
a8bda4785bd9bfe0f19fe3123af93b0ebebbfe97

SHA256
f1e184b859ed98e24bc88afc22dd34056f227b5e4bb89d020243f4d0b89c0f1c

SHA512
7cc2685903e1366201771c46a0459a4f041be6a986928f7147ec351541d53d4881da2ebc81459095f9412e2ce7abbd2c39259d7894c448396ad6d86fab735593

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\new_hover.png

Filesize
231B

MD5
b6a41a0a4749aa39a636799b4ef6fd80

SHA1
5a12435c76d064dabed61c8e637f794f1ff7e3e9

SHA256
9810a9b84034e55ce699fd199bbd5ac7577f6f00c6d31e75587827f6d4ef1f3a

SHA512
d7679841679488c4e9fbd2bf19f5b221eed876f8af3dda5b4dec2cd380a6fc06f9b4327287dde536002d1cf0e8edfff1137c382b6dd0ea1f75989bd0b3902a72

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\play_title_bar.png

Filesize
426B

MD5
8e5aa751addb481df985d4f825a7aa51

SHA1
56e0c64dc343c8d2c345be4db3eaadafbf90c5ac

SHA256
629f979db00cffa4db1e09b2e75ec28b493c534218759a6be0c0777239887540

SHA512
bb6b2609b3fd689e466e834a39675f77f248b3a67c011eaed58c28ff8d929c3e36bf264d728255fe0c01c735ec0d3707a99212d40a11b573558104a3d434f9e6

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\radio_unselected_hover.png

Filesize
480B

MD5
22efccf38e15df945962ac85ac3aa3b7

SHA1
b94a8615dc92982e1637680446896080f97c2564

SHA256
0ec39ed4bf89a341f1b5aea56d0e99ff5c923b9c3a6a81adeb9ff21764136f92

SHA512
41a4dbb57abed1a16aa84c72c202da461ca45cbaf68f69a10cb3e5529e8dff659e89f7f4459d1e2e8f3549c6fd51f23fc8422f86667577ebed5ab5df149c79ee

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\stop_recording.png

Filesize
255B

MD5
b04a33e0f839e242a8f19ff8c8b4739c

SHA1
b8eeec5ecaed1e0277df0f7c3cc20553fbeb50c0

SHA256
57a4ffdeaa6823c3d8f16faa5ec4730c28e3d9ff9c210f17acd23a6e8fd66198

SHA512
b4354506ad42583e49d57caaa75014f47e1ef25ec0c51ec6bd6f0a6cee3404f0f3ac9d850a1e123d8361df7417d9feb31bcb14a9dedfe84b4a97a81c8bca1e60

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\stop_title_bar_hover.png

Filesize
243B

MD5
358e8660f22df5d09f1e95783ed954fa

SHA1
bf648ef342afef644d0e1853f41765ce1a440ca8

SHA256
d2166287318755817648cf3bdbef4036034a7ffe6ae3233a59a39eb238ae0245

SHA512
e78905af44a5a418d11101d69df6a3602d261130f8b6b89c046fbeb52f3d1e2c3fc9140a4b8862708523cd48fa6c266e0bf3552ea1163b68dc08fd56750d5faf

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\suggested_icon_border_hover.png

Filesize
2KB

MD5
c0220fe8de167d5ed194508305051aa3

SHA1
e0da276affd90c1c8ada0ab3a77ee7510f41b9a8

SHA256
30672ccefed0369381ef3044e9e509515e95e336a1eddbcd8df41e6df1e75c1c

SHA512
504fcba3172b59217ba72d436c2a9acc280f9f983b3c6025d02fb7d6822e14f7b4f51968450eac8a55c7ae7aba4cca32d328883f3a40278d54b9227b41d4ff40

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\sync_titlebar_icon.png

Filesize
858B

MD5
489a3e37a23b36c1342a0225820295a3

SHA1
c0df77a0cfb9591ff73e126abba422f1279434ad

SHA256
102058b5560d0b1d3d7628ad89b5fbfa07905b8e1cbda142ca674482ff44eaa9

SHA512
479dc1b7f48c263708d33c31b068ae6f78cb7a15cf98a03f936b23a4efabb7e2c21a26c538bf7b4253c936b6e265c0c0381d8ae8a9348a800c34ce1224a95a92

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\unchecked_gray_hover.png

Filesize
176B

MD5
62d7f14c26608f8392537d68f43dece1

SHA1
add4f30e7c3af4f7622e6bc55d960db612f3bb0a

SHA256
a631e26bd5b6ea19c8c65b766a056c92ba8a47e1483768dcf12b05293c9a7a0d

SHA512
e41210a78e6076954f75a2f73c0f7628e8604a09ecbb1d2ee0972741d4ef1d814b366828977c02944736b03ed116bc559a2ae47ddb7cbc6f4e54578c8263edf4

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\volume_switch_on_max.png

Filesize
1KB

MD5
7079ce677003a2609651623ffc395a3a

SHA1
a8c172ec2d96eab53f6375839d14ee9a6b9c5d13

SHA256
ca51bda8932f92a18e16fb8034f1caa5b45c8170f44cc221fccb4d53a93263c7

SHA512
95d52c1050a201f103b1d57d6a6f01b6d7fe70042d9d07cd38b5241c841e17ea883feffa5ae166331aafd14f9ff42ae4bc610edebd152aa2eeffa2480450e8fc

Download Submit
C:\ProgramData\BlueStacks\Client\Assets\zoom_canvas.png

Filesize
25KB

MD5
422ea917894608edd7e04e4b1c48e1cc

SHA1
8b11143856348fde0b0944083040881463e8b1e9

SHA256
a3de7fc3bb3120c169ce97258a5e1088e169b6d039e5de69f1dfae1a278987a5

SHA512
bd5fd40315b321f2ae2fe4782b1155e75d7ae38d2497e72798a1a18873dcc00c6e6741e74ade787bbce967aaf7b0e8a42821cb124980dfc2fdba99eb08aa39b3

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\Announcements\390145147_ScheduledPing.Exe

Filesize
2.0MB

MD5
7ee5d5f4c8c16cbc3b850941106d9633

SHA1
9cb356cac3f4658fa6df9895f2a113e3dc5803e6

SHA256
4c067a4fd783d289f7bd529e0d417945fac6d0ab01f1c145b369aa726d40624f

SHA512
a69cf7e8764603e362a3fdec8939c4aeb3aa414a7c2f5847bcadc76bc1841480969244978b85d5d19d8a17d02c34500ae7d7ee23ae2e43008c1b7e08e4b7b6a7

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\Gadget\requirements.json

Filesize
4B

MD5
fdaf133263369980df600fd06ce738ec

SHA1
a0b6262ba8cbcec6ff4deaf819c552474b6f8f2f

SHA256
5cada29124805d8e0454dc5b67225bbf87075cffd53418e9c56f674708220e2c

SHA512
890f0df02a824ef9c2cb3c7f9e63ce74846524d8a6c6ad0c6e17237fae087548fc40cde6c54dcd1e4b780c0f05930a6c0ef042b8036f076a0983bf5259fb6056

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\UserFiles\com.dts.freefireth.cfg

Filesize
124KB

MD5
92928074725f0dda4c341039a3c68eef

SHA1
011b41607e1a5b597280cd23cc47ca5966e3fcdd

SHA256
ae5208214c28ec858599decf291f1a900fb64c4b7c2fd629befa41e013e5a236

SHA512
7704c95c5c4136c12b48fbf4a98c55a750739c7200025bc4aa802fca365b2b33023ca0491f31099a37a081189de4f82244f560ebf9c9ba118cef88a055b07f19

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.activision.callofduty.shooter_mac17.cfg

Filesize
149KB

MD5
8e1cd90f17d34ceffe4b0b4941237bfd

SHA1
71f69bc6e738cd4bc6ec41e87cc3ffd62da07be8

SHA256
6bb105757981bbacfa4531cd6b90c2900179b62c97efb454b542a8e056e9de04

SHA512
266942a4798d5fea8c3d0205526b6cd82ba65c7e7debe86fd10708709b8dbaf375c052a9cc8c684c132992c08bb2b613a91748510fe6cf81b64e25dff885220e

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.diandian.legendofhonoursea.cfg

Filesize
9KB

MD5
0365cd98317714840d151f56faf1045e

SHA1
8b2155ffa97a4c6c04b46837a18bb4b316bbe101

SHA256
56458df258a83b9fd44d516b9d5a89c841c76177eec4f5605b1862cba4265314

SHA512
4ef9db16541550c35fcfae53f591c36e7c601420f70185d1d23aa5e6460391d7df88197ff684b4ca593fb6cfed24cb5a9ad8faef5eb53963b9fb95dc9ce37a98

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.dts.freefireth_bgp23000.cfg

Filesize
126KB

MD5
e0fe01632fffecafc7ed1a2aae2984ba

SHA1
11d5581dc0b645c4cf74827d7840beb5fb42bed4

SHA256
8a7dd8616679ea8537665336a2774800edf7a3ebdb1d0e6d2e5e9d694cf29e20

SHA512
569fd35b5d9d73dc4d8f58b012cdc8681bbf9bcf0b2e275acdbd88abdf12127c6411ddacaf1d933a58bdb88b66b8930f876d1654d8a095a7d9b6d0a670dc0c66

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.ea.gp.simsmobile.cfg

Filesize
2KB

MD5
390c619d4e0d624360c253556d9b10a9

SHA1
da0d73147fe03f7618785115520318663f25ef93

SHA256
6aad8ed62ca50c98bd95f67dbe20f1797f9a3a6f70e2c3c85d01723cd1a10da4

SHA512
5c84dd8610a901a2c45e026ebc3457368ce279d647123f8cb986090f168306958e2e56f51fa6f1e89678c9b6e07c52a4f2113a101eb578e288d73d099a69e3fc

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.garena.game.kgtw.cfg

Filesize
32KB

MD5
91f47bf05da9e03f616e7164988019bb

SHA1
81ccbb739123f4a0984d8968989036efe27e1739

SHA256
7a8bd825781732091842b27685ae6b68f954535ed9732c8c8624b1245edc24e3

SHA512
2a9894d90c5a13bf58d0189c0f0b5470a9ebc6d2108e0fbc5adcf1b79fda557f40f23ff43ea0bf4380a6dcc538018082cf5fd05fc2e62c64eeefdd813dbe81c3

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.gotgl.kr.cfg

Filesize
13KB

MD5
f654f7ffae08df01df13ca5a4414eda1

SHA1
f547a0d7c38c20304dc49f56972d042f86b0cfb4

SHA256
369f05b655da2ec8996a1556952b7b2ae0a5fbea8b8d47918a421dffc38a899e

SHA512
1f2e2d17b4857d0475b3d46c7d8cc57cbd84134eb86b1df07bcdd4e327dfef2d7643b833aadc5d4693fdb68e9373b3b9feac1e4b5b7c7d951a9f2e81239550a2

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.heroesofchaos.ggplay.koramgame.ru.cfg

Filesize
5KB

MD5
9be971cd126fc550b8d7b38364ea534d

SHA1
7acd277f59621cf84ff63097974d9c6a512b010e

SHA256
95083501e00735ee46c9b064637d3580bc72847bc23784bf1132c4a919756ec0

SHA512
411a1fef513a06b7c087496d1cb41b6f1a91760bc01d5527bcbe73676afe74fda370bdc24934893166ce8a38ef8caa88ef955b45492f9abd6c230a9ad7d7cd0c

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.igg.castleclash_fr.cfg

Filesize
2KB

MD5
9346c5858c1e1ce56cd918e9cc2831aa

SHA1
ecaa89358e7f8a8f21ab7bbe2cfeaffff564346b

SHA256
d417b9c7b8f304665c97f89a6a87f7a4624c9a3068ccc64065fdbeb7598d2ab8

SHA512
3e83f64522c5ea2ffde8de5a93fc9b0083bf69c99d39fee6020edf7b0939647566903ceb82fb33a665e25f7d40b1434b100cf876a3248baa82d55e2b8aba8d13

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.igg.castleclash_pt.cfg

Filesize
2KB

MD5
55597330ce6c2225b7cc1294158dc3ce

SHA1
f308a5ada00e3d62e713e1b872663842fa97e6f6

SHA256
a024e38ee01bd842a02a26b515c0f7f0a0495ffeddb8eba5b150a2e9e28f5917

SHA512
f903ad3d6b26536aba872397b554960913bc71432c46fd1814dd4c9f8d1a4602e50f02f096ef00b49fde0487a6cad6370e97f842adfa055f12d626e26723db2d

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.kingsgroup.ss.tw.cfg

Filesize
19KB

MD5
d3bdc03ee7ff0e190803de6b4794f7d5

SHA1
9a617125feaba7bac45147d42950ab66d8e98fd8

SHA256
803f12f21b05aeeacfa7a5a93efac394601be8c485b3f9bbdf3c56f946ad0ea0

SHA512
908364502e0ea9be44462918e7c1c4dbb5b6f4778abff8a56a6573582d5aa3300077a68bb37f8eba691b07b74cf0b862be6d5d9f99dda77dc0b39a09adb9531b

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.kingsgroup.ss.tw_250.cfg

Filesize
20KB

MD5
cf659a33f093f496b8e133bf5ab3decd

SHA1
9846b59dc27c82efd3caf6daacac7a9801f038ce

SHA256
cf799541b5eb688b48ae6e2fd36e08ea7fc6a0a28a44ccb106c05724c6fab885

SHA512
59eb1f0389b41f0788cc85a2be3c67a349e2835c84ed96110749e70f1fc8f26b4905647fe525507b6d260bdeaf1fed983b900699e4a06074a26f34d654e83bd5

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.lilithgame.hgame.gp.kr.cfg

Filesize
13KB

MD5
3933efda00c6f527523c1af1ef898bc6

SHA1
f3091bc3304832fcc66ef57aa2378c0449fad87f

SHA256
866116a61f91b3043b4269220d9691bad14172be402370d99851f1c92f25917b

SHA512
b7abb84ddfacd8d5ae78dede2f297ca7f824b59d9a8f1b0127c4398af5c6171a002eeb5b55fe4a2476c7260e54bbab2cb47016a9771d2b380bf1397ca3dcbf7a

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.lilithgames.rok.gp.jp.cfg

Filesize
17KB

MD5
defdd1db24cf07646e2683679da30a73

SHA1
e13525247adea8979ae0b97d74415b1a2a12fdbd

SHA256
4d38875de42daaaf9f42719a2cce7116a448843954a36d665834b26fc07103c8

SHA512
7629236618faa614969f5adc87c30217fb26e8d463b377c75d3c06dd9c4a836df3b22e632d2fdd1a857a5b8273b841b8507535785a15b968828eef261d53f66c

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.lilithgames.rok.gpkr_220.cfg

Filesize
16KB

MD5
57fb5e8f84b056f90dd51d515b1a7a31

SHA1
3d56dc63e0bd0dd791ddf7196414774ec7ee4cfd

SHA256
8a6f69fab3e97c8a83d9723ed2298c383ff34aa2f2367f82c97d7cfac4f242cb

SHA512
ad1bafe66b569aba38e551316a60f043a1087dbd4de06e58471337e958c22c6f1b1ce19318f917162b6b4bd67f41f48f4415bf84741488cb93c71246e29e3f31

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.lilithgames.rok.gpkr_230.cfg

Filesize
17KB

MD5
5673f49b223fcea9ac40f2ed8435dfe5

SHA1
584e8bbc013c26227fb9d72436a55c14d1dcd668

SHA256
46172f6acba1ace855c1b959335827ba043a376db3dacbb75cd90d0755805c73

SHA512
71fc348dc5d0415f90400c0bbe0833cb74d884201ad851cb73e9ebee57082ac678bf6bdd3a2bad6e40512ee8511a1b45712bac4c23bbb6e441ce01456fc8608b

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.lilithgames.rok.gpkr_250.cfg

Filesize
17KB

MD5
e807d0b95e398035ee798ee43a3fdcc4

SHA1
4d2a8164f88627c38644f056f0ddd50bee38f783

SHA256
de3260c15872345e89396732d8398fa5518515a591f010fdd98156e4d70a0ca2

SHA512
a10883899218e709eb42a750f999b0187e77062d256cb43866395a1681159e0091959067efbc52213cf6dc88415bbcd30e8bf2f09a0cdb895d1772b1e53afd12

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.miHoYo.bh3tw.cfg

Filesize
8KB

MD5
80464c1dc6cdbbd96b434fc98c6b3f79

SHA1
3180e61de5b6a4c0441d1a44f8e47625096165e7

SHA256
38b3e985ced7021182d65ea8b0f027924fe5cf1f1fa0fa648fdcaf1fee29b929

SHA512
612e8c11ea515dfa3ee5dd6eef7bd9fdbd29b082d23cbf9e5b2bf200f5b9cc21ae416e2d46091d1ace6e5cb4b29ea6ab99b1523a020255253127ae8342c18a1b

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.nexon.v4krteen.cfg

Filesize
17KB

MD5
97fad2699aab9a2f2c26bce53d6cbbfb

SHA1
4448e1c12df1a4dc905bac09f6b440df8f6e9efb

SHA256
a86f403ff56b8ff3f3593be3504090b18b475b6a33eedb9c8d117c40a0d8710f

SHA512
8a57bc6490bb269ecfb5e89cac6d95086dd5e69fd1eeef0a828c67af26c9a61f6cec17219526612c089f3169be94573b681988b725531ab6a94ab767f91b1b71

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.pwrd.pwmru.cfg

Filesize
16KB

MD5
1920200604b372fd4fd594f94a7ae849

SHA1
0ea4fc70c3ccc88a17ec1415daf9bd7637d5eedd

SHA256
586d48fdce171aa9ca55aa3b261d4bf4bc6b6d66a22d6d3e06dbca363c2d47f6

SHA512
457e925b961d4fb9b124c7aefeaf5e1d5243ae55e548524a9351ab42581351936aa9c45c90c7ac8572b70274a122fa2c72fff40861092815d70cd9d6745afae2

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.tencent.ig_210.cfg

Filesize
210KB

MD5
84602f3f691e0d94dce6fb9bf358660c

SHA1
2c86b18e59b2fddb7d7d87eb370ac5dedd776721

SHA256
49764b4d3ee8f00fa334450146a5ada50c564750fac3f9bdd0808594355c2495

SHA512
817c77d1f14d5fd82427f99184da5b025b8b3d154dd1b4178cdfba9646866084deeb0ef606973790d288cb975f273dd2db3c6d485e73e04a5e685c20f5eca8ff

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.tencent.tmgp.kr.codm_240.cfg

Filesize
179KB

MD5
9fc1e6272d596e13a5f8c38bb3386756

SHA1
cef8a8d3a49aa68aa8045e43ae6390c7c344e969

SHA256
c08ab9122c421f1dbe54bcb9a2750ebbc3f430e6c3dcd7f79862c2fd8df3cfcf

SHA512
02436e600098efc1439a77bbf752639bb234d858e6af3126ad5a33697dd33057988957bb7f25273e175ad907abc74853563a2e9a3d83b2533a45f6ffc44f992b

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.tencent.tmgp.ssksea.cfg

Filesize
11KB

MD5
6b158d56f8714987a8fcacc66f184d75

SHA1
4f9f0fadd1590978edd81b71748d62dc0745e253

SHA256
a0497961c46426106d8f027c7576029b018c6efc58effbc40866e56952a56be4

SHA512
e0f73a1481d19ab0c104a3408ef766ce66786d77c84eede4eb0d6b512fec3989156d2c5ccba2585a5f9228251e32f2f1e7892e29d8e10cc41da7bd9653357460

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.tinyco.familyguy.cfg

Filesize
2KB

MD5
4d35806934f0d246822e3efdb2cbb49d

SHA1
580b93f0c59fed4c166793d0f9166b26c9e31e12

SHA256
9e07436abb891b22fe6b05bed5f072eb540603111a29fa548df40ee40378fb5c

SHA512
7054d8729cb340de6bb212e573c13f12531fbe9f6e776841af3d7b36b7fb7c342fe953ef815918c9aa9b07bac614b688bd1d9e87a937026e0e56f60d44df8007

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.vng.pubgmobile.cfg

Filesize
68KB

MD5
5f991cd4e3e10f300a705ae3dfeaea3d

SHA1
02b39cdd57b7e984fda4b5e81e32c4542219abd8

SHA256
12f20a6d9fd993e332f776fbad981681799c8120d2b2f84c1aabfa7b0b520bd8

SHA512
a8d964c0643b6606b7867144bac71e3f2f8dae7bb98eafda81f5bc35d19c80b2b53606fa4c01a0294f14b5b1075e89d64a5354e645914a90bee38837b5a1559f

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.vng.snkallstarTH.cfg

Filesize
13KB

MD5
098616c87ae5ea3e240d7a4cfda1f99e

SHA1
eca8515180917c65906b7c8b3c4915b9cb0fd60f

SHA256
b0f2f07a118d3602bdb91fa5df065afd850429e6b2c4e5443da71d61544dd2ad

SHA512
a5bb13c9ba510f29115d7e9a0fc4f77fd4599fd257b6120ac9785afd896933dc48ac9399a5a1c8f664db24d664dc28c43831832a9dce8b3125a3010b5496bc3f

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\com.xlegend.aurakingdom2.jp.cfg

Filesize
10KB

MD5
8bc4f726298c29f4486ea829f5360bd9

SHA1
829ed57dac229c64287a42fc9720ebccb76a8672

SHA256
90600a509b9e128784a35b20f2fec1e40b934e849e8798a4ec528b89016eb6df

SHA512
be471dc31916d1842acdedbc47689786d3e4ea85ce50d3588b22563bb415468bb58d0f6dd2d5c56f5e1d6a5efcaa3f9afacfe496fc76e704a6099292b3054921

Download Submit
C:\ProgramData\BlueStacks\Engine\UserData\InputMapper\jp.gree.onepunch.g.cfg

Filesize
7KB

MD5
3d1d171c680fea93faaf8ef980da7732

SHA1
519b3d8f703da1de57638b843ec4c356bb2ec975

SHA256
5ca0d49ec73cfe928291092c3f0b21174e0ec7bfc66ceead945c6580a8d6ef90

SHA512
a681bcaef934cce9b0b3f7d72aa2ee7a040b431c95fab72363a55dd1becabe77f37bf655ca1ae26c0df65cb96600b9fc436d45560542aa7ed1ef2f0c03f3286f

Download Submit
C:\ProgramData\BlueStacks\Locales\ProblemCategories\ReportProblemCategories.Json

Filesize
4KB

MD5
9e1141a44519e9359739464310857bf8

SHA1
abb797ee7b512c77741978330292287d9c0d92e4

SHA256
42d8b6964164aa0e53cd0d5b7c59541bfca32b04f54b3a3cb07d9080eb60bf0f

SHA512
caced755aee6096103a067648ab069d517769bf4e89634cb0c96f00d264af786dc1e236f09652cb161c62c48df5fc30504025d0dddde709a05c87497dbc0daa2

Download Submit
C:\ProgramData\BlueStacks\Logs\Installer_4.240.30.1002.log

Filesize
116KB

MD5
88a70ad3aabfd8ea3d4f61b2c1b7843c

SHA1
ee0326b3811525771cb211dfdd5805c51834cb40

SHA256
017b0ae9874e107a48c38058e0a311859e07eb4ef7c52efa202e359b67e03389

SHA512
c3d18c035ea6fced8a9dc899a148463bec47c27b15680a96d3cb0f289898c9a0ec70d8b2aabc6a78b459f5107a5e5d66ff39ee3b87dfbfbe10c278dc807c47ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
f30dcc82719965ffef05b7d80bce5dca

SHA1
99232c650c8242fc1320eb1f1e3524fce21be54c

SHA256
d2d5a783a42c41f9e2b70694ddcec855258affd573f1560ea9ddc384678a5353

SHA512
f1b0085b722f0f57a91326dd2da4a95e5f213e9439a4905fa078b42b622d1ddc39502020b8cf09ebd05e89f4621280888a3c311f76c5e062cac8a5dd294762eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
76314b900ce1bf951e86e3137697f6c2

SHA1
ee43d843425f4e6246ad557843169c4a174f9411

SHA256
af3fb5298f9f14ad9aa7358ad002e1521ba2ace6892303338a3faf0dc85231b9

SHA512
f0c61b400e1f18663818ec2172f1432f6708354e3598290943741ead09719679f7fc40f67299b507eb31d110c9acf0941bc6ad1df3041f0f8ccf7a1a15a9a6b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
bdb7c9e0beec496765325cd14a8a4e0f

SHA1
a6c3302249279a900b7309c123962d05d0ae73be

SHA256
ab90589a2780ea14f3f2c2e933262b1561d0939214985338240561347dec3b4c

SHA512
dd4a6edb50e69cc970979e97ca04e498fa82a8fbbd549a6824e1ce6821a0695fc5e4606a54ab3ddb2c1312c675ee7a700bfaf575b8c19500a54a58e2aa5a9d24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
712bf6a909aa7bffe657bfecc8e36c2b

SHA1
ca3f86df6aa712b106daf3f123d08d36a15f2861

SHA256
acca8121c095a1bf61fc488f8f50be8a358e140f2c20a0898fc7efa6a61895e4

SHA512
5a566e21a7346730f2e016711c387b6670accb14ac79e49d72302f308e2831397288b4692759b4dd7fba66c7e82b9ae5b80f7bcfb0af0603195c2ac27fee6723

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5c23b5fe55722634a09129db7822da5a

SHA1
afe907320092479eaec2ff0e3bb1f0d4ce379193

SHA256
61bbecbd324446df12ca577ff5f32ca76a0f7c4cd9135fb62221798983cb6ba7

SHA512
3ce709162849b5167cb0c0b3a7f4a27e990ea23eee0884e924ef721394d40433fcb7652e106d9ef0e9063859eed52589dd101ed178e9ff6a7e9871b1344aad3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
467a5b3c1ae00d1fc50a99252ab5ebf8

SHA1
e733d02dd87a1bbe57442927eddd41fce8509039

SHA256
e1ecb645af346723c00547d5b4030b038f28da8e14c24d4583e19b6c7bb5af98

SHA512
f15b341388e99f977aab51a267e29568ba981ed99614d45bbc07b2b554efab6a72f5d51be5acfcb91a4242dacaf2b6c5d6622d5e5276e58ffc57d44419cdd4dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
27d138434dbebc9dbcb36fc1ffbbff96

SHA1
101b417bd541ef94d8a5bcfa837ff683abc6c36c

SHA256
5d007b7787be9003700f55394d628fc584bcede5588ac87ca1dcb7a8b2cc6510

SHA512
92547e2df1d1c5a23a9917ab0b5b52f9a89c63afb148adeea6ee47ae196ac87d45bce7391c7eb9e67aeb504f0d952746b203aec8fc7513dacf605896c1d1eac3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f97bfd9948b73444903b1b2414ca9c89

SHA1
5c5be6daa596c26c7b7528935b66a044a1a7c9a1

SHA256
32b96b7223070e9eadb63a5c67d871c4e9322fd6bf346385ecf6b06c3daf2a32

SHA512
018e1c6fc3e94396c5aa953c4fdecb325ebca42c129676152c57580ea4058a86ea29b2d10cd40919ece76053a2aa58974a0ea14a9ece63f5f2027963d9c2c590

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
53c9e6f143b00e0e0a2c557df1401c0d

SHA1
f6b6bc9c2861561f0bc2eba6f656dd17d870edb2

SHA256
398b33709edd88cb2164b21957a3d43672d61a8e1c2bd8eb3f8e28fa7ef6d579

SHA512
1b6be21ca013ac8e4e25832cf52fba9d58382b88d582c7ac5c60c1b42c63d445a4c930bebc850c9cef2797801c465f67acff4d6164ce213424661604b7b21384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
df2caa35c981ffce3af9715186db08c4

SHA1
346c122607dfa3871b2b6c53edd36172a8fe393f

SHA256
dde01516e16618906c5c64c529ae190a3aa884ad7e36d7fdc567841349604c07

SHA512
4a15dfa499fad0f1a63b9115ead60b59449d95d8d89f7f59147501018d76f73ce9cd8d170e705b5ffca1483f259f19013791c244bd83af7360b79cd5fb187353

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
8ca672142d307d686d198969eaf376d1

SHA1
da46ed4a61320c80700b046f67281593ce628b17

SHA256
b987708f2290b6ebbb82af955d1f3d0c903169e3e9c845d84c0e68d316b9d0d2

SHA512
53f0c2ba6c60115a01bf29a6ce2400318b599bf1409f6af8e464def50a7302519c23d0e001ccafbd4c410065e57560c994ca2de9ba4e5b2237d998e1f021a7de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
a0e64e0fd234d7e4f27bcb99181cfc2f

SHA1
519050bbcbc8457b7be33e73980570fe2efe421d

SHA256
bdaac3ab205ed677f202b8e681b45d190562532faf68d2a707d6c9f9976c6816

SHA512
09e9b2811ef10fb3833bd395b14fdee22ff4804e329fd712b74725edca552651b0f15883e860df5fa70fc08277f10b6c7c91382b3470ea90284b34afe813acf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
ffa9fd3a29c56260bf0d161885b49270

SHA1
40bbad471647b0c4896eeab6f20873277453e4e8

SHA256
852b1582bca1457df6f7a3f0f0bf77ccaff9dee7d4d9631b0b958acd642b4b23

SHA512
1ed78a171f77ff61ca79b4398e3130e1545958061ffe1bd693438d8fa4f4363093aaf43e6bb5ed07548740d9a9d6e41aead9e5aa9d5820e57e691835407bc2e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
a1b6f90053aff82a6750b0197c25c75b

SHA1
f83ec3392620fc6165ea357e6879331bb75f6fb1

SHA256
d3b9b82bbe7a9eb07a5d4169e3a6f583502eac801b50507ef27a339b23ff5476

SHA512
237bf03700cf64d9db7d765839371652e540a48888324c429c59b675f095ea1d0514b3dc73f7c26a6a5c95228269fa59960449992e846b89b8f283a516239b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
b711861e637320a684a0766e996112bc

SHA1
55badeab4f5239892574961e629fe61a0b529f1f

SHA256
78cea8870434eb014b4a6cd6e32cdfdc9dfb0fe2b1783263b58adba6e9e0b02c

SHA512
8c50f9f23daee7a93af29a07d0a79341c27fbcd68fce7545b34a4b422760daa1acd70bee5c0dbff286a11dbe419d40c6485f56640156c62792f8d18a62be2dd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59aa11.TMP

Filesize
100KB

MD5
54858ca7157a4aa5b39e0e94f37db32b

SHA1
9196338d84dddf66d00ad52925a9ab9bb39c71f9

SHA256
7309e87fa89390fa608a8e17a5155e730aa2d91b35894ecde3ee85f511fb3176

SHA512
436e94631b193875cf4916ffab108460f9ae8c43815abc7c2af48d5592a888dec1eec178b644c406ba485e2be6e1ed247ed272cef0c2fed7c05778b7599537a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
af11be377c286662de358b23aa5a1136

SHA1
22997825d84dd8a99e4c7f879914dd08fed2e317

SHA256
442143a63e8f3dc4b46f7d1381af838ad501690c93ba0d1056c3ccdbc820b843

SHA512
ec0ae32a178b52971940c5cd2482c4629f1e75160cffa87cf79cf6cf2cec6afd1492f186149f1d068a0c115e879ccd6e1ce532634455eb693f4043bf4612274f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d501a237-78a7-459f-b5f6-018e87d62f07.tmp

Filesize
138KB

MD5
b4a95a0a46c55984207606a51a0663d7

SHA1
5d5d3f752a100133a988f7cd9633a152dbaca428

SHA256
05b3414b8f0c0b29b875591b93eefe79abe229d57c2ed57c4d5066fae54d4706

SHA512
46e7dce46e03e72259c3124faf800134197f6c52c9e51651f3e1d99583e2aff3379c7bfc0f346ba6889422ad7841850a4865a13a99fee64de468527de1504499

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BlueStacksInstaller.exe.log

Filesize
3KB

MD5
f322a65109cb5fbc99b4774a65f496af

SHA1
016fefd7d025bc6d7fe05358f28759a29c5e9aaf

SHA256
9f99cee5ab4fab62aa69da2c96f4517546bdae649e2016232ba2e2513fe4e17a

SHA512
dc20f37df9b19b74b91aef0b0d7a2efab5ee108f61c2c102f630b111865276609f2c6dace1bdf76a4d4f8ebd3844cee555bb1e13bbb868ec4c5b37a2cf338f1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\BlueStacks-Installer_2024-8-12_15-6-15.log_bst

Filesize
38KB

MD5
df2647a335b6c095df6ae844a1395306

SHA1
e2780812bb3ecf91051543ae4b9f778bf002af16

SHA256
f6241e4d1f0b0f2785b93f779e9dfe1f8ee3e7f47405b6b073fb40d12373ef8a

SHA512
5dff5554db98805fafa4ea451594223088ac7b6eeb87617d1d443d58264e6dee5d2230b90f96fab1e46bd41e5d3fd238c73e983fb120eced6d8ad7d7f7123c9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Bst_Guid_Backup

Filesize
36B

MD5
1d7bb6065a9d64b34158ef9e7dec63c7

SHA1
98e6bef652b31e637c445ed0f3d569f8ac1e8b70

SHA256
cfb06f4b3afa3a14e09e5f448dc025fa84dcbcfc6bfe9e6902453a580817e155

SHA512
4fa918d9ed0e289404729cacad43b1bff1ec01564d0160cf588a4573433dd7dae6bb735525d2342ad10390d9d7ff0f2f34ecd6e11fd8c346aecea39c1eea5430

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG2D24.tmp

Filesize
31KB

MD5
1a813dc7bd930fe4725cfbb6ba4a3cc4

SHA1
93b719a7f2b838e5a38feb72f8d7f2981fcc38b5

SHA256
581c85817fab20a2be776149c0d8ad557c88950450f05296c65f33f5aaba530c

SHA512
252dd4bac7b188b52dad3556ca598e6b5d6ed38ccf6dce156711aabf2dcd070492298d17eba626d2a2233e3da4391bf0c3d930dca71fceec2bd671f11288b3e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\REGF115.tmp

Filesize
2KB

MD5
c82c8e2e7edc2c2559c4b4947d6b2958

SHA1
c6babc0306ac15f5662839d9977235deee10be78

SHA256
1968c31518807c8077114cdcd9ca440a7b51984fb9d1381dbd602daa31f4f917

SHA512
6f5eeedcffcb259113f455078bdfa2353203efa681cef2d8d37f2eaf1c1fb46ea66085f7d5eba4839c66bc10cae56cd95228ebe9e54bfbd9aa0b38554577941a

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\7zr.exe

Filesize
722KB

MD5
43141e85e7c36e31b52b22ab94d5e574

SHA1
cfd7079a9b268d84b856dc668edbb9ab9ef35312

SHA256
ea308c76a2f927b160a143d94072b0dce232e04b751f0c6432a94e05164e716d

SHA512
9119ae7500aa5cccf26a0f18fd8454245347e3c01dabba56a93dbaaab86535e62b1357170758f3b3445b8359e7dd5d37737318a5d8a6047c499d32d5b64126fc

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\Assets\backicon.png

Filesize
15KB

MD5
7ff5dc8270b5fa7ef6c4a1420bd67a7f

SHA1
b224300372feaa97d882ca2552b227c0f2ef4e3e

SHA256
fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1

SHA512
f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\Assets\checked_gray.png

Filesize
2KB

MD5
9f074b5eed5e579cd2f8da23ce1a0390

SHA1
10a15003a85ea94e729c58b7d17a230daf069344

SHA256
098c6fc2f5fae6098299215e33f86654a211ccdd89bc697ff989691b84c7bb91

SHA512
a963d08104d981136d2c3ca11ee8f4343d4b26decd58a5f25d4da19d4690b283783ed63e2a409ed3d57d78383016b59a6785a34c5a789ba5db05a4b6697700e4

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\Assets\close_red.png

Filesize
15KB

MD5
93216b2f9d66d423b3e1311c0573332d

SHA1
5efaebec5f20f91f164f80d1e36f98c9ddaff805

SHA256
d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb

SHA512
922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\Assets\custom.png

Filesize
17KB

MD5
03b17f0b1c067826b0fcc6746cced2cb

SHA1
e07e4434e10df4d6c81b55fceb6eca2281362477

SHA256
fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b

SHA512
67c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\Assets\error_icon.png

Filesize
1KB

MD5
dab2c4538a83422b5deae0e0de9b7a30

SHA1
78c2ab2271aa4020df1e0289bc3c1ba9a43fd424

SHA256
666ad4fe456216ddc06618967846ed31f81d8db5be97da6531842c0667352b89

SHA512
24cb30a68ce117ba16edd1e94c7d066343eb265c874cd55467db2f913c01b9d776b2ad846e3414cd820c0ba10d93f132aea27739d16165b6e9dd5fbc8890bfdc

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\Assets\exit_close.png

Filesize
670B

MD5
26eb04b9e0105a7b121ea9c6601bbf2a

SHA1
efc08370d90c8173df8d8c4b122d2bb64c07ccd8

SHA256
7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

SHA512
9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\Assets\exit_close_hover.png

Filesize
575B

MD5
92c2bf222d6ab81fe7a0c072bf31c107

SHA1
8853eb08a2aa3e99fae6dabb9cff6461704f2a2e

SHA256
bcc053a9a087e077d58114106d29701a34f7851f4052f3157102811355d3e709

SHA512
6548d0038f4bda1db69de0729cc9648725d744953649a396b9147afb16abf018a5aef7ff7d3bb019031863f20c81bc202d6e37d171027ab9fde3b37402e179c7

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\Assets\installer_bg.png

Filesize
1007KB

MD5
064a1abdbf6c2aa9352620bc16cf2bc9

SHA1
338cbc0c011b0d3cc53745cb7d6da7cf209ce3a7

SHA256
cba3403a2c24529d2da717d0b3f31f5bfa5932f2c81e58377239dcfc326023ec

SHA512
6d8da564e0bb574b1ede3d937bcc1305e7eb9cb7a3fa25ee4a6c257bf72b8ff1ca1d77d1a304bf234ee4da5539b03c101706a57f8192efab8dcccefcc780ade7

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\Assets\installer_logo.png

Filesize
5KB

MD5
da9d74ff48f1af973fc5ab46fca8a7c9

SHA1
6a5caa94a8f4876896b8426c2a6456fea148c930

SHA256
9f46c6598f0d72b22cbc3ea16d9157113af3ec66feef8fe32a700e129622556e

SHA512
15f153d6b55eb6941605812c053c7d886a15257281250fb9fddab1ec8fe932fc9325e6e651f2ea01602ecfd901dfa91516d9f05056bbf399e7c0fd408b4e7a39

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\Assets\installer_minimize.png

Filesize
113B

MD5
38b539a1e4229738e5c196eedb4eb225

SHA1
f027b08dce77c47aaed75a28a2fce218ff8c936c

SHA256
a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2

SHA512
2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\Assets\minimize_progress.png

Filesize
212B

MD5
1504b80f2a6f2d3fefc305da54a2a6c2

SHA1
432a9d89ebc2f693836d3c2f0743ea5d2077848d

SHA256
2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

SHA512
675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\Assets\setpath.png

Filesize
15KB

MD5
b2e7f40179744c74fded932e829cb12a

SHA1
a0059ab8158a497d2cf583a292b13f87326ec3f0

SHA256
5bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b

SHA512
b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\Assets\unchecked_gray.png

Filesize
1KB

MD5
05817ab545de25e5afb10585e42342f5

SHA1
f852d8b3076942c41d0596f009babc7c9ebd1369

SHA256
26e0c21c7c26254e989e34af8a3e773ffa746a01142fadda6a5f634afea8dc23

SHA512
de1bc2a60840aca502b9d741cc7f382b283f40d65dadb375522200d4e6b6aceebd807d336f544a2385aac99de715ae239aa623ddf60e8fb43514ec7d65cc6bdf

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\BlueStacksInstaller.exe

Filesize
526KB

MD5
58acf7c11ecf7d7420a5ff05284264c0

SHA1
4c84b14c4d7601c5a9bd3f167b24f7c48ad2c4ba

SHA256
46da07ef0521a9acb196fb42121f85d122c3d0922217583b04de5d53ac2c1b82

SHA512
77d0c0f6dc988e9938268d7cf38a6b600b8a3204305c82f48a254eaa380bc350ff354bd8acb6a1d3f082b5bd8ef921dceabdbba444ef925143ce907ebd728447

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\BlueStacksInstaller.exe.config

Filesize
392B

MD5
ca0a329097316832e4a6ea5d870c9268

SHA1
4a36b93361d3dc9df9b00313f2c2b394be9e1e72

SHA256
4b7df915d706af6459c38d75b09c5e14f951842ae0678078400f204ad1c7a7c2

SHA512
51f9a874e84f130be4fa29fcc4bc934105318234b5dd9ceedaf569e3f0e6b38e29f3bec056044724476ae24295a510b16d8a737b994fd6f1268609defa315271

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\CommonInstallUtils.zip

Filesize
6.3MB

MD5
800e684fc615d0545dfd4823f700a395

SHA1
3d4601e4a226fa4b0fe094f78283b6265037044e

SHA256
67d74c1707a3f7086b84d38b375b2754c0245bcca6d3d11f23223dbee3c440e0

SHA512
0e0837f92331e1b1b99059d808380b477f5437d075127ec21361d151a46e4a483e8419ab9c0fd1ce821046e120844550b51c124b71ab243a64b04f52decc1d4d

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\HD-CheckCpu.exe

Filesize
133KB

MD5
fe2bd5b8dacbb0e6509ab71640979a12

SHA1
1ca2c7713c0dc75e0fb071d068e7f898a5c90085

SHA256
746aef1025c7cdf9eae0d9e55362d0230a8e877f0d6749ae39c53d730287eb36

SHA512
0cd4300a71af6489fa85ee4701d583cb73f1ffc41a850b4245b0c73a892000a754548c91e84c2cde01808c1913f4bfa0e7b2263da7af297163d11e7409d2a832

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\HD-Common.dll

Filesize
2.1MB

MD5
ae1f5dd09bc06ff9c7e8b77c429b8e46

SHA1
a1223eb49aa8066869ca48af9f867d996404d0ef

SHA256
620f27d877ac1b4f88589a0203d43e31a9a3c4c0fdb2fcf66f2f2bf6645c5d74

SHA512
1b790439b045f1c0145aa10eaa553a753c92178eeacff48d935c5ea3302d9350f92513a417e590ab5a8d976b54566bc783b1e0fc8bb28b15bcb13c7e1aa1e3ce

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\HD-ForceGPU.exe

Filesize
152KB

MD5
9adcad57be2aaf64ec94b836a80ee655

SHA1
056c0206cef3fc209d5431bb5a7e8adfaa4b49da

SHA256
4f163c738aedf878804c04fce6b52d7881453a6519486eb6d97f4c2c89e815b7

SHA512
d8515e7b17a80f2c1e22835c06ca7d73b371faa2b9c222a66ef7c3b705a755ff425e6b4e39d563d129acb1694990231d7c9ff9fde2b0d65823dcfba22c54abd3

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\HD-GLCheck.exe

Filesize
562KB

MD5
2f50e414e6b4920dfaf2bc79b6c022a3

SHA1
8151ab0457ef03bb82c295241e135469f950da3c

SHA256
55f31228dc2b20529f58851a02d2f24702bac5a0a952c3767a9fad5b7f223206

SHA512
ca8d745c167edf2155e87ff127d7e3d35467227e4cb86c4b3ba255c4c4bb22cb30c1a0936d5a8f162e2af239393de3e6323b668c3b6de94fffaf82a44f3314b9

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\HD-Handle.exe

Filesize
407KB

MD5
b2347b57ae73d52ee509d2037bf10f83

SHA1
7d3d45d2995e1520d7c93ebf5aef7c799e2800ca

SHA256
5d9c352b0544df6502da7d24d704765e63251adc9c19c0d293edd4450d5f6204

SHA512
adda7b69ba17bf85f06fb1cc665f2bb4aea0b6144875a505f07304d99f8cfd88549c152b60d8f81cf5e418651f1e8fb28af5638a4316da110fc6c6037d5cf53e

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\HD-Opengl-Native.dll

Filesize
2.3MB

MD5
bce7442eff13df9f89a5d4c2dff714a6

SHA1
812732dc6472c6c580b22525712fbd1de20cfecb

SHA256
a73492d008d444c1ae2a081b7e57361ba9ba878d5e19243fbdc66dde914fed8e

SHA512
4f193ca502c14124a039a83a213611cb48669412f92134b30817220f0796aa95c68e2b1f751a5497c03f26b8979d38726cc1dd72c8f662e11ff63f60f341b92b

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\Locales\i18n.en-US.txt

Filesize
114KB

MD5
5d54c2b742889fe07b2c511a5d4a7693

SHA1
9ae30e2b057d4c9edbd26688cf9fccf194de1afa

SHA256
f96ca4b320975c5f4b2c935f891cdce12c8b9411614f3db902023be0428f549c

SHA512
a14fb6a0f3f3a14198312ea2480b2ce5817161d1afa58a1386bf0cc97e6a5395b3731f0bf6c66ac2dbb844c97b7a364b339a06b08ad9d0385d9ce9f9d9bdc38a

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\Newtonsoft.Json.dll

Filesize
493KB

MD5
45d275e9dcde8cc471ea2e436d7a1b82

SHA1
289227b8642fc9b7cabc9b816b68dd9d687543d7

SHA256
e28a6d54805012e4af32816e3032a716c152da486917fb8d483b7c554df04919

SHA512
91d6e65a1b432df9dd4425f203d660e62ecd8668a152f411f4ae57bf935a86ce13d563647c3b7ce1b8991dd802ec358a351ace87535310ad6aa0e887ec1547c9

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\Oem.cfg

Filesize
816B

MD5
e28c53401ec95bc9b75f43ae0dcddf96

SHA1
cf11b03a25c5ce082f24f8832beca3994a501720

SHA256
8d5d794dcc24bf8535fded17a82b8dad7396c327fae176387b5f43a4db1d5988

SHA512
cd314ab721e57411ffcfdf0bf3678818a8590694a1be55e6dd7d0b5f6ec19908c7a034dc82f9a802d3e44a12af34ef8f8cbae68cc8b293d95a588bb92be7df31

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\ThemeFile

Filesize
82KB

MD5
9f02f36f10385fa28bdd5c4ffd533037

SHA1
be95879342af41dfa9f448ee8de561faaa613904

SHA256
2850e552e68c8288e5485aa5316f99535c61b4b94f40cac22d7a2e068502a25e

SHA512
94f9143268050664573d968fceba911ca48e255b25245f99cc6cab911b5a67084de275a6965b4e82153d419757bdc68158bb8603a4b437ebec85f15dada412c2

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\libEGL.dll

Filesize
402KB

MD5
948eb249b23a9487d15fab236e4a2805

SHA1
ab7db3e961f007b5b242ce01f8183e197c78a571

SHA256
78dbd96e1b2b105030fb50457c1d720d1373558428c980960b4e3b88105ed2af

SHA512
1510001a8c4e3875dff0b16a77028b35d9c3491c7b52046c0094253165266246d7531c538023a99d57999b41f228175423220acaed9fab1c1857b067c1577782

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\libEGL_translator.dll

Filesize
2.4MB

MD5
c3289d6f0016138e58e982989dd6d60f

SHA1
de0c8354237e6d128bbdf8e7b0b84418473a3e8e

SHA256
11d14abbd689119c80032c22fe153f034a35cc67873e48a5aebcd87b9594601b

SHA512
776e6e7260224823e4b39fb159ebfe58f556cf86d087a0b2cb126612723a01500a7645bb5ea025bbd453d2721e7b6d624b3001292fd0ee91dff96447393af3ba

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\libGLES_CM_translator.dll

Filesize
2.4MB

MD5
9f61abde3851625460f192c715ca9362

SHA1
1fd718ec23f071c2ce1d59e5469c93bb2e91e4a8

SHA256
9ec43fc1c4a7823fffc08d41526693f0bd1f50d8e3fa10786bdd78f1bca59e42

SHA512
f03322c34bfe81a84e6b3de8631ad0d1abee166fe7b05f9acb177cc9b2ed870d86f1d239915b9910d0366d17f42910886711920586c863fed4b2b5e8b119a54d

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\libGLES_V2_translator.dll

Filesize
4.0MB

MD5
1c57ee948fbea9677206ff10f801856b

SHA1
a9f4be5b764e0f65a527463ee6de7bad04c56946

SHA256
2e8365ee71934f471ee962c5c7c5d712025ef18fa42e1badb1f98acbc84b8197

SHA512
6511d3f2fb90d78357b8b6eeaa77b4effc4a81cb0e5edcd2de7f3aac3c82eb131357ff7db2b78a70690fe41f783b78545ff82ef4746a59ad215197dc9efcac70

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\libGLESv2.dll

Filesize
4.0MB

MD5
c9c69793844aeb22784321c3458b33dd

SHA1
8d900d6238c61b129db9288a71464c54295bff77

SHA256
7fe01a2b5c197c4604f37dcaef9cb5136b3a2e05cdec60ba06e3d664c58bf1c8

SHA512
35a3cf14c7c4942073b12e903709410fbb12cb65a160dabd1a14e1641b78c3ed144e5b2d159e2f73a9ef6820f16ba476540bc6689d16cd381f4c0b665d2c5e92

Download Submit
C:\Users\Admin\Music\4.240.30.1002_e4v\libOpenglRender.dll

Filesize
2.7MB

MD5
5c80d531721437cd4c5add3323e777cb

SHA1
3b0f7411424c98398b97cd228c1c772bbd9b69c3

SHA256
60feb5c3569b0b828240456bc2f730e5965c6e6d30c46d821598c06eae34c842

SHA512
c2732c20fc23f26044b64c569d9d4656b9252d1c50ebec806ed057a9dc386c4529a22e4aff38664f42e938295b7de796f8e27b4e3e494b8bffc422f8cfc6ca7a

Download Submit
\Users\Admin\Music\4.240.30.1002_e4v\d3dcompiler_47.dll

Filesize
4.0MB

MD5
898b3b792574a266c0f60a87244deac5

SHA1
af5f4d815d21f2272ce64a7b414086a6e7eb599a

SHA256
6bf1b5cd6cf5316493a2419ea7ecff44de39c71f226cb1b0dbe18e940f3bc988

SHA512
e1ae86e56a1e6f7d0b00d33667e01afea6b1a65013f9247a2a48ed118a31ed01ab1c51881c246378bcd58e6584143d7b81806783cef96c6251a23ca4049cecfb

Download Submit
memory/368-7139-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/780-7145-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/1112-7142-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/1164-7170-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/1304-406-0x0000000020600000-0x0000000020622000-memory.dmp

Filesize
136KB

Download
memory/1304-405-0x000000001F0D0000-0x000000001F0D8000-memory.dmp

Filesize
32KB

Download
memory/1304-404-0x0000000021450000-0x0000000021976000-memory.dmp

Filesize
5.1MB

Download
memory/1304-396-0x00000000200A0000-0x0000000020120000-memory.dmp

Filesize
512KB

Download
memory/1304-394-0x000000001F090000-0x000000001F0C8000-memory.dmp

Filesize
224KB

Download
memory/1304-393-0x000000001EBE0000-0x000000001EBE8000-memory.dmp

Filesize
32KB

Download
memory/1304-377-0x0000000000B20000-0x0000000000BA8000-memory.dmp

Filesize
544KB

Download
memory/1304-379-0x000000001BAD0000-0x000000001BCE2000-memory.dmp

Filesize
2.1MB

Download
memory/1920-7121-0x0000000067D80000-0x0000000067E8A000-memory.dmp

Filesize
1.0MB

Download
memory/1964-6841-0x0000000067D80000-0x0000000067E8A000-memory.dmp

Filesize
1.0MB

Download
memory/1964-7144-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/2284-6813-0x0000000000850000-0x00000000008AE000-memory.dmp

Filesize
376KB

Download
memory/2952-7136-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/3300-6786-0x000000001B750000-0x000000001B79C000-memory.dmp

Filesize
304KB

Download
memory/3300-6784-0x0000000000210000-0x00000000002B6000-memory.dmp

Filesize
664KB

Download
memory/3300-6788-0x00000000211F0000-0x0000000021270000-memory.dmp

Filesize
512KB

Download
memory/3300-6785-0x000000001B280000-0x000000001B29C000-memory.dmp

Filesize
112KB

Download
memory/3356-7138-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/3376-7125-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/3800-6791-0x00000000008F0000-0x0000000000966000-memory.dmp

Filesize
472KB

Download
memory/4072-7140-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/4304-6774-0x0000000000370000-0x000000000037A000-memory.dmp

Filesize
40KB

Download
memory/4672-6826-0x0000000021300000-0x0000000021312000-memory.dmp

Filesize
72KB

Download
memory/4672-6821-0x000000001C130000-0x000000001C1E6000-memory.dmp

Filesize
728KB

Download
memory/4672-6823-0x00000000203C0000-0x00000000203D6000-memory.dmp

Filesize
88KB

Download
memory/4672-6820-0x0000000000C00000-0x0000000000F7A000-memory.dmp

Filesize
3.5MB

Download
memory/4896-7146-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/4972-6787-0x0000000000320000-0x00000000003A2000-memory.dmp

Filesize
520KB

Download
memory/4996-7141-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download